qubes-doc/user/common-tasks/copy-paste.md

---
layout: doc
title: Copying and pasting text between qubes
permalink: /doc/copy-paste/
redirect_from:
- /en/doc/copy-paste/
- /doc/CopyPaste/
- /wiki/CopyPaste/
---

Copying and pasting text between qubes
======================================

*This page is about copying and pasting plain text.
If you wish to copy more complex data, such as rich text or images, see [copying and moving files between qubes](/doc/copying-files/).
For dom0, see [copying from (and to) dom0](/doc/copy-from-dom0/).*

Qubes OS features a secure inter-qube clipboard that allows you to copy and paste text between qubes.

In order to copy text from qube A to qube B:

 1. Select text from the source app in qube A, then copy it normally (e.g., by pressing Ctrl+C).

 2. With the source app in qube A still in focus, press Ctrl+Shift+C.
    This copies the text from qube A's clipboard to the inter-qube clipboard.

 3. Select the target app in qube B and press Ctrl+Shift+V.
    This copies the text from the inter-qube clipboard to qube B's clipboard and clears the inter-qube clipboard, ensuring that only qube B will have access to the copied text.

 4. Paste the text in the target app in qube B normally (e.g., by pressing Ctrl+V).

This process might look complicated at first glance, but in practice it is actually very easy and fast once you get used to it.
At the same time, it provides you with full control over exactly which qube receives the content of the inter-qube clipboard every time.

Security
--------

The inter-qube clipboard system is secure because it doesn't allow any qube other than your selected target to steal any contents from the inter-qube clipboard.
Without such a system in place, any password you were to copy from the password manager in your vault qube to another qube, for example, would immediately be leaked to every other running qube in the system, including qubes that are untrusted by default, such as `sys-net`.
By giving you precise control over exactly which qube receives the inter-qube clipboard content, then immediately wiping the inter-qube clipboard afterward, Qubes OS protects the confidentiality of the text being copied.

However, one should keep in mind that performing a copy and paste operation from *less trusted* to *more trusted* qube is always potentially insecure, since the data that we copy could exploit some hypothetical bug in the target qube.
For example, the seemingly-innocent link that we copy from an untrusted qube could turn out to be a large buffer of junk that, when pasted into the target qube's word processor, could exploit a hypothetical bug in the undo buffer.
This is a general problem and applies to any data transfer from *less trusted* to *more trusted* qubes.
It even applies to copying files between physically separate (air-gapped) machines.
Therefore, you should always copy clipboard data only from *more trusted* to *less trusted* qubes.

See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes, as well as [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel.

Clipboard automatic policy enforcement
--------------------------------------

The Qubes clipboard [RPC policy](/doc/rpc-policy/) is configurable in:

~~~
/etc/qubes-rpc/policy/qubes.ClipboardPaste
~~~

You may wish to configure this policy in order to prevent user error.
For example, if you are certain that you never wish to paste *into* your "vault" AppVM (and it is highly recommended that you do not), then you should edit the policy as follows:

~~~
@anyvm  vault   deny
@anyvm  @anyvm  ask
~~~

Shortcut configuration
----------------------

The copy/paste shortcuts are configurable in:

~~~
/etc/qubes/guid.conf
~~~

If you edit a line in this file, you must uncomment it (by removing the initial `#` character), or else it will have no effect.

VMs need to be restarted in order for changes in `/etc/qubes/guid.conf` to take effect.
CopyPaste changed 2011-04-10 08:53:51 -04:00			`---`
wiki -> doc migration 2015-04-10 16:17:45 -04:00			`layout: doc`
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`title: Copying and pasting text between qubes`
Remove en/ from URLs (QubesOS/qubes-issues#1333) 2015-10-28 18:14:40 -04:00			`permalink: /doc/copy-paste/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 03:04:59 -04:00			`redirect_from:`
Remove en/ from URLs (QubesOS/qubes-issues#1333) 2015-10-28 18:14:40 -04:00			`- /en/doc/copy-paste/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 03:04:59 -04:00			`- /doc/CopyPaste/`
			`- /wiki/CopyPaste/`
CopyPaste changed 2011-04-10 08:53:51 -04:00			`---`

Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`Copying and pasting text between qubes`
			`======================================`
CopyPaste changed 2011-04-10 08:53:51 -04:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`*This page is about copying and pasting plain text.`
			`If you wish to copy more complex data, such as rich text or images, see [copying and moving files between qubes](/doc/copying-files/).`
			`For dom0, see [copying from (and to) dom0](/doc/copy-from-dom0/).*`
Add semantic newlines for copy-paste.md 2019-08-18 13:35:06 -04:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`Qubes OS features a secure inter-qube clipboard that allows you to copy and paste text between qubes.`
CopyPaste changed 2011-04-10 08:53:51 -04:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`In order to copy text from qube A to qube B:`
CopyPaste changed 2011-04-10 08:53:51 -04:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`1. Select text from the source app in qube A, then copy it normally (e.g., by pressing Ctrl+C).`
CopyPaste changed 2011-04-10 08:53:51 -04:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`2. With the source app in qube A still in focus, press Ctrl+Shift+C.`
			`This copies the text from qube A's clipboard to the inter-qube clipboard.`
CopyPaste changed Added link to discussion on why only simple plaintext is supported for inter-vm clipboard 2012-12-30 07:01:33 -05:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`3. Select the target app in qube B and press Ctrl+Shift+V.`
			`This copies the text from the inter-qube clipboard to qube B's clipboard and clears the inter-qube clipboard, ensuring that only qube B will have access to the copied text.`

			`4. Paste the text in the target app in qube B normally (e.g., by pressing Ctrl+V).`
CopyPaste changed 2011-04-10 08:53:51 -04:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`This process might look complicated at first glance, but in practice it is actually very easy and fast once you get used to it.`
			`At the same time, it provides you with full control over exactly which qube receives the content of the inter-qube clipboard every time.`
CopyPaste changed 2011-04-10 08:53:51 -04:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`Security`
			`--------`
CopyPaste changed Added stub for Clipboard policy enforcement 2012-12-11 13:51:08 -05:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`The inter-qube clipboard system is secure because it doesn't allow any qube other than your selected target to steal any contents from the inter-qube clipboard.`
			Without such a system in place, any password you were to copy from the password manager in your vault qube to another qube, for example, would immediately be leaked to every other running qube in the system, including qubes that are untrusted by default, such as `sys-net`.
			`By giving you precise control over exactly which qube receives the inter-qube clipboard content, then immediately wiping the inter-qube clipboard afterward, Qubes OS protects the confidentiality of the text being copied.`
CopyPaste changed Added link to recent discussion on clipboard security on qubes-devel 2013-05-03 04:59:15 -04:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`However, one should keep in mind that performing a copy and paste operation from less trusted to more trusted qube is always potentially insecure, since the data that we copy could exploit some hypothetical bug in the target qube.`
			`For example, the seemingly-innocent link that we copy from an untrusted qube could turn out to be a large buffer of junk that, when pasted into the target qube's word processor, could exploit a hypothetical bug in the undo buffer.`
			`This is a general problem and applies to any data transfer from less trusted to more trusted qubes.`
			`It even applies to copying files between physically separate (air-gapped) machines.`
			`Therefore, you should always copy clipboard data only from more trusted to less trusted qubes.`
CopyPaste changed Added section on dom0 2014-05-27 05:24:41 -04:00
Fix typo 2020-11-16 07:54:31 -05:00			`See also [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes, as well as [this message](https://groups.google.com/group/qubes-devel/msg/48b4b532cee06e01) from qubes-devel.`
CopyPaste changed Added section on dom0 2014-05-27 05:24:41 -04:00
CopyPaste changed Added stub for Clipboard policy enforcement 2012-12-11 13:51:08 -05:00			`Clipboard automatic policy enforcement`
			`--------------------------------------`

Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`The Qubes clipboard [RPC policy](/doc/rpc-policy/) is configurable in:`
CopyPaste changed Added to policy section 2014-05-27 05:37:13 -04:00
replaced all github flavored code blocks with fenced kramdown code blocks 2015-09-26 19:00:33 -04:00			`~~~`
CopyPaste changed Added to policy section 2014-05-27 05:37:13 -04:00			`/etc/qubes-rpc/policy/qubes.ClipboardPaste`
replaced all github flavored code blocks with fenced kramdown code blocks 2015-09-26 19:00:33 -04:00			`~~~`
CopyPaste changed Added to policy section 2014-05-27 05:37:13 -04:00
Add semantic newlines for copy-paste.md 2019-08-18 13:35:06 -04:00			`You may wish to configure this policy in order to prevent user error.`
			`For example, if you are certain that you never wish to paste into your "vault" AppVM (and it is highly recommended that you do not), then you should edit the policy as follows:`
CopyPaste changed Added to policy section 2014-05-27 05:37:13 -04:00
replaced all github flavored code blocks with fenced kramdown code blocks 2015-09-26 19:00:33 -04:00			`~~~`
Update qrexec keyword characters 2019-08-21 18:41:43 -04:00			`@anyvm vault deny`
			`@anyvm @anyvm ask`
replaced all github flavored code blocks with fenced kramdown code blocks 2015-09-26 19:00:33 -04:00			`~~~`
CopyPaste changed 2014-01-24 09:52:58 -05:00
Improve "copying" documentation 2020-11-16 06:54:14 -05:00			`Shortcut configuration`
CopyPaste changed 2014-01-24 09:52:58 -05:00			`----------------------`

CopyPaste changed 2014-01-24 09:54:05 -05:00			`The copy/paste shortcuts are configurable in:`
CopyPaste changed 2014-01-24 09:52:58 -05:00
replaced all github flavored code blocks with fenced kramdown code blocks 2015-09-26 19:00:33 -04:00			`~~~`
CopyPaste changed 2014-01-24 09:52:58 -05:00			`/etc/qubes/guid.conf`
replaced all github flavored code blocks with fenced kramdown code blocks 2015-09-26 19:00:33 -04:00			`~~~`
Update copy-paste.md 2015-11-19 07:13:32 -05:00
Explicitly instruct the user to uncomment lines when editing Closes QubesOS/qubes-issues#5707 2020-03-07 08:45:11 -05:00			If you edit a line in this file, you must uncomment it (by removing the initial `#` character), or else it will have no effect.

Fix typo 2015-11-20 02:26:28 -05:00			VMs need to be restarted in order for changes in `/etc/qubes/guid.conf` to take effect.