Requirement for passphrase-less submission keys #284
Conversation
…otected submission keys and how to remove the passphrase
docs/admin/install/install.rst
Outdated
| In order to decrypt submissions, your SecureDrop Workstation will need a copy of the secret key from your SecureDrop instance's SVS. | ||
|
|
||
| .. note:: | ||
| The copy of your SecureDrop submission secret key `cannot be protected with a passphrase <https://www.qubes-os.org/doc/split-gpg/#current-limitations>`_. To export a copy that does not require a passphrase, see :doc:`/admin/reference/removing_gpg_passphrase`. |
There was a problem hiding this comment.
I think that doc is out-of-date, the limitation for us is not that it can't work with split-gpg, but with our provisioning script (also users would get prompted for said passphrase quite a bit). Could drop that, or replace it with a link to the securedrop server docs about provisioning the Submission Key that speak to passphrases.
There was a problem hiding this comment.
can i check my understanding real quick - the scenario in which a user would need to remove the passphrase from the submission key is when they decide to enter a passphrase here at steps 9 and 10? https://docs.securedrop.org/en/stable/admin/installation/generate_submission_key.html#create-the-key
and if so, should the language change in that doc too? from "it's okay to skip passphrase" to "do not enter a passphrase"?
There was a problem hiding this comment.
IMO the language there is OK - the next step also assumes it. But we could tweak it. I guess the tension there is that for the SVS it could work either way (and we have no visibility by default into how folks set them up), but for SDW it's now more of a requirement. Either way these docs would need to reflect the no-passphrase requirement.
| @@ -0,0 +1,27 @@ | |||
| Removing the Passphrase from a GPG Key | |||
There was a problem hiding this comment.
These instructions need better context - they should be performed on dom0 and in a temporary GPG homedir that gets nuked after they're complete. I had some notes in a recent related support issue if that helps.
|
|
||
| .. code-block:: sh | ||
|
|
||
| gpg --list-secret-keys --keyid-format=long |
There was a problem hiding this comment.
Would need updating with a --homedir, and in general (tho not for this command) probably a --pinentry=loopback for any command with a passphrase prompt.
|
|
||
| gpg --edit-key XXXX | ||
|
|
||
| GPG will display information about the key and a prompt. Type ``passwd`` into the prompt and press enter. You will be asked for the current passphrase, type it and press enter. When asked for the new passphrase, simply leave the prompt blank and press enter again. Depending on the version of GPG and your desktop environment, you may receive a warning. You can dismiss this and proceed anyway. |
There was a problem hiding this comment.
The new password will be prompted for twice, even if blank - the instructions should be Qubes- and dom0-specific, so you can speak to the particular errors/warnings you'd see there.
lilyannehall
changed the title
lilyannehall
changed the title
add a note and reference doc on the lack of support for passphrase protected submission keys and how to remove the passphrase - #95