negative zero

Using Evolution with Qubes Split GPG

2022 July 16

[email] [privacy] [qubes] [tech] [tutorial]

I started using GNOME Evolution yesterday. Today, I wanted to figure out how to properly set up OpenPGP encryption with Evolution.

Normally, Evolution uses the user's GPG keyring. That would work, but Qubes OS has its own system called Split GPG which lets you store your keys in (offline) trusted VMs while also making them usable from less-trusted VMs. I wanted to do that.

1. Install Split GPG

You'll need the qubes-gpg-split-dom0 package installed in dom0 and the qubes-gpg-split package in the template(s) used for your AppVMs.

In dom0:

[user@dom0 ~]$ sudo qubes-dom0-update qubes-gpg-split-dom0

In Debian/Whonix TemplateVM:

user@debian-11-minimal:~$ sudo apt install qubes-gpg-split

In Fedora TemplateVM:

[user@fedora-35-minimal ~]$ sudo dnf install qubes-gpg-split

Power off your TemplateVM(s) and the VM where you run Evolution.

2. Set up the GPG domain

Create a new Qubes VM. Set Networking to (none) so it doesn't have access to the internet. (This is a security measure. Keeping your keys offline makes them much harder to exfiltrate.)

I named this VM school-gpg and will refer to it that way for the rest of the post. The VM where I'm using Evolution is called school.

By default, when you allow school to use school-gpg's keyring, it will have access for 5 minutes. You can change this value with the QUBES_GPG_AUTOACCEPT environment variable. For example,

[user@school-gpg ~]$ echo "export QUBES_GPG_AUTOACCEPT=60" >> ~/.profile

will reduce this to 1 minute. Set this as you wish.

(Setting it in your ~/.profile will only take effect after you log back in. You can source ~/.profile or just run the command itself to apply it now.)

Create your keys

I used the --full-gen-key and --expert options below because I wanted to manually specify elliptic curve cryptography, rather than RSA. At the time of writing, just using gpg --generate-key in Fedora 35 yielded the same result (ECC Curve25519). Debian 11 defaulted to RSA-3072 if I didn't specify.

In school-gpg, create your OpenPGP keys:

[usser@school-gpg ~]$ gpg --full-gen-key --expert
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
  (14) Existing key from card
Your selection? 9
Please select which elliptic curve you want:
   (1) Curve 25519
   (3) NIST P-256
   (4) NIST P-384
   (5) NIST P-521
   (6) Brainpool P-256
   (7) Brainpool P-384
   (8) Brainpool P-512
   (9) secp256k1
Your selection? 1
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 1y
Key expires at Sun Jul 16 00:00:00 2023 UTC
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: My Name
Email address: myemail@mydomain.tld
You selected this USER-ID:
    "My Name <myemail@mydomain.tld>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

At this point in the process, GPG will ask you to create a password to protect your keys. Do not password-protect your keys, as it will prevent Split GPG from working. Instead, leave the password field empty.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 6BA826669A2B43E2 marked as ultimately trusted
gpg: revocation certificate stored as '/home/user/.gnupg/openpgp-revocs.d/F92D0B
public and secret key created and signed.

pub   ed25519 2022-07-16 [SC] [expires: 2023-07-16]
uid                      My Name <myemail@mydomain.tld>
sub   cv25519 2022-07-16 [E] [expires: 2023-07-16]

3. Set up easy access

In school, set the QUBES_GPG_DOMAIN environment variable to specify that it should use school-gpg:

[user@school ~]$ echo "school-gpg" | sudo tee /rw/config/gpg-split-domain

In dom0, you can set the qrexec policy to allow access from school to school-gpg by default. (Note: This will still require a prompt to the user, but it removes the need for the user to type in the domain every time. See Advanced Configuration for security considerations.)

If you want to do this, in dom0, add this line to the top of /etc/qubes-rpc/policy/qubes.Gpg:

school  school-gpg  allow

4. Set Evolution to use Split GPG

Evolution supports using GPG. However, we don't want it to use gpg (on the same system); we want it to use qubes-gpg-client-wrapper, which will forward the request to school-gpg. We can accomplish this with the following command:

gsettings set org.gnome.evolution-data-server camel-gpg-binary '/usr/bin/qubes-gpg-client-wrapper'

(See this issue where someone described setting this.)

This setting should only need to be set once.

5. Using OpenPGP with Evolution

See the GNOME help page or the Fedora one.

In Evolution (in school), click EditPreferences. Under Mail Accounts, select your mail account and click Edit (on the right).

This should bring up the Account Editor. Select Security and enter your OpenPGP Key ID.

Security settings

Now, you should be able to use that key with that account. When you receive an email encrypted for you and signed with a key you've imported (see below), it should look like this:

received email, which has a valid signature and is encrypted

When you compose an email, you can select encryption options in the Options menu:

a compose window with an Options drop-down with PGP Sign and PGP Encrypt checked

If you're sending an encrypted email from Outlook, Microsoft may corrupt the message. I was able to easily recover in this circumstance using Thunderbird, but it could be an issue in some circumstances.

a warning in Thunderbird, which reads "This is an OpenPGP message that was apparently corrupted by MS-Exchange. If the message contents isn't [sic] shown as expected, you can try an automatic repair." There is a button which says Repair message.

the error message in Thunderbird when the message was corrupted

the repaired message, now showing as encrypted and signed with a trusted key

the message after being automatically repaired by Thunderbird (the subject was actually "Corrupted message")

Importing public keys

Obviously, you'll need to import people's public keys in order to encrypt messages for them. With this setup, we'll be importing them from school to the GPG keyring on school-gpg. We can use the qubes-gpg-import-key command for that:

[user@school ~]$ qubes-gpg-import-key <path to public key>