Created attachment 9659 The copyq script used. I'd like to have an option to copy content into the clipboard with a certain timeout, when reached will "securely" wipe out the copied content and the associated clipboard history entry with it. This is a pretty common practice with password managers: 1. You browse to gmail.com and type your e-mail address. 2. You open your password manager, type there your primary password, and click on the "gmail" entry account to get its password copied into the clipboard with a, say, 30s timeout. 3. You go back to your browser and type CTRL+V. 4. After 30s, the copied content gets wiped out and cleared from the history. To provide a tangible example, my password manager of choice is `pass` (https://www.passwordstore.org/) which also happens to have a pretty popular Go implementation too (https://www.gopass.pw/). Via `pass`, I can easily paste my gmail password into the clipboard: $ pass copy gmail The problem is that the copied password will stay there until some other content overrides it. Worse, it will be kept in your clipboard history. In an ideal world, one would rather have it wiped out in a matter of seconds. To work around the problem, I use `copyq` (https://hluk.github.io/CopyQ/) as my clipboard manager and configure `pass` to leverage it while copying content into the clipboard. Thanks to `copyq`s extensible scripting support, I use a script to inject the content into the clipboard with a certain timeout: `pass-extension-copyq` (https://github.com/vy/pass-extension-copyq). While this serves my purpose, 1) it is not secure (memory area is not wiped out) and 2) requires manual plumbing for something which I think should be shipped as a feature by the default clipboard governance. I am not certain whether this is an Xfce problem or a xclip one, or both. Nevertheless, I'd like to see it working in Xfce -- hence this bug report on Xfce board. If anybody would want to pick this up, in addition to being deeply appreciated, I can fund that brave soul too. (Please e-mail me for the details on bounty.)
To be honest I have no idea how to implement this and I haven't found any reference implementation in any other Linux DE. Do you know of any existing clipboard manager that can already do this?
I now understand the general situation a bit better. Keepass, Keepass XC and pass all have a function that clears the clipboard after a period of time (30s, 45s, etc.) so the simple approach would be to remove the latest item from the clipboard's history when clipman notices that the clipboard has just been cleared (a user cannot do this very easily or by accident, at least as far as I know). There is of course still an odd chance that the user copied another item to the clipboard before the timeout expired so the wrong item is removed from the history. To also take this problem into account we could try to also log a timestamp in the clipman history and make the timeout user configurable, so it can be synced with the password manager of the user's choice. This way we could ensure that - at least with a very high probability - the correct item is removed from the history.
No support for custom timeouts yet, but here's a first work-in-progress branch for brave testers :) https://git.xfce.org/users/ochosi/xfce4-clipman-plugin/log/?h=secure_copy
-- GitLab Migration Automatic Message -- This bug has been migrated to xfce.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.xfce.org/panel-plugins/xfce4-clipman-plugin/-/issues/25. Please create an account or use an existing account on one of our supported OAuth providers. If you want to fork to submit patches and merge requests please continue reading here: https://docs.xfce.org/contribute/dev/git/start#gitlab_forks_and_merge_requests Also feel free to reach out to us on the mailing list https://mail.xfce.org/mailman/listinfo/xfce4-dev