On 02/07/2019 03:44, Mirimir via Gnupg-users wrote: > On 07/01/2019 07:29 AM, David wrote: > > <SNIP> > >> My take on all this is that I have had to disable Enigmail because it's >> screwed - I was not able to send mail and all the settings in enigmail >> were lots of ???????????? so I have been infected :( >> >> David > > Damn. But all is likely not lost. > > If you can open Enigmail Preferences, go to the Keyserver tab, and > specify only keys.openpgp.org as the keyserver. That way, if you manage > to fix gpg, Enigmail won't break it again. Also see "100% CPU usage > endles loop of gpg --list-keys" <https://dev.gnupg.org/T3972> for > background. > > About hardening and fixing gpg, see > <https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f> at > Mitigations and Repairs. Also see > <https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html>. > > You'll very likely need to use gpg in terminal. I suspect that GPA may > be just as wedged as Enigmail. > > Maybe someone could post a step-by-step guide for fixing gpg. For people > who don't commonly use it in terminal. I suppose that I could import one > of the poisoned keys in a fresh VM, and explore how to fix it. But I'm > sure that someone reading this could just dash it out. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
My "fix" was simple - I already have a linux laptop - saved all my keys and my secret key on a usb stick. Whilst reading the thread - I changed all the key servers from sks - but then I got screwed as sks key servers refreshed my keys! WTF!!! Having installed everything to the new laptop I just copied the folder onto my or this working laptop and all is fine. But as key servers share data - (???) maybe the infected keys will circulate??? My public key has only one confirmed signing - it had two - but really I am not that tempted to download from any key server. Not all here attach their public key - and do not upload to a key server - and well no one will ever upload to a key server again!!!!!!! Ha! Every key server is at risk. It has been done once - and can be done again - there is some very sophisticated malware out there. This is a great shock and a wake up call to tighten security - on all key servers - and to have a standardised platform - that takes money and developers. I'm still in shock and very very wary!!! David -- People Should Not Be Afraid Of Their Government - Their Government Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION Becomes A DUTY! Join the Rebellion Today! https://gbenet.com
0x5C6EE7FBAAD8C47D.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users