You can encrypt or sign clipboard content, but there’s missing an option to simultaneously “encrypt and and sign” clipboard content. With the file operations you can either encrypt, sign, or do both simultaneously. With the clipboard, you can’t, with the current feature set for Kleopatra. Maybe the makers of GPG4Win will consider adding this feature to Kleopatra for the next release of GPG4Win, and if the problem lies in the lack of the feature in GPG2.exe, then maybe they will consider adding this feature to the core part of GPG4Win in the next version.
Yes there are some workarounds but it’s not perfect. You can sign it, then encrypt the whole thing (text and signature), or you can encrypt it and then sign the whole thing. If signing was done on top of encryption, then upon verifying the signature it states that it was signed and removes the signature. Then when moving onto the decryption phase, since the signature is now gone, it gives the error about it not being signed. If the whole thing was signed, and encryption was applied after, then when you go to decrypt it it gives you an an error about it not being signed, and only after decrypting it and in the next step verifying it, do you see that the gives a nice green indicator stating that it successfully verified the signature. Only if you could perform a simultaneous encryption and signing of clipboard content (as can already be done with files), would it immediately after decrypting it also at the same time properly indicate that it found and verified the signature.
Hi A J,
thanks for the suggestion and for describing how it feels for you.
I’Ve created an entry in the http://wiki.gnupg.org/Gpg4win/Wishlist
so the developers take a look at it at the next major development phase.
ps.: Flattr Gpg4win at https://flattr.com/thing/2053326,
if you appreciate this answer and my work within the Gpg4win Initiative.
What do you mean by “the next major development phase”? When will this development phase be?
Sorry to bump this, but I’d like to know when this feature will be added.
Hi Animedude Johnson,
Right now, implementation of the feature is not scheduled yet,
so there is not tentative time line.
It would make it much easier to use the program securely. If the only way to simultaneously encrypt and sign a message is to save it as a file first, then there’s an unencrypted copy on your harddrive, and that unencrypted copy even if deleted, will leave traces of its presence. Not only does it require special software to securely erase it (one or more passes of overwriting the data on the harddrive) but it also that will leave the name of the file in the FAT (file allocation table). There is no way to overwrite the FAT entry for the file, until the operating system decides to overwrite it with the name of a new file (though there’s no guaranty that the next write to the drive will do this, as it may use the next open slot after that, and only come back to that one after the drive is full). This can leave trace evidence that a file was at a certain location. And the operating system tends to lock the FAT, so that no 3rd party software (such as GPG4Win) can access it and write to it itself.
Therefore this feature of being able to encrypt and sign simultaneously a clipboard entry, is an extremely important feature, as no harddrive writes are required (thus completely removing harddrive evidence that a given piece of text ever existed). This is not a minor privacy concern, but a major one, and likewise importance rank of this feature should be moved to highest priority for the development team. If you are a member of the development team, please move this feature to top priority.
yes, I am a member of the development team.
I tend to not share your security assessment, though.
As for secure file deletion, you probably want to secure your operating system
for the security level you are aiming at. (Also see my today post in the wipe thread.)
There are many other problems you have, if you have an attacker on your system.
This board is specifically about the features of GPG4Win, which is of course intended to run on Windows. There may be other more secure operating systems, but none of them are Windows based. As I’m speaking about Kleopatra (which is the Windows GUI that makes GPG4Win unique from the original Linux GPG), one would expect that part of Kleopatra’s design is based on the fact that it is designed to run in Windows (which is not a seucre OS) and therefore Kleopatra would be programmed to be as secure as possible, and avoid using the harddrive whenever possible (making the clipboard the primary means of input and output from the program).