Silk Road forums

Discussion => Security => Topic started by: santbarna on December 17, 2012, 08:53 pm

Title: pgp encryption
Post by: santbarna on December 17, 2012, 08:53 pm
i need some help with pgp encryption. i have downloaded the pgp program and created my key with my tormail address. upon making a purchase how would i go about encrypting an email address with delivery information to the seller? i know this seems pretty basic to many, but right now this is really confusing me. thanks for the help
Title: Re: pgp encryption
Post by: astor on December 17, 2012, 08:59 pm
You need to import the seller's public key into your PGP program. Their public key should be listed on their seller profile. It will begin and end with these lines:

-----BEGIN PGP PUBLIC KEY BLOCK-----

<bunch of gibberish>

-----END PGP PUBLIC KEY BLOCK-----

You didn't mention the PGP program that you're using, so I can't give you specific instructions. Just make sure you copy the entire thing, including all fives dashes before and after the text, in the first and last lines. That's a common mistake. A single missing dash will cause the PGP program to not recognize it as a public key.

Once it's imported you should be able to select that vendor as the person you want to encrypt the message to.

The output will be the encrypted message, which will begin and end with these lines:

-----BEGIN PGP MESSAGE-----

<bunch of gibberish>

-----END PGP MESSAGE-----

Copy that whole thing, including all dashes, and paste it into the form for submitting your address.

As a buyer you only need a public key if you want other people to send you encrypted messages. You must give them your public key. PGP is an asymmetric encryption system, where you always encrypt messages to the recipient's public key (although you can encrypt to your own key as well, if you want to be able to read your own messages; there can be multiple recipients).
Title: Re: pgp encryption
Post by: Prepper on December 18, 2012, 03:41 am
Does gpg work the same way?? I didn't do my research and forgot to encrypt my address when making a purchase...guess this means they will not process the order.  I am still kinda confused as to how this encryption works.
Title: Re: pgp encryption
Post by: astor on December 18, 2012, 04:27 am
PGP is the name of the encryption protocol. GPG (rather confusingly) is the name of a program that will do the encryption for you. It's a particular implementation. Kind of like DOC is a word processor file format, while Word and LibreOffice are programs that create DOC files.

You don't have to encrypt your address. Most vendors will process the order anyway. It's just a really, really, really good idea to encrypt it.

If you're confused, I suggest reading the post stickied at the top of this subforum

http://dkn255hz262ypmii.onion/index.php?topic=42094.0

There are step by step guides on using PGP.  Note: you don't have to create your own key if you don't mind conversing with the vendors in plaintext. You only need to know how to import their public keys and use them to encrypt your address.
Title: Re: pgp encryption
Post by: Wadozo on December 18, 2012, 12:31 pm
Here is a basic, simple guide I wrote, which should help you out if your using a Windows system (Gpg4win)
You could also use gpg4usb. It has a simple interface and is easier to use for beginners.

1. Copy the Public Key of the person you want to send a message to.
2. Open a text editor, such as Notepad, and paste the Public Key. Name the file and save it to your desired location on your PC.
3. Open GPA (Gpg4win), click IMPORT, locate the file you just saved with the Public Key in it, and double click it. It will then show up in KEY MANAGER where it is stored for future use along with any other Public Keys you wish to keep.
4. Then click on CLIPBOARD, the 2nd icon in from the right at the top of the page. Type the message you wish to send to the recipient and then click ENCRYPT. Click on the Public Key of the person your sending the message to (should now be highlighted), then click OK at the bottom.
5. Then copy the encrypted message and paste it in a PM to the recipient and send it,
6. REMEMBER - Include your Own Public Key in this message if you wish to receive an encrypted response from the recipient. You can find this by RIGHT-CLICKING your key in KEY MANAGER, then copy/pasting it. :)
Title: Re: pgp encryption
Post by: Prepper on December 18, 2012, 03:43 pm
Awesome, thanks fellas. I just downloaded the gpg last night. I appreciate the help.
Title: Re: pgp encryption
Post by: Prepper on December 18, 2012, 08:20 pm
The problem I am having is getting the key from notepad to gpg because notepad will only save it as a .txt file.  Also tried word but gpg will not accept a txt file, must be cer/cert to open and import....
Title: Re: pgp encryption
Post by: SelfSovereignty on December 18, 2012, 08:31 pm
The problem I am having is getting the key from notepad to gpg because notepad will only save it as a .txt file.  Also tried word but gpg will not accept a txt file, must be cer/cert to open and import....

... well that's stupid of it, isn't it.  I know the command line GPG doesn't care what the filename is, it could be .xyz and it would still import the thing.  Just change the filename in the Windows explorer or whatever folder viewer you use to match whatever it wants.  After you save it as .txt, THEN change it by hand I mean.
Title: Re: pgp encryption
Post by: Wadozo on December 18, 2012, 08:37 pm
The problem I am having is getting the key from notepad to gpg because notepad will only save it as a .txt file.  Also tried word but gpg will not accept a txt file, must be cer/cert to open and import....

Mate, just name the file and "save as" to your desktop. Then you import that file as I described earlier by clicking on IMPORT and selecting the file on the desktop. The Public Key will then be listed under KEY MANAGER.
Title: Re: pgp encryption
Post by: Prepper on December 19, 2012, 03:11 am
I finally got it...I rode the short bus for a brief period in my life. Thanks again
Title: Re: pgp encryption
Post by: astor on December 19, 2012, 03:16 am
If you want to practice, you can import my PGP key (link in my signature) and encrypt a message to me.

I'll let you know if it worked. Like I said, for the purposes of sending your address to a vendor, that's all you need to know how to do. You don't have to create your own key.
Title: Re: pgp encryption
Post by: Prepper on December 19, 2012, 03:54 am
Sent it
Title: Re: pgp encryption
Post by: SelfSovereignty on December 19, 2012, 06:25 am
Try http://gpg4usb.cpunk.de/
Title: Re: pgp encryption
Post by: Nightcrawler on December 20, 2012, 01:44 am
UGH

I lost my computer and have to use a mac now. THIS IS DRIVING ME NUTS.

link to user friendly program would be much appreciated.

I can create my own key and import vendors but have no idea how to send an excrypted message. The gpg keychain program only shows how to send emails.

GPGTools is highly version dependent -- depending on which version of OS X you have, it may or may not work as expected.  If you have Leopard (10.5) then you're pretty much out of luck. Your only option then will be using the command-line.

If you have Snow Leopard (10.6), Lion (10.7) or Mountain Lion (10.8), the following instructions should be sufficient to allow you to get up and running.

Download and install the NIGHTLY BUILD of GPGTools:  http://nightly.gpgtools.org/GPGTools_Installer-trunk.dmg

Once you have installed GPGTools,  what you want to do is to go into System Preferences --> Keyboard --> Services.

Scroll down until you find the following entries. Be sure to put a check mark in the boxes to activate each keyboard shortcut.

Keyboard shortcuts:
================

OpenPGP: Decrypt Selection:             Shift-Command-D

OpenPGP: Encrypt Selection:             Shift-Command-E

OpenPGP: Import Key from Selection:     Shift-Command-I

OpenPGP: Insert My Fingerprint:         Shift-Command-F

OpenPGP: Insert My Key:                 Shift-Command-K

OpenPGP: Sign Selection:                Shift-Command-R

OpenPGP: Verify Signature of Selection: Shift-Control-V

REMEMBER, THESE SHORTCUTS ONLY OPERATE ON HIGHLIGHTED OR SELECTED TEXT.

N.B.: To properly be able to import PGP into GPGChain (via TextEdit) you need to change the default on TextEdit from .rtf to plain text. You can do that through the Format menu, or you can go through the main configuration menu, accessible by using Command-comma. Ensure the plain text radio button is selected.

Also ensure that the following are UNCHECKED in TextEdit preferences: smart quotes, smart dashes, smart links.

To select text within TextEdit, use Command-A to highlight the entire document, or use your mouse to selection the section that you want to verify/sign/encrypt/decrypt. It is highly recommended that you use only plain-text, as opposed to Rich Text (.rtf) format. Use Command-comma to bring up Preferences and ensure that the plain text radio button is checked.

Once your text is highlighted in TextEdit, (by pressing Comand-A) you then encrypt using Shift-Command-E. You will then be presented with a list of keys to encrypt to, that you have added to your PGP keyring:

Other Commands You May Need:
============================

OpenPGP: Decrypt File:                   Control-Command-D

OpenPGP: Encrypt File:                   Control-Command-E

OpenPGP: Sign File:                      Control-Command-S

OpenPGP: Verify Signature of File:       Control-Command-V


Once you have setup these shortcuts, you can begin using GPG.

To encrypt a message to someone using GPG, you first need a copy of the recipient's PGP public key.

Once you have located someone's PGP public key, you should copy and paste it into TextEdit. Save the PGP key to a file; you can call the file, import.asc (or import.txt), for example. This saved file will usually be found in the Documents folder.

Launch GPG Keychain Access from the Applications folder. click on the Import icon in the upper left hand corner. GPG Keychain Access will then prompt you for the name of the file which contains the key to import. It will usually show you a list of files in the Documents folder. Click on the file named import.asc (or import.txt), and click ok. The PGP public key will then be imported into your PGP keyring.

To encrypt a message to a person, the message must be contained in a TextEdit document. Use Command-A to hightlight the entire document. Then use Shift-Command-E to encrypt. GPG will pop-up a list of public keys in your PGP keyring. Each key will have a little checkbox beside it which you can check, to select that particular key. If you were encrypting a message to me, you would put a check in the box beside my PGP key (Guru@SR).

When you click on OK, the plaintext (unencrypted) message in TextEdit will be replaced with the encrypted message. You can then copy and paste the encrypted message to enter it into a form on Silk Road, or anywhere else that it needs to go.

To decrypt a message sent to you by other people, you need to copy that message to the clipboard, and paste it into a TextEdit document. Again use Command-A to highlight all the encrypted message. Then use Shift-Command-D to decrypt the message. If the message is encrypted to your PGP public key, you will be prompted to enter your passphrase. Once the correct passphrase has been entered, and you click OK, then the message will be decrypted, and the decrypted text will be placed in the TextEdit document, replacing the encrypted message that was there previously.

Guru (original author)
Title: Re: pgp encryption
Post by: santbarna on December 20, 2012, 02:14 am
thanks for the help, i'm sure it will help others as well. on a mac it can be hard if you're new to it. you may have to open your pgp program, go to the menu bar and click on the services option, then add services. this will allow you to type in 'text edit' and then the text you want to encrypt, right click and you can then choose the encryption from the menu. if any one is really confused, there are a few youtube videos you may watch on the topic that are really brief and explain it.