[Gpg4win-users-en] Copy-paste deactivated in Gpg4win 2.2.2
Andre Heinecke
aheinecke at intevation.de
Mon Sep 22 10:38:56 CEST 2014
Hi,
On Wednesday, September 17, 2014 04:27:23 PM PrivacyDefence wrote:
> Hi all
> Apparently copy-paste has been disabled in the latest version of
> Gpg4win. We have asked Enigmail about this and they believe it is an
> issue with Gpg4win.
Which pinentry program are you using? Copy and Paste is only enabled in
pinentry-qt4 (you can rename pinentry-qt4.exe in your installation folder to
pinentry.exe to make sure it is used if you have not configured it in your gpg-
agent.conf otherwise)
>
> Our post:
> https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/2014-Septem
> ber/002055.html
>
> Their reply:
> https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/2014-Septem
> ber/002056.html
>
> So is this a bug that will be fixed, or something done deliberately?
Kind of. As said above, pasting the passphrase is enabled in pinentry-qt4. The
problem is that internally we jump through some hoops to ensure that the
passphrase is stored in secure memory. If you just copy / paste it you defeat
that and make it extremly easy for other programs to grab the passphrase. .
E.g. if your clipboard contents are swapped to disk or if you hibernate it
will even be stored on the disk.
So we advise against copy&pasting your passphrase.
> I am hoping for an open debate about this, as I believe it lowers
> security while also causing frustration for the users.
>
> Please let me hear your thoughts.
As I have written above due to many requests to have the possibility to do
this. (And ultimately we can only set sane defaults / recommend stuff) We have
enabled copy&paste for pinentry-qt some time last year.
So it should work.
Best Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20140922/a3130bfd/attachment.sig>
More information about the Gpg4win-users-en
mailing list