I’m on a Qubes/Whonix installation. I have installed “OpenPGP Applet” in my Qubes Template VM. I then created an AppVM Based off of that Qubes Template VM, and have added the “OpenPGP Applet” to my Applications list. When I open OpenPGP applet, it opens just find. The problem is that when I want to sign/encrypt a message I do this…
Copy a plain text message to the clipboard / Click OpenPGP Applet Icon / Select “Sign/Encrypt clipboard with Public Keys” / Select the recipients in the window that pops up / Sign message as “MyNameHere” / Select the Ok button / then… problem starts here…
A popup window comes up entitled "Passphrase: Please enter the passphrase to unlock the OpenPGP secret Key: “MyNameHere”. Then at the bottom of the window is “Password” with a box to enter my password. Beneath that field is a checkbox that says “Save in password manager”.
The problem is, the passhrase window wont let me use any appVM’s or other windows while it is waiting for my password. The problem with that is I have my PGP password saved in KeepassXC being run on a different qube, but the Password popup box has locked control over my other apps and prevents me from using keepass XC to copy and paste my password into it’s password field.
The second problem, is that when I check the “Save in password manager” box, and then enter my password, it doesn’t automatically unlock and use my saved password to the debian password manager. I would like the “Save in password manager” box to actually work, and for my PGP passwords to be stored in there for automatic decryption/encryption without having to paste my PGP password from keepassXC.
How can I go about getting these two things to work?
You can copy the password text field from KeePassXC first, start OpenPGP Applet, then paste your password before the 10 second clipboard timeout. If you need the clipboard timeout duration to be longer, you can adjust it in Tools → Settings → Security, then change the default 10 sec value to your preference:
For your second problem, I suggest opening an issue in the GitLab software repository:
Note that the software itself, including the documentation, seem to be unmaintained (five years).
Your solution to my first problem doesn’t work because OpenPGP Applet reads my encrypted message from the clipboard and then decrypts. Therefore, by copying my password first from KeepassXC, it overwrites the encrypted message stored in my clipboard, and then OpenPGP Applet just ends up thinking it should decrypt my PGP password, which it cannot do, because a PGP Password is not encrypted in the first place. I need the PGP applet to somehow relinquish control of all my other windows so that my mouse clicks and right clicks will work on KeepassXC after OpenPGP Applet reads my encrypted message from the clipboard, while it’s waiting for a PGP password.
The solution to my second problem won’t work either, because this problem is not specific to the OpenPGP Applet. I have the same problem on Gajim when opening it up. Gajim always asks me to enter my XMPP password on startup, and there is a little box in the password window that says “Save password to system keyring?”. If i check that box, and attempt to save my password to the whonix system keyring, Gajim should automatically log me into my XMPP account the next time I start Gajim after reboot, right? Wrong, after restarting Gajim again, it once again asks me for a password, and has the “Save password to keyring?” checkbox again, as if my password never actually saved to the whonix system keyring before. This is the exact same problem happening with OpenPGP Applet, which tells me that somehow the systems keyring passwords aren’t being saved in the /home/user/* directory. Am I correct on that? Since I’m running these applications in an AppVM, and they are apparently saving my passwords somewhere in root, which which doesn’t persist across AppVM reboots, does that mean I need to enter my Gajim and OpenPGP Passwords in the corresponding TemplateVM for the whonix keychain to remember my passwords across AppVM reboots? How can I get my Whonix keyring passwords to stick and be persistent in the AppVM they are being run in? How else can I get applications to remember my whonix keyring passwords?