I happened to run kgpg from the CLI in a konsole, and then used its editor to open an encrypted file.
What I then noticed was that as I typed stuff in the editor, the characters were appearing in the konsole (numeric encoding)
e.g. 65 for ‘a’, 66 for ‘b’ etc.
They seemed to go to stderr.
This seems a bit insecure for an application commonly used for storing stuff securely in encrypted files!
Should I be avoiding kgpg? Are there better more secure tools for encrypting files?
That’s actually kdelibs4’s fault. It contains a debug statement in ktextedit that outputs every pressed key to stderr.
The same happens when you rename a file in dolphin e.g.