Why there is no mention of qubes.GpgKeyImport in Split GPG documentation?

Hi, while I was following the documentation related to split GPG, I was not able to replicate importing public keys. dom0 was denying my attempt to use the command qubes-gpg-client-wrapper --import public-key.asc or qubes-gpg-import-key public-key.asc. I created by myself a policy file named /etc/qubes-rpc/policy/qubes.GpgKeyImport and added the work vault allow line to make import work. I would also like to mention that, there is no way to change this file from the GUI Qubes Global Config program, as you can only change the qubes.Gpg file via Split GPG section.

I couldn’t find any information about this, neither in forum, blogs or documentation and I am now wondering maybe it is something that is not secure, or maybe it creates another type of problems? But then, why is it in Split GPG documentation?

1 Like