GPaste
GPaste copied to clipboard
Keruspe
KeepassXC clear clipboard
KeepassXC (also KeepassX) has an option to clear the clipboard after a certain amount of time when you copy from that application. It does work in Gnome with gpaste disabled, but not when it is enabled. In case it helps, the developers say that this feature works correctly with Klipper in KDE:
https://github.com/keepassxreboot/keepassxc/issues/336#issuecomment-281312860
I'm with version 3.22.1 in Fedora 25.
GPaste has special features for daeling with password.
Instead of relying on a tool to clear the clipboard, I'd suggest you use that.
By default, hitting <Ctrl><Alt>S will treat what's currently in the clipboard as a password, won't display it in any case (unless you paste it of course) and won't save it to disk in the history file.
Thanks, that's what I'm currently doing. I just thought it would be nice to have both options available, since I quite often forget to mark as a password or delete the entry.
The problem is that it's actually impossible to do that cleanly.
I could very easily treat a clipboard clear as "drop the most recent element in history" BUT there is no guarantee that the clear comes from the same peer.
Here is how clipboard works (at least on X11): for each clipboard event (when you actually copy something or clear the clipboard), an "owner-change" event is emitted. In the case of a copy, an "owner" is provided, which is the peer we should contact to get what's been copied. In the case of a clear, this owner is null.
That means that any software could nuke part or all of your history, just by clearing the clipboard multiple times.
The right workaround that could be done is adding a special "target" (those are like mime-types for clipboard events). We would then have stuff like "text/plain", ..., "cm/ignore" (cm standing for clipboard manager), or something like that to be defined. This way I could just skip the selections having this target and never put them in the history in the first place. This could be used by others tool and wouldn't be tight to GPaste.
Note though that the clear actualy works. the item is still in the history but you cannot paste it until you explicitely select it once more.
You're right, there is probably no good solution because, if the timeout is after 10 seconds, you can copy something else in the middle and probably it is this last think what is going to be deleted, not the password. The only safe solutions are either a quick 'mark as a password' after copying it or clearing the password from history by hand after using it.
For me, the clear doesn't work, even in the way you suggest. Maybe because the latest version hasn't made it to Fedora 25 yet. Let me see if it's in testing.
Note that GPaste has a nice trick specially for passwords as you can give them "names" like echo 'foobar' | gpaste-client add-password gmail/pro and later on gpaste-client delete-password gmail/pro no matter where it is in the history. See my patches for password-store: https://lists.zx2c4.com/pipermail/password-store/2014-October/001179.html
Those feature are fully exposed via DBus and via the C API so providing native optional support should be doable easily, as another solution
Hey, sorry about reviving this ancient issue :smile:
Since that KeepassXC issue linked above didn't go anywhere – could GPaste maybe use the feature that they added in this PR for Klipper instead? I.e. if the copied data has a MIME data field x-kde-passwordManagerHint with the value secret (not familiar with the terminology here), GPaste could automatically flag that entry as a password?
It's probably not as simple as I'm making it out to be, though :laughing:
Hi,
Any news on that issue ? Using <Ctrl><Alt>S is not a ideal solution
Hi @Keruspe, thank you for your efforts, GPaste is really appreciated ! I think @yelworc is right, managing the x-kde-passwordManagerHint: secret as MIME data field would be great.
