[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Warning of Unsafe Paste of PGP Key?

I got this warning that this pgp public key(to send message) could have commands to root access. SO what i would like to know if there is a way to find out what it was trying to do? I did use in win10 os and pgptools.
How can i add picture or link to picture of warning?
Pasting this text to terminal may be dangerous as it looks like (return sign) some commands may be executed potentially involving root access SUDO

`

You can post links now.

1 Like

I have added the pgp public key i got from the web below.
I would think there is way to identify what triggered that warning, and single out what it was. Cause i used the key to create a message and send it, in winos. so prolly have some of my info sent or did something?

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFyqTT0BEAC7Xy6dcdfhZmNVDPy2iMc5SApfij5QZUnEWhAUf+n3Gg4HdaRh
feZHzOFoUZ7axG1pVwia9hfSgAxoXlKSQNz8mdPn74EeDDXKYldRaU6nIBdkEf83
ETNimgtxJHQ47KkZzFzbfjqpeB8KJ5fB16/n/dWYPRZp4bLRINBJmAFvoOZCSAD5
UvZY7JxCvJlUocY3+LpDcRE5NE7P3EpaQSpMHLr5YbdXbEEBrIURTVvIGmPgVLS0
IF2gU2bDsoSjxOL0Ur2zS+G+U0Lem9FzDPjv2nu9RuLW1oTeS+B/v0gWAFERvWCn
9jIe8yjU4FjINwSsogXknTA/o+XrH8CC5hA1ORvRGGrjWGBlt04hMacSFn/D0Ak3
3/27PncXuEFUFPYSERAlapa0niftdca/9/9bKIjYFXDBRty8JVVeP0icuJYKLRc/
pTUKVQ6tSh+6jAMaOBiajVTkaaVJ9Ul32VkycyXeV+zrSY2ccwgMRTmIn+z4H5Hz
J/C4bp3Vp08Dl6X6B5W9ag+7zZRtuqS+YSKreJiIGT5SgxwFJRA/0YJ6aoevgc1Z
R3utWQ0bS8DjFzxVsbPG7zE3yMi1vqhX20DUk13N8tcyC4HolYL7GZu1PKrGPnEF
F1pI6a9Hqh5IQ9AXVtbRpP1x9K0IQPFIqqRxL52MdVRRxkJ0OIxZpcpPlQARAQAB
tB93aW5hbWF4IDx0cnVzdGVlbHVja3lAbWFpbDJ0b3I+iQJUBBMBCAA+FiEErq9I
QsNElzoLADVqAl47ekVmCHUFAlyqTT0CGwMFCQeGH4AFCwkIBwIGFQoJCAsCBBYC
AwECHgECF4AACgkQAl47ekVmCHUM/hAAnuWpYK8eRXKeydrD4gos0p3eEjcALBJa
U1SQXSSI8ARu9kbHFzRDlWANW0PO1wr21cHR6O/GJClw1MTf/8afIJBMTv2NFjsO
tLXKTMPMt+sJd4nl5LxbqcTZs4OW43c/ry/NO+DolpIEA1o3/rNLorIW7pRxP0L0
yZqEtseKwdM7EaF/OFHOXtUcPKF0yetA1IfMYROf00pW6/IZWVw2MqKN8WhIwyKN
3kHxO9P30xeQDM4JLHccP+aOuAN+pPZz2hTYXBz+3hH3zb2ARbZof18wEig+gONK
EMD8CWt9UUVAqDUkQLoPm1VMJ+pFXJ+yrusV9VHajTdarcah1FS5KWhI3+DZNSj0
nixHMNdJpz2UF0AJ6sm6Z9OeVOc48TKpE2nEYS189ZXQI0x4NFPJywWXy5UuubJP
4loZqi5l1spWO1a8A+2PkTI6DwDu0kZ+SG5iyLUly8a+AKZ4CLVwwzHtiS16v2+h
N0t+/uH22u01AnnNE+3e2J6cYzEBwIZW8oFEPUVS9QlXyFrkS9xyP2nSZkLZ+lH7
A0hV5oOvs3VzVS//OpHSVOhsW8e2+0Jf2sRPQwrkVKGM94NNM2guzxiWziIruWSL
5fnhRsQWSCgXAtXaQouxcBEEFQXl0ivLUDREAbHnwZJJ7btaKUw2EqQ3wsBTXjWa
ABVaUnta04q5Ag0EXKpNPQEQALYPxmtJS+/jIzWN1EsIRTp63TCvDZgzZiemeKfv
1889vn4hVY4D7b1iS9RQ/vQZ4TMVcy5V5pqknUfhxWM0JdPU2+simNEJTCXnQd+w
/1NMi0hN0n/lyCwo0VHqwQrcUbfRHbbH3QgyfR7roT8HhxDnSgad92Yxh/XALJ5I
aufokFeAG7OemrzW1zuP6zPj7o4so6OnPrinJUbGTAFt1iqjRAoqC1iAtJ9tOcD+
i/6cFioBol9iMaiMle1ghwq3Ge7E5LS3rDqMy4+ppKldMox8OoPXRYRcrhv0hLPz
y0ySsA2M95SzjPNximtNdoZ9mmJtYwMNO2bW/mxAgktrfEA72MVGUGE9kbV1qM/d
PX/v+1orsCWgxASXAXYTnDsn6FMOX2LioPNXnb2DCEESgkRFPplL+HPwvIWgEa+k
/s9LniSzjm3m0ERO7f0sA11asrNO5xDjB0k95bj44YhRwyKhBV9N0HSdSdLiTypw
v4aC2iajIgn+K6ZD4kpvRx8qH9+U2yfHgxDE8XID12y4aNuIZknd/kqQIQQKAQzW
yctDQyh61zERiCu+w4nP4zHlqFXcD3FlWipaS8rypumF0NOIQS18U+9Fm3B5HMzf
1cJaI5Wq/cn1aYZClZ9psQSkJfk5Y4DmThpU3+l9srH54W+9fwvQBU3gD9m24s8j
AmuJABEBAAGJAjwEGAEIACYWIQSur0hCw0SXOgsANWoCXjt6RWYIdQUCXKpNPQIb
DAUJB4YfgAAKCRACXjt6RWYIdXuXD/43JmTZxNABlL0x6jRlPUuOZt/J6KIliHma
Q8ycLoSNoUvkJkePBqncyNaV6gHiHw00oTiiw6+E/LqukYfGExYY9eBFWZ/U75sv
TnaqqRfK3hvnFD+pdopvQZXcPe93OqHnS/ZVdn8oVLv7Ce+l0BXCqIe6KwszvHeE
SbBoA+oHqcUsYYrITdAKzDLBQgs/kA9V/1V+3R/C2Y8fyiUm8qIxmsBupCeDi+je
H+eN9TjeMxxqHpvmjEiNtgWU+9x1D/kb0tD+ow2CJUr5Sj2KSwzifIi4hd9Hp8KV
VDC7+b7eoZoJd7fHyWDbmDDI0lnpYooxc+KCAL2kUUUJDA0D8O0ssE8O6RmT4n6x
KAAKZ9NPxwePv896tqyIe89MVQSjHOijC1+tgmm1htGAr1z5JIvQpzubZ99/Nkqg
OCe2Ju6k24wVC/86ZwnP1zCUrJfDFZLZxx0Ms+ABHqLiOqPYzGHNr+vfzbdO/152
If5bhsp7fQucTbR1mO5AWe5yklRFTl03zENsm5XPJxAd63rEYbWIGRcwZfOSdFYC
H6x9OkkiDiJKqTig3YE17FgFNZeD7q2ljtFeEVEiQhyN5S3n6d1S7Pt2yNI/D4wd
gMTgwPtVVzoHrJNwKUmBapGMrl/S6hxIspkM3Ftc9Hi5MQuFAzYJabvKS4nLTVmW
g5I668jCxw==
=c3Gi
-----END PGP PUBLIC KEY BLOCK-----

The command you’re looking for is probably:

gpg --import

Take special note of the space between gpg and --import.

You’d need to find some tutorial on how to use gpg.

Could you try please to resolve as per https://www.whonix.org/wiki/Free_Support_Principle?


Related:

when i did gpg -import, is when i got the warning message from the pgp key. So ididnt import, but i have already used key in win10os & pgptools to encrypt message and send it.
SO, if whonix terminal gpg flagged it as possible malicious to my root, how did it come to that determination? Is there a way i can see what caused the warning, some way?

researching possible causes i came across possible ransomware. Or collecting my info to be sold…

IDK, win ready to dump win10 to much crap inthere…???

prerequisite knowledge:
Valid Compromise Indicators versus Invalid Compromise Indicators

It didn’t. gpg doesn’t claim to be a malware scanner / analysis tools and it really isn’t.

Permission warnings → copy and paste the generic error message into search engines.

Obviously it did that why i got the warning message with picture and here. and when you search the warning it gave there is not much. So what is the point of the warning message and why would that warning come up? If something in the pgp was not recognized as running “hidden” commands, whats the point of having the message if you can’t investigate to reason?

nothing comes up in in whonix search, google search comes up with nothing helpful.

So you would feel safe pasting the pgp in YOUR machine terminal and using it? Just ignore the warning?

  • OpenPGP keys should not be pasted directly into the terminal. Instead, these need to be pasted into a text file / text editor.
  • The warning unsafe paste popup (<-- search term) is a feature by the xfce4-terminal emulator. It’s not a feature by gpg.

This will be documented soon and once that’s done I’ll post again.

Documented just now:
https://www.kicksecure.com/wiki/Software#Unsafe_Paste_Warning_Popup

Hope that helps.

Okay, i understand it the editor… Still, why make a warning for such generic input.

That warning set me off…looking for pgp “hacks” which i found as ransomware, maybe highly unlikely but comes up on search, that it could be used for getting in root, capture your pgp, install stuff… IDK, but im just highly suspicious person.

Now im interested worried about this GNOME i see, and read it only manual download. I didnt dl it? Is it included in update?
So many security issues for a noob, sorry it can be overwhelming.

Thanks for your time and patience…

Okay, i would like to know. If you bought a brand new pc what is everything to do to be most safe online? remove apps, add apps, etc… if you would, please. TY

1 issue = 1 forum thread please.
Please make separate forum threads for completely different issues.

In theory it could be a mix-and-match attack but in practice it’s highly unlikely for non-technical users to causally detect a compromise. See:
Valid Compromise Indicators versus Invalid Compromise Indicators

Support Request Policy applies.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]