[redirecting to gnupg-devel, setting mail-followup-to: there]
On Wed 2015-03-25 18:26:38 -0400, Robert J. Hansen wrote:
>> My guess is that this is for added security.
>
> Correct. Werner Koch has said several times that he will not change the
> code to permit C&P into the dialog box, as that would leave sensitive
> data in your clipboard -- and the clipboard, by definition, can be read
> by any application, including malware.
If the only concern is leaving sensitive data in the clipboard after
use, maybe pinentry could *accept* pastes, but then also clear the
clipboard after it was pasted into?
I understand that this still "encourages" people to put their
passphrases into the clipboard, but that seems to be happening anyway.
What if, upon accepting a paste, pinentry was to expand the dialog a bit
and show a warning that says something like:
Pasted! Your clipboard has also been emptied, so that your
passphrase isn't exposed to other applications. GnuPG recommends
never copying your passphrase to the clipboard.
--dkg
_______________________________________________
enigmail-users mailing list
[email protected]
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
