[Spice-devel] [virt-tools] Feature Request - Secure clipboard

gramps at ruggedinbox.com gramps at ruggedinbox.com
Mon Apr 27 14:10:02 PDT 2015 

On 2015-04-27 15:24, Alex Wauck wrote:
> On Sun, 26 Apr 2015 17:52:55 +0200
> gramps at ruggedinbox.com wrote:
> 
>> Requires 4 stages:
>> Ctrl-C (in the source VM)
>> Ctrl-Shift-C (tells Qubes: copy this VM buffer into global clipboard)
>> Ctrl-Shift-V (in the destination VM: tells Qubes: make global 
>> clipboard
>> available to this VM)
>> Ctrl-V (in the destination VM)
>> Ctrl-Shift-C/V cannot be injected by VMs (unspoofable key combo).
> 
> How does this interact with gnome-terminal and konsole?  They use 
> Ctrl-Shift-C/V
> for normal copy/paste.

It shouldn't conflict because the super copy paste hotkey combination to 
allow a vm to read the global clipboard should come into effect only 
when the VM window is in focus rather than the app running inside it. 
Then when you paste in the terminal the ctrl-shift-v is pressed again 
but when you focus the terminal running inside.

I paraphrased a more clear explanation:

https://www.qubes-os.org/doc/CopyPaste/

Qubes fully supports secure copy and paste operation between domains. In 
order to copy a clipboard from domain A to domain B, follow those steps:

     Click on the application window in the domain A where you have 
selected text for copying. Then use the app-specific hot-key (or menu 
option) to copy this into domain’s local clipboard (in other words: do 
the copy operation as usual, in most cases by pressing Ctrl-C).
     Then (when the app in domain A is still in focus) press Ctrl-Shift-C 
magic hot-key. This will tell Qubes that we want to select this domain’s 
clipboard for global copy between domains.
     Now select the destination app, running in domain B, and press 
Ctrl-Shift-V, another magic hot-key that will tell Qubes to make the 
clipboard marked in the previous step available to apps running in 
domain B. This step is necessary because it ensures that only domain B 
will get access to the clipboard copied from domain A, and not any other 
domain that might be running in the system.
     Now, in the destination app use the app-specific key combination 
(usually Ctrl-V) for pasting the clipboard.

Note that the global clipboard will be cleared after step #3, to prevent 
accidental leakage to another domain, if the user accidentally pressed 
Ctrl-Shift-V later.

This 4-step process might look complex, but after some little practice 
it really is very easy and fast. At the same time it provides the user 
with full control over who has access to the clipboard.

More information about the Spice-devel mailing list