[redirecting to gnupg-devel, setting mail-followup-to: there] On Wed 2015-03-25 18:26:38 -0400, Robert J. Hansen wrote: >> My guess is that this is for added security. > > Correct. Werner Koch has said several times that he will not change the > code to permit C&P into the dialog box, as that would leave sensitive > data in your clipboard -- and the clipboard, by definition, can be read > by any application, including malware.
If the only concern is leaving sensitive data in the clipboard after use, maybe pinentry could *accept* pastes, but then also clear the clipboard after it was pasted into? I understand that this still "encourages" people to put their passphrases into the clipboard, but that seems to be happening anyway. What if, upon accepting a paste, pinentry was to expand the dialog a bit and show a warning that says something like: Pasted! Your clipboard has also been emptied, so that your passphrase isn't exposed to other applications. GnuPG recommends never copying your passphrase to the clipboard. --dkg _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net