Version: 1.0 (using KDE 4.4.4) OS: Linux There should be an option for KGpg to shred encrypted files after encryption. Reproducible: Always Steps to Reproduce: 1. Use KGpg to encrypt a file. 2. Look at the encrypted file. Actual Results: 1. The encrypted file is still present. Expected Results: 1. There should be an option to encrypt and shred the plain text. OS: Linux (x86_64) release 2.6.34.7-0.7-desktop Compiler: gcc
No, I'm certainly not going to do that. For the same reason I deleted the file shredder completely from KGpg some years ago. Here is what I wrote about that: http://der-dakon.net/blog/KDE/shredder.html The short version is: you need a) usually some sort of superuser permissions b) knowledge about the filesystem used This is in no way related to GPG. Of course I could offer such an option and just fill the file with zeroes (or some random data). Neither option would make a difference in terms of reliability. But at the end this will just work for some special setups. And it would give the user a wrong feeling of security that is absolutely not there. If you want to compose a file and be sure it never get's written to disk unencrypted then: -turn off swap -write it in an editor with no autosave (KGpg editor is fine) -save it encrypted -fill all the system RAM to make sure the unencrypted copy is removed from RAM Sorry, I wont do that. That would be a snake oil product and could actually destroy users trust in cryptography, GnuPG, KGpg, KDE or me if he finds out that this does not always work. Which he could easily.
It is unwise to delete a core utilities functionality from KDE because it is still there, only harder to access. Persuade core utilities that it is unwise to shred, and when GNU shred is gone so will be KDE shred. I am afraid you confuse practical security and forensic security. The purpose of GNU shred is not to protect the data from forensic investigation; the purpose is to protect it from accidental disclosure. And, since GNU shred is already there, there is no need to reimplement it in KDE. You can basically do whatever GNU shred does and pass the blame on GNU shred for any failure. The workaround you provide is reasonable; the problem is it is inaccessible from Dolphin, and the default action is to decrypt to a disk file, and Dolphin does not know how to shred files either. So I will be quite happy you make your workaround the default action for gpg files. I changed the wish summary accordingly and reopened.
You already can decrypt files only to the editor, I'm using this all day. kgpg -s pass.asc and you're done. The clicking action in dolphin is "decrypt that file", not "show that file decrypted" so that is what it does. And there is also a "View file decrypted" dolphin action that does exactly this. Are you still missing something?
The default action in Dolphin is actually "Open with KGpg", and that causes the file to be decrypted on disk. Though I was able to find and use the action "View decrypted", I would appreciate if that action were the default. BTW, the standard Preview action does not work with gpg files. It would be good for UX consistency to remove the "View decrypted" and hook that functionality under "Preview". Not sure if it would possible without creating a temporary file though.
*** This bug has been marked as a duplicate of bug 261107 ***