#1834 Wipe file feature

[Raistlin]

Sometimes we need to save file attached to KeePass entry to the disk. For example when we're going to restore the router's configuration. The big problem is to wipe this file after we have used it in the required way 'cause it may contain confidential data. It would be great if KeePass would offer such functionality.

[wellread1]

KeePass 2.25 introduced such a feature:

"When trying to open an entry attachment that the built-in editor/viewer cannot handle, KeePass now extracts the attachment to a (EFS-encrypted) temporary file and opens it using the default application associated with this file; afterwards the user can choose between importing/discarding changes and KeePass deletes the temporary file securely."

[Raistlin]

It's a different feature. First, we may need to open saved file not with default application, as in my example (cfg file that we should upload to the router through web interface). Second, it may be needed to attach the file to KeePass entry and to wipe it afterwards - for example if we want to export LastPass database to csv and to save it in KeePass database.

[Raistlin]

Besides that, there may be no NTFS partition to save EFS-encrypted file to.

[Paul]

KeePass deletes the file securely with or without EFS.
If you need to delete a file you've imported to KeePass and don't have a tool, I'd edit it and replace all the text with any character, then delete the file. A single overwrite is sufficient on modern hard disks, although SSDs may be different.

cheers, Paul

[Raistlin]

We're talking about serious security, aren't we? Overwrite is as much sufficient as deletion is. No to mention that the file to be wiped could be binary.

[Paul]

Serious security requires the correct tools. KeePass manages its own attachments, you should use one of the ones in my link to manage your files.

cheers, Paul

[Raistlin]

I do have such a tool (Far). But sometimes it is unavailable for some reason. I believe you agree that the need for additional tool is another weak link.
If the feature I suggested will be implemented there would be another feature to add: "Suggest wipe file after attach" option. Then we'll never forget to delete the file we've imported to KeePass if we were going to.

[wellread1]

An additional option on the open attachment button might provide additional flexibility that would improve your user experience:

• A "with Windows Explorer" or "with File Manager" option that opened the temporary file location in the System's File Manager would make it easier to select and use an arbitrary program with the opened file.

---

Have you tested the Open>External Application option?

As far as I can see it saves the attachment to an encrypted file in C:\Users\%USERNAME%\AppData\Local\Temp. Currently, if the user dismisses the external application, the file remains available until the the "Import or Discard changes" dialog is dismissed. I have successfully edited and re-imported a KeePass attached txt file using Notepad started from outside of KeePass. I don't see why you couldn't load a database attached .cfg file into a router using a similar procedure.

Besides that, there may be no NTFS partition to save EFS-encrypted file to.

KeePass is after all a Windows program. It may be a lot to expect KeePass to become a general purpose, OS/file system agnostic, secure external file management tool.

[Raistlin]

Have you tested the Open>External Application option?

No. Where can it be found?
Anyway, it can't help with files being imported to KeePass (my example with LastPass export file above).

KeePass is after all a Windows program

FAT32 is a Windows file system, too.

[wellread1]

Open an entry that has an attachment; select the Advanced tab; select the attachment, press the Open button; select External Application. Dismiss any application that opens or the "Windows can't open this file dialog", but leave open the KeePass dialog with the "Import" and "Discard changes" options.

Navigate to C:\Users\%USERNAME%\AppData\Local\Temp (paste this string into Windows Explorer address bar). Then look for a file folder with an arbitrary name (e.g. '8kIk6btxsVA') and a last modified date set to the current time. Open it. It should contain the file of interest.

When you are done using it. Press the KeePass "Discard changes" option. The file will be deleted. Note: If you dismiss the KeePass dialog, the file will not be deleted from the Temp folder.

[Raistlin]

press the Open button; select External Application

I tried to open csv file this way but it is being opened in KeePass Editor - can't see where to select External Application.
Anyway, even if it can be made work, it is what's called in Russian "through the ass way" :)

[wellread1]

can't see where to select External Application.

The feature is in KeePass 2.25. What version of KeePass are you using?

[Raistlin]

2.25

[wellread1]

Look carefully. Screenshot attached.

[Raistlin]

I'm not blind :)

[wellread1]

What OS and file system are you using?

[wellread1]

I am guessing here, but based on the KeePass 2.25 New Feature description the option may not be available on XP. We'll have to wait for the developer for confirmation.

"On Windows Vista and higher, the button in the entry editing dialog to open attachments is now a split button; the drop-down menu allows to choose between the built-in viewer, the built-in editor and an external application."

[Raistlin]

You're right, XP here.