[2.1.4] KDE Plasma 5 clipboard is not cleaned by KeepassXC

[Germano0]

Expected Behavior

KeepassXC should clean KDE Plasma clipboard (Klipper) 10 seconds after user copies a password

Current Behavior

KeepassXC does not clean KDE Plasma clipboard (Klipper) 10 seconds after user copies a password, so if you open Klipper you can read past copied passwords

Steps to Reproduce (for bugs)

1. Copy a password from KeepassXC
2. Wait 10 seconds
3. Open Klipper

Your Environment

• Qt 5.7.1
• libgcrypt 1.6.6
• Fedora 25 plasma-desktop-5.9.5

[phoerious]

It usually works for me. But generally, there isn't anything we can do. If a clipboard manager decides not to delete its contents, we can't force it to. Clipboard managers and password managers have always been a dangerous combination and probably always will be.

[Germano0]

@phoerious note that auto delete has always been a working feature on the old Keepassx + KDE Plasma

[phoerious]

No, it's a Klipper problem. I know it used to work for me too, but I just tested it with both KeePassXC and the old (Qt4) KeePassX and the behavior is the same. Klipper seems to have received a new option "Prevent empty clipboard" which prevents KeePasssX(C) completely from emptying the clipboard. If you turn that option off, we can clear the clipboard, but the password still stays within Klipper. I would suggest you open a bug report a http://bugs.kde.org.

[Germano0]

@phoerious https://bugs.kde.org/show_bug.cgi?id=381229 wall against wall

[phoerious]

We can't do anything about it. I disagree with the comment on bko, though. Yes, erasing the clipboard does not guarantee anything, but that doesn't mean that Klipper necessarily needs to maintain its full history anyway.

[zaraken]

Instead of emptying the clipboard you could overwrite it with something that isn't the password, or is that not a good idea?

[phoerious]

Wouldn't change anything. The new value would just be added to the list and the old one would remain. That's just how Klipper works.

[Germano0]

Klipper seems to have received a new option "Prevent empty clipboard" which prevents KeePasssX(C) completely from emptying the clipboard

Could you please provide source of this? I want to contact KDE developers again

[ddt-consult]

Just FYI: I'm using the current Plasma on Arch Linux and have "prevent empty clipboard" disabled in klipper.
There, KeePassXC 2.3.1 doesn't clean the clipboard while the old KeePassX 0.4.4 does.

[TheZ3ro]

Ping @phoerious, what about this? keepassx/keepassx#211

[douglasg14b]

This still continue to be an issue in Plasma 5.15.2 on Ubuntu 18.10 with KeePassXC 2.3.4 even with Prevent empty clipboard option disabled in Klipper...

Edit: Looks like the change was merged into 2.4.0 and is not available for 2.3.x

[ghost]

Still an issue in 2.4.3 with plasma.

[droidmonkey]

Depends on what plasma version you are running. The API to do this was introduced in a relatively recent version.

[ghost]

5.16.4, I'm on manjaro.

[droidmonkey]

@trialism we need a lot more context and information regarding your issue. Open a new issue with all of the information requested in the issue template.

[ghost]

@droidmonkey I played with klipper settings, disabled the ones relevant to history saving and now it works. It's probably an issue with klipper so I'm not sure if I should create a new issue here.

[droidmonkey]

Ok it could be

[EspinolaAbel]

I have the same issue but on Windows 10 with a clipboard manager called Ditto that stores my clipboard history. I been using Keepass2 for over a year and I was thinking to migrate to KeepassXC.

Unfortunetly KeepassXC fails in erasing the password from the clipboard manager. This feature works perfectly on Keepass2. I never could undertand how that magic works in Keepass2 but its not working on KeepassXC.

This happens in version 2.6.4 (portable). My Keepass2 version is 2.47.0 (portable)

[droidmonkey]

You can probably exclude keepassxc from the clipboard manager. Recommend using using built in windows 10 clipboard manager, we have explicitly excluded results from keepassxc for that.

[EspinolaAbel]

Thanks but still doesn't clean the clipboard. I've changed the portable version and installed the msi version and added the app to be ignored by ditto.
I'm running ditto on a remote desktop and keepassxc running on my local pc. So adding it to the ignore list have no results.
I think I will keep using Keeppass2 for now.

[droidmonkey]

So you are really pushing your local clipboard to the remote desktop? That's your real problem tbh.

[EspinolaAbel]

I know :)
My remote desktop is also my personal pc. Windows Remote Desktop shares the clipboard between pcs and is a very handy feature.
I don't know how Keepass2 does it but when I use it it doesn't stores my users or passwords on the ditto clipboard.
I'm very curious how this works and I will be investigating it.
It could be that ditto has a hardcoded rule somewhere that ignores clipboard events from known apps?

[droidmonkey]

Ditto has no idea about the application running on your local PC. It would be seeing clipboard data coming from the operating system. It could be that KeePass2 is using a special Windows API call that is recognized by the remote desktop software.

[7t1]

I have the same problem and maybe an idea to solve it for most clipboard tools in most environments in the future:

Would it be possible to add a configuration security option to "delete" the complete clipboard by filling it with a number of different dummy entries. E.g. lets say 42 dummy entries "Clipboard entry number nn inserted by KeyPassXC"). Each entry must alter, because my clipboard ignores duplicates (don't know if any clipboard does).