New user of pgp4win here.
Im not a fan of the clipboard so id rather not copy to the clipboard before encrypting.
That said, I saw that kleopatra has a notepad. Is this notepad secure? Can I type private keys and credit card numbers in it for example without worry?
Is the notepad data cached or copied on the computer or elsewhere?
Can I run Kleopatra offline and encrypt and decrypt without issues?
What kind of privacy expectations should I have for the notepad?
To understand the Problem you have to understand how Operating Systems work.
I try to explain it very simply.
- There are privilege levels (System / User / Elevated) in these Levels every Process has the same rights.
- If a malware runs with User privileges you have lost. Period. Because it can read / manipulate everything in all other User Processes.
- If a malware runs with System privileges you have super lost.
So if you do not trust your system, not using the Clipboard and typing your secrets wont help you. A malware can access both. Or do keylogging, screen capturing, you name it. Not trusting the clipboard is useless because if the clipboard is compromised everything else is also compromised.
For your other questions:
The Notepad data is only in memory.
Yes you can run Kleopatra offline. That is a very good way to be totally secure on Windows (You never know what Windows sends out to Microsoft et. al.)
Privacy expectations for the notpad are the same as for everything else you run as user. E.g. a simple Text editor / Your Browser (even TOR Browser) or so is comparable.
Thank you for the explanation. Seems I have some things to consider.