Clipboard manager interaction

[Keruspe]

This is mostly a followup to #336

This is not something that can reasonably fixed in GPaste nor any other clipboard managers without an intervention on the other side too (or I'd be really curious how, as the clipboard specification for X doesn't have anything to handle that, and the one for wayland is practically inexistant).

I'm here to suggest two solutions, one is "generic", the other one is GPaste specific as GPaste has a special feature for handling correctly password (e.g not displaying them anywere and not saving them to disk, to keep it simple).

The first one: add a "target" as X call them when taking ownership of the semection, such as "x-special/clipboards-manager-ignore". Any clipboard manager can then ignore everything coming from keepassxc by just checking if that target is specified.

The second one: GPaste exposes a DBus interface (which can also be controlled from the cli tool). I think an example is clearer than an explaination:

gpaste-client add-password "GMail/Pro" "foobar" # also read from stdin, so echo foobar | gpaste-client add-password "GMail/Pro" works too
gpaste-client delete-password "GMail/Pro" # deletes the password wherever it is in the history

or using the DBus interface

gdbus call -e -d org.gnome.GPaste -o /org/gnome/GPaste -m org.gnome.GPaste1.AddPassword '"GMail/Pro"' '"foobar"' 
gdbus call -e -d org.gnome.GPaste -o /org/gnome/GPaste -m org.gnome.GPaste1.DeletePassword '"GMail/Pro"' 

There's also a C library that wraps all of this up.

[sts10]

Not sure if this is the right place to leave this comment but:

Observed behavior: Running KDE (Kubuntu 18.04.1), my clipboard is NOT cleared after set number of seconds after copying a password from KeePassXC. I am using the Snap installation (see debug info below).

Is there any setting, in KeePassXC or KDE / KDE's clipboard manager to allow KeePassXC to delete the clipboard contents? Any work-arounds? Happy to create a new issue, but this one seems connected.

Debug info

KeePassXC - Version 2.3.4
Revision: 2cc52a8
Distribution: Snap

Libraries:

• Qt 5.9.5
• libgcrypt 1.8.1

Operating system: Ubuntu Core 18
CPU architecture: x86_64
Kernel: linux 4.15.0-43-generic

Enabled extensions:

• Auto-Type
• Browser Integration
• Legacy Browser Integration (KeePassHTTP)
• SSH Agent
• YubiKey

[douglasg14b]

Just noticed that on Ubuntu 18.10 with KDE that my clipboard is also not being cleared. This is pretty problematic, considering any application of website that can access the clipboard can not access copied passwords.

I'm not sure if I am comfortable using KeePassXC after discovering that passwords just hang out in the clipboard...

Debug Info

KeePassXC - Version 2.3.4
Revision: 6fe821c

Libraries:

• Qt 5.11.1
• libgcrypt 1.8.3

Operating system: Ubuntu 18.10
CPU architecture: x86_64
Kernel: linux 4.18.0-15-generic

Enabled extensions:

• Auto-Type
• Browser Integration
• Legacy Browser Integration (KeePassHTTP)
• SSH Agent
• YubiKey

[douglasg14b]

Related:

• Prevent Klipper from storing secrets in clipboard history #1969
• [2.1.4] KDE Plasma 5 clipboard is not cleaned by KeepassXC #584

Klipper still holds passwords in it's history, and is not cleared. Despite their being a merged fix.

[droidmonkey]

The PR was merged into 2.4.0. You can try using the beta2 to see if Klipper is cleared properly. It was tested when merged so it should work.

[douglasg14b]

Gotcha. Is there any way to get 2.4.0 from the package manager or ppa?

Sidenote, isn't this one of the kinds of issues that backporting is for? Specially security vulnerabilities/issues?

[droidmonkey]

Sure but that ship has sailed by now.