Silk Road forums
Discussion => Security => Topic started by: awakening7 on November 26, 2012, 06:33 am
-
Hello. Being new to silk road I still haven't figured out where the best place to post my public key (as a non-vendor) is and where vendors could access it so I don't have to include it in every message. I started the thread hoping that it might help other new users as well. Thanks to all who comment. :)
-
in the security section there is a sticky that is named " post pgp keys here" but no one ever checks it. if you are messaging a vendor i suggest sending your key with your message. so basicly it's the very first topic in the section you posted this topic in. read the sticky's they're there for a reason
-
as the above user hinted at, you can post in the pgp key thread then include a link to the specific post in your signature
-
i had originally been sending my public key with my encrypted messages too, but as i found out today, many vendors expect you to encrypt your message using their public key so they can open it in their pgp program without importing every buyers' public keys into their keyring. i actually think this is better because it is easier for the vendor and the buyer because it gives you better security as your public key isnt stored in a sellers' keyring (just in case LE catches up with them). if you do this though, i would consider making sure you delete the sellers public key after placing your order to protect them in the same way...
-
Ahh yes. I saw the sticky but was still wandering if that is the best way. Thanks for the input! :)
-
There is a network of searchable PGP keyservers on the clearnet that people use to find PGP keys. Ive found the keys of several vendors on there including DPR. I don't know if anybody here actually searches for keys there. If you do post a key on there make sure it does not contain any info that could be used to ID you. Don't use the same name here as anyplace on the clear net and don't use the same e-mail.
https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29
-
Don't use clearnet keyservers unless it's over Tor! LE could subpoena the operators to look at the IP addresses that are downloading certain keys. I'm surprised that DPR's key is on there and hope he wasn't the one who posted it.
(BTW, kudos to the mods for adding captchas. I have no problem filling them out if it slows down the spam.)
-
Don't use clearnet keyservers unless it's over Tor! LE could subpoena the operators to look at the IP addresses that are downloading certain keys. I'm surprised that DPR's key is on there and hope he wasn't the one who posted it.
I thought the same thing. Ive actually found quite allot of PGP keys on http://pgp.mit.edu:11371 that match up with names and e-mails of people on here. If they posted those keys using the GPG software, that did not go through tor and their real IP addresses would be in the server logs , conveniently associated with the Identity they use to sell/buy drugs.
-
What others said. Also there is a pastebin like service at 4eiruntyxxbgfv7o.onion
For example, here is my key:
http://4eiruntyxxbgfv7o.onion/paste/show.php?id=d8a0d6fbb76863ed&plaintext=1
This is a lot less text to include in every message than the actual key.
-
HassleHoff, I think some PGP software is configured to upload newly created keys by default. That may be the problem. It's best to check your software and disable that feature if it exists before creating a new key.