Qubes - Global/Local/Terminal Copy & Paste

Typical copy and paste is Ctrl+C and Ctrl+V, respectively. Common knowledge (though, if you didn’t know that - life changing).

The problem is copying between VMs or between the host and a VM. In QEMU and Virtualbox, this is solved by installing guest utilities into the VM, which allows the host and all of the guests to essentially share a common clipboard. The vulnerability herein lies if one machine is compromised (which is generally a wise security assumption). Then, a remote attacker need only grab the clipboard contents periodically and send it back to their machine. So, if using this solution - never copy passwords/keys/SSNs or anything sensitive. If so, you would be wise to assume that information is compromised.

OR, you could prevent clipboard sharing by disabling the setting and/or by uninstalling guest agent packages entirely. But then you couldn’t, for example, host your KeePassXC password manager in a non-networked VM and copy/paste login info from there to a browser in the host or another VM. You might see how this specific configuration offers a superior level of account security!

Qubes does not network the host OS (except for updates…via a secure proxy…yeah, basically not networked). Due to this unique architecture (which is functionally very difficult to achieve in a custom setup - trust me, I’ve tried), the host OS can be trusted in a unique way akin to any air-gapped machine. I refer to this as a virtual air-gap.

Part of this unique trust is a global clipboard API controlled by the host. This allows you to conveniently copy/paste between VMs. By default, the keypress sequence to differentiate local copy/paste (Ctrl+C and Ctrl+V) from global is Ctrl+Shift+C and Ctrl+Shift+V.

I would highly recommend you change this. Reason is, the default global copy/paste is identical to the default terminal copy/paste. Thus, to copy/paste in the terminal, you must right-click - which is incredibly noob-ish. To change this:

  1. Go to Menu → Settings Cog → Qubes Tools → Qubes Global Config.
  2. Go to the Clipboard tab on the left.
  3. You should then see the settings to change the shortcuts.

I like to use Win+C and Win+V, but there are a few other options.

The workflow, then, looks like this:

  1. Start out with global clipboard empty, with VM1 running KeePassXC and VM2 running Firefox. Both VMs have an empty clipboard.
  2. In VM1, Ctrl+C to copy a password
  3. Now - Global: empty, VM1: password (cleared after 10s by default), VM2: empty
  4. In VM1, Win+C, which tells VM1 to send it’s clipboard contents via a secure connection to the host.
  5. Now - Global: password, VM1: password, VM2: empty
  6. In VM2, Win+V, which tells VM2 to listen to receive something from the host and store that in its clipboard. Simultaneously, the host empties it’s clipboard and gives it to VM2.
  7. Now - Global: empty, VM1: password, VM2: password.
  8. Depending on your speed, KeePassXC will likely have cleared the clipboard by now
  9. Now - Global: empty, VM1 : empty, VM2: password
  10. Thus, you can Ctrl+V in VM2 to paste the password into Firefox and login.

I explained this with verbosity, but the mechanism becomes rudimentary with practice: click KeePassXC window and desired entry, Ctrl+C, Win+C, click browser window, Win+V, click password field, Ctrl+V. Practice, find the optimal workflow (e.g. in KeePassXC you can save the URL into an entry and then copy locally with Ctrl+U. Same for usernames, copied with Ctrl+B), and then never go back.