#2963 Copy entry encrypted with a password

[U. Windl]

When having to copy an entry from one KeePass 2 database to another one located on a different machine (both Windows, I was connected via RDP to the other machine)I found some problems (Using the German localization I'm guessing what the English phrases might be):
* First I realized that the context menu for an entry is quite different from the main menu's "Entry"
* When using Entry->Data Exchange->Copy Entry (Encrypted), the corresponding entry on the traget KeePass remains deactivated; if I use the "Unencrypted" variant, however, then I can paste the entry (but I guess the entry was in cleartext in the clipboard for some time)
* I notice that the pasted entry has a new UUID and creation time

This my proposals for enhancement:
1. Allow exchanging encrypted entries via the clipboard. Asking for some password to encrypt the entry before putting it into the clipboard could be one solution. If the pasting KeePass detects an encrypted entry, it would ask for a password to encrypt it
2. Make the context menu for an entry match the main menu's "Entry" submenu for a more consistent user interface
3. Why not allow for whole groups what is allowed for an entry, i.e.: copy and paste it?
4. When synchronizing, why not let restrict it to a single user or group? So if you have to share some secrets with other databases, this would make life easier. I could imagine a pull-down menu with "Whole database", "groups", "entries" with the first one being default. When the user selects the second entry, a list of groups to check-mark will be displayed; if the last entry is selected, the list of groups with the users underneath is displayed, and the user can select users by either clicking groups (all users of the group are pre-selected) or select users (only those will be selected). In the "group case" new users may be added on any side, while in the case of "users" no non-selected user will be added.
5. When synchronizing a "direction" would be nice ("sync to...", "sync from...", "sync both")

Sorry if these are multiple features, but I think they are related and could be handled in "one branch".

[Dominik Reichl]

The 'Copy Entry (Encrypted)' command encrypts the entry using DPAPI for the current user. So, you can paste the entry in all KeePass instances that the user is running (on the same machine). This is intended to prevent the entry from being leaked to other machines (virtual machines, remote desktops, etc.). If you want to transfer an entry via the clipboard to a different machine, you need to use the 'Copy Entry (Unencrypted)' command.

On your suggestions:

1. I could imagine adding this in the future.
2. The context menu should contain only the most important commands.
3. This feature already exists (main menu 'Group' → 'Data Exchange').
4. There already is a plugin for this: https://keepass.info/plugins.html#kpmssync
5. I'm not exactly sure what you mean here, but maybe it's the slave functionality of the plugin mentioned in 4. (if not, you could propose your idea to the plugin developer).

As only 1. remains, I'm renaming this ticket to 'Copy entry encrypted with a password'.

Thanks and best regards,
Dominik