#1834 Wipe file feature

KeePass
open
nobody
None
5
2014-03-16
2014-03-16
Raistlin
No

Sometimes we need to save file attached to KeePass entry to the disk. For example when we're going to restore the router's configuration. The big problem is to wipe this file after we have used it in the required way 'cause it may contain confidential data. It would be great if KeePass would offer such functionality.

Discussion

1 2 > >> (Page 1 of 2)
  • wellread1
    wellread1
    2014-03-16

    KeePass 2.25 introduced such a feature:

    "When trying to open an entry attachment that the built-in editor/viewer cannot handle, KeePass now extracts the attachment to a (EFS-encrypted) temporary file and opens it using the default application associated with this file; afterwards the user can choose between importing/discarding changes and KeePass deletes the temporary file securely."

     
  • Raistlin
    Raistlin
    2014-03-16

    It's a different feature. First, we may need to open saved file not with default application, as in my example (cfg file that we should upload to the router through web interface). Second, it may be needed to attach the file to KeePass entry and to wipe it afterwards - for example if we want to export LastPass database to csv and to save it in KeePass database.

     
  • Raistlin
    Raistlin
    2014-03-16

    Besides that, there may be no NTFS partition to save EFS-encrypted file to.

     
  • Paul
    Paul
    2014-03-16

    KeePass deletes the file securely with or without EFS.
    If you need to delete a file you've imported to KeePass and don't have a tool, I'd edit it and replace all the text with any character, then delete the file. A single overwrite is sufficient on modern hard disks, although SSDs may be different.

    cheers, Paul

     
  • Raistlin
    Raistlin
    2014-03-16

    We're talking about serious security, aren't we? Overwrite is as much sufficient as deletion is. No to mention that the file to be wiped could be binary.

     
  • Paul
    Paul
    2014-03-16

    Serious security requires the correct tools. KeePass manages its own attachments, you should use one of the ones in my link to manage your files.

    cheers, Paul

     
  • Raistlin
    Raistlin
    2014-03-16

    I do have such a tool (Far). But sometimes it is unavailable for some reason. I believe you agree that the need for additional tool is another weak link.
    If the feature I suggested will be implemented there would be another feature to add: "Suggest wipe file after attach" option. Then we'll never forget to delete the file we've imported to KeePass if we were going to.

     
  • wellread1
    wellread1
    2014-03-16

    An additional option on the open attachment button might provide additional flexibility that would improve your user experience:

    • A "with Windows Explorer" or "with File Manager" option that opened the temporary file location in the System's File Manager would make it easier to select and use an arbitrary program with the opened file.

    Have you tested the Open>External Application option?

    As far as I can see it saves the attachment to an encrypted file in C:\Users\%USERNAME%\AppData\Local\Temp. Currently, if the user dismisses the external application, the file remains available until the the "Import or Discard changes" dialog is dismissed. I have successfully edited and re-imported a KeePass attached txt file using Notepad started from outside of KeePass. I don't see why you couldn't load a database attached .cfg file into a router using a similar procedure.

    Besides that, there may be no NTFS partition to save EFS-encrypted file to.

    KeePass is after all a Windows program. It may be a lot to expect KeePass to become a general purpose, OS/file system agnostic, secure external file management tool.

     
    • Raistlin
      Raistlin
      2014-03-16

      Have you tested the Open>External Application option?

      No. Where can it be found?
      Anyway, it can't help with files being imported to KeePass (my example with LastPass export file above).

      KeePass is after all a Windows program

      FAT32 is a Windows file system, too.

       
  • wellread1
    wellread1
    2014-03-16

    Open an entry that has an attachment; select the Advanced tab; select the attachment, press the Open button; select External Application. Dismiss any application that opens or the "Windows can't open this file dialog", but leave open the KeePass dialog with the "Import" and "Discard changes" options.

    Navigate to C:\Users\%USERNAME%\AppData\Local\Temp (paste this string into Windows Explorer address bar). Then look for a file folder with an arbitrary name (e.g. '8kIk6btxsVA') and a last modified date set to the current time. Open it. It should contain the file of interest.

    When you are done using it. Press the KeePass "Discard changes" option. The file will be deleted. Note: If you dismiss the KeePass dialog, the file will not be deleted from the Temp folder.

     
    Last edit: wellread1 2014-03-16
1 2 > >> (Page 1 of 2)