[Enigmail] Paste passphrase from clipboard into pinentry dialogbox
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Mar 28 19:57:12 CET 2015
[redirecting to gnupg-devel, setting mail-followup-to: there]
On Wed 2015-03-25 18:26:38 -0400, Robert J. Hansen wrote:
>> My guess is that this is for added security.
>
> Correct. Werner Koch has said several times that he will not change the
> code to permit C&P into the dialog box, as that would leave sensitive
> data in your clipboard -- and the clipboard, by definition, can be read
> by any application, including malware.
If the only concern is leaving sensitive data in the clipboard after
use, maybe pinentry could *accept* pastes, but then also clear the
clipboard after it was pasted into?
I understand that this still "encourages" people to put their
passphrases into the clipboard, but that seems to be happening anyway.
What if, upon accepting a paste, pinentry was to expand the dialog a bit
and show a warning that says something like:
Pasted! Your clipboard has also been emptied, so that your
passphrase isn't exposed to other applications. GnuPG recommends
never copying your passphrase to the clipboard.
--dkg
More information about the Gnupg-devel
mailing list