Silk Road forums

First, do yourself a favor and replace the gpg.conf that came with your app with this:

no-greeting
no-emit-version
no-comments

utf8-strings
armor

expert
trust-model always
no-mdc-warning

personal-cipher-preferences AES256 TWOFISH CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128 CAST5 3DES BLOWFISH
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1
personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
cert-digest-algo SHA512

If you have multiple keys, you can set a default with:

default-key <key ID>


Command line gpg is easy to use. There are a handful of basic commands, and gpg will ask you for any input that it needs if you haven't provided it. I can give you a run down of the basic commands right now. For the commands that require input, you can either specify a file or type/paste stuff directly in the command prompt window.

I will use the "gpg" command, but on Windows you'll have to use "gpg.exe".

To import a key:

gpg --import

If you just type that, you'll see a cursor in the command window and can paste the key in the window. After pasting it in, hit CTRL+D. Otherwise you can save the key in a file and specify that:

gpg --import buddy.key

To print out your public key, so you can give it to other people:

gpg --export KEYINFO

Where KEYINFO is either the name, email address or key ID. gpg will search your key ring and use the first match. If it's a long name, you only need to supply a part of it, enough that it uniquely matches that key.

The previous command will print it in the command window. You can put the output in a file with redirection:

gpg --export KEYINFO > pub.key


Ok, with the basic importing and exporting out of the way, we're ready to do encryption. The simplest command to encrypt is:

gpg -e

Yep, that's it. If you don't supply the recipients, it will ask you for them. Just type in some key info, like above, either part of the name, email address, or key ID. You can add as many recipients as you want, and hit enter (blank recipient) to stop adding recipients.

Then you'll get a cursor to type your message. and when you're done, hit CTRL+D, and it will spit the encrypted block into the command window.

Alternatively you can type your message in a text file and specify that.

gpg -e message.txt

And you can specify the recipients too, although I'm too lazy to do that and let it prompt me.

gpg -r astor -r bedtime666 -e message.txt

It will create a file called message.txt.asc which contains the encrypted message.

To decrypt a message:

gpg -d

And you can paste the message in the command window, then hit CTRL+D.  Or specify the file:

gpg -d encrypted_message.txt

That's enough to get you started.

I feel I know what you're saying. I post a message in my mail client. I then highlight the message, right click and select "encrypt to new window" after that I choose a recipient. As in I click next to one of the names/emails/public keys that are in my GPG keychain. Then I select which one of my keys I want to send it from.

I've never used GPGTools, but what does it mean to "send from" a key? You encrypt a message with someone's public key. You should only have to select the recipients. Perhaps when you are choosing one of your keys to "send from" you are actually selecting it to encrypt the message with.

GPG4USB is only available for Windows and Linux.

If they are getting a message that no secret key is available, then you are encrypting the message with the wrong public key. You may be encrypting it with your own key. You need to encrypt it with their public key.

Setting an admin password and sudo apgt-get update && sudo apt-get upgrade maybe...


Unfortunately I think it's amnesiac properties it is probably not permanent.

Right. The root filesystem is a static image on purpose. You will lose anything that isn't in the persistent folder, including anything installed from the repos, after a reboot.

I recommend running Whonix. It a little more secure than Tails because Tor is isolated in a separate VM, and it is persistent, so you can install additional software or upgrade Tor.

The trade off is that that it isn't a leave-no-trace-behind OS like Tails. However, if an adversary has physical access to your hardware, the fact that you use Tor is the least of your problems. You can put Whonix and portable VirtualBox in an encrypted volume on a thumb drive and get close to the same privacy as Tails. There will probably be stuff in your log files indicating the times that you ran it.

How would I know my donation was actually going to be used to set up relays? Also, how exactly does money=more relays? Are they buying computers to set up relays on?

Yes, they rent servers to run relays. Did you read the page? Look over the site? Torservers runs some of the biggest exit nodes, and their non-profit helps to fund several partner organizations that run relays.

If there was a simple BTC address posted by DPR for donations to support relays I think it would work just better.

How about this one: 1GvVpDGM426bHp2eXwHzwDNqv8g2xyfznJ

https://www.torservers.net/donate.html

Can this be done on TAILS?

You can probably run a relay on Tails by modifying the torrc the same way as in the guide. However, if you boot and shut down your Tails often, you shouldn't run a relay on it. Tor relays should be stable, with many days of uptime. It's bad for the Tor network when relays go offline a lot, because it takes time to update the directory and get all clients to know about the currently running relays. The network would become more inefficient if clients were trying to connect to a lot of relays that are offline.

Tails is a non-persistent mobile operating system. Relays should be run on stable setups.

Interesting read. Another nice tidbit:

To this day, no mobile telephone standards committee has considered
or adopted any end-to-end (phone-to-phone) privacy protocols.  This is
because the big companies involved, huge telcos, are all in bed with
NSA to make damn sure that working end-to-end encryption never becomes
the default on mobile phones.