diff --git a/ChangeLog b/ChangeLog
index 8e23a3d43..3c3c700c5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 2005-04-15  Marcus Brinkmann  <marcus@g10code.de>
 
+	* configure.ac: Check for /usr/bin/shred and define SHRED.
+	
 	* configure.ac: Add --enable-symcryptrun, disabled by default.
 	Define automake variable BUILD_SYMCRYPTRUN.
 	Check for openpty -lutil, define LIBUTIL_LIBS.
diff --git a/configure.ac b/configure.ac
index 34463da04..d331566be 100644
--- a/configure.ac
+++ b/configure.ac
@@ -470,8 +470,18 @@ AC_SUBST(LIBUSB_LIBS)
 AC_CHECK_FUNCS(usb_create_match)
 
 #
-# libutil has openpty() and login_tty().
+# Check wether it is necessary to link against libdl.
 #
+LIBS=""
+AC_SEARCH_LIBS(dlopen, c dl,,,)
+DL_LIBS=$LIBS
+AC_SUBST(DL_LIBS)
+
+#
+# Checks for symcryptrun:
+#
+
+# libutil has openpty() and login_tty().
 AC_CHECK_LIB(util, openpty,
               [ LIBUTIL_LIBS="$LIBUTIL_LIBS -lutil"
                 AC_DEFINE(HAVE_LIBUTIL,1,
@@ -479,13 +489,10 @@ AC_CHECK_LIB(util, openpty,
              ])
 AC_SUBST(LIBUTIL_LIBS)
 
-#
-# Check wether it is necessary to link against libdl.
-#
-LIBS=""
-AC_SEARCH_LIBS(dlopen, c dl,,,)
-DL_LIBS=$LIBS
-AC_SUBST(DL_LIBS)
+# shred is used to clean temporary plain text files.
+AC_PATH_PROG(SHRED, shred, /usr/bin/shred)
+AC_DEFINE_UNQUOTED(SHRED,
+	"${SHRED}", [defines the filename of the shred program])
 
 #
 # OpenSC is needed by the SCdaemon - if it is not availbale we can only
diff --git a/tools/ChangeLog b/tools/ChangeLog
index d6280b776..981c52f6b 100644
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@@ -1,5 +1,9 @@
 2005-04-15  Marcus Brinkmann  <marcus@g10code.de>
 
+	* symcryptrun.c (remove_file): New function.
+	(confucius_copy_file): Accept new argument PLAIN and shred the
+	file if it is set on error.
+
 	* Makefile.am: Define symcryptrun make variable depending on
 	BUILD_SYMCRYPTUN.
 	(bin_PROGRAMS): Add ${symcryptrun} instead symcryptrun.
diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c
index 73f7e0369..9f3a55f8b 100644
--- a/tools/symcryptrun.c
+++ b/tools/symcryptrun.c
@@ -216,6 +216,61 @@ i18n_init(void)
 #endif
 }
 
+
+/* Unlink a file, and shred it if SHRED is true.  */
+int
+remove_file (char *name, int shred)
+{
+  if (!shred)
+    return unlink (name);
+  else
+    {
+      int status;
+      pid_t pid;
+
+      pid = fork ();
+      if (pid == 0)
+	{
+	  /* Child.  */
+	  
+	  /* -f forces file to be writable, and -u unlinks it afterwards.  */
+	  char *args[] = { SHRED, "-uf", name, NULL };
+	  
+	  execv (SHRED, args);
+	  _exit (127);
+	}
+      else if (pid < 0)
+	{
+	  /* Fork failed.  */
+	  status = -1;
+	}
+      else
+	{
+	  /* Parent.  */
+	  
+	  if (TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)) != pid)
+	    status = -1;
+	}
+      
+      if (!WIFEXITED (status))
+	{
+	  log_error (_("%s on %s aborted with status %i\n"),
+		     SHRED, name, status);
+	  unlink (name);
+	  return 1;
+	}
+      else if (WEXITSTATUS (status))
+	{
+	  log_error (_("%s on %s failed with status %i\n"), SHRED, name,
+		     WEXITSTATUS (status));
+	  unlink (name);
+	  return 1;
+	}
+
+      return 0;
+    }
+}
+
 
 /* Class Confucius.
 
@@ -248,9 +303,11 @@ confucius_mktmpdir (void)
 #define CONFUCIUS_LINESIZE 4096
 
 
-/* Copy the file IN to OUT, either of which may be "-".  */
+/* Copy the file IN to OUT, either of which may be "-".  If PLAIN is
+   true, and the copying fails, and OUT is not STDOUT, then shred the
+   file instead unlinking it.  */
 static int
-confucius_copy_file (const char *infile, const char *outfile)
+confucius_copy_file (char *infile, char *outfile, int plain)
 {
   FILE *in;
   int in_is_stdin = 0;
@@ -327,7 +384,8 @@ confucius_copy_file (const char *infile, const char *outfile)
 
  copy_err:
   if (!out_is_stdout)
-    unlink (outfile);
+    remove_file (outfile, plain);
+
   return 1;
 }
 
@@ -712,7 +770,7 @@ confucius_main (int mode)
   strcat (outfile, "/out");
 
   /* Create INFILE and fill it with content.  */
-  res = confucius_copy_file ("-", infile);
+  res = confucius_copy_file ("-", infile, mode == oEncrypt);
   if (res)
     {
       free (outfile);
@@ -726,8 +784,8 @@ confucius_main (int mode)
   res = confucius_process (mode, infile, outfile);
   if (res)
     {
-      unlink (outfile);
-      unlink (infile);
+      remove_file (outfile, mode == oDecrypt);
+      remove_file (infile, mode == oEncrypt);
       free (outfile);
       free (infile);
       rmdir (tmpdir);
@@ -735,19 +793,19 @@ confucius_main (int mode)
     }
 
   /* Dump the output file to stdout.  */
-  res = confucius_copy_file (outfile, "-");
+  res = confucius_copy_file (outfile, "-", mode == oDecrypt);
   if (res)
     {
-      unlink (outfile);
-      unlink (infile);
+      remove_file (outfile, mode == oDecrypt);
+      remove_file (infile, mode == oEncrypt);
       free (outfile);
       free (infile);
       rmdir (tmpdir);
       return res;
     }
   
-  unlink (outfile);
-  unlink (infile);
+  remove_file (outfile, mode == oDecrypt);
+  remove_file (infile, mode == oEncrypt);
   free (outfile);
   free (infile);
   rmdir (tmpdir);