Silk Road forums
Discussion => Security => Topic started by: fredandginger on December 30, 2012, 09:16 pm
-
Hi, Im am a buyer on the road (same name)
i contacted a seller and he sent me a message back but it was pgp encrypted. have looked on the net but all i could find were paid-for software, There must be simpler way to do this?! if so PLEASE HELP!!
sorry, i didnt mention what i was looking to do. i need to be able to decrypt the message in order to read it!
thanks in advance for any help!
F&G
-
This tutorial has received good reviews and only takes 10 minutes to read
http://32yehzkk7jflf6r2.onion/gpg4usb/
If the seller sent you an encrypted message, then you have a PGP key already. You need to import that into GPG4USB.
-
If the seller sent you an encrypted message back when you don't know how to use PGP, then he made a mistake and there likely isn't any possible way for you to decrypt it.
It sounds like he used someone elses public key to encrypt his message to you. Did you deliberately send him a public key that you generated? If you didn't, then he fucked up and is wasting your time.
-
That's a good point. Most likely just a mistake.
-
If the seller sent you an encrypted message back when you don't know how to use PGP, then he made a mistake and there likely isn't any possible way for you to decrypt it.
It sounds like he used someone elses public key to encrypt his message to you. Did you deliberately send him a public key that you generated? If you didn't, then he fucked up and is wasting your time.
Unless the seller sent him his public key?
-
... Yeah, that's a good point too.
OP, the message you got -- does it say on the first line "---- BEGIN PGP PUBLIC KEY ----" or does it say "----- BEGIN PGP MESSAGE ----" ??? If it's the first, then the vendor sent you his public key so you can encrypt your messages to him in the future. If it's the second, then he fucked up and you should tell him you can't decrypt his mail.
-
it began with -----BEGIN PGP MESSAGE-----
its obviously a case of just wanting to be as untraceable as possible. but please guys, i need to read this message! can anyone tell me how decrypt it so i can read it!
PLEASE HELP!
-
The only way to decrypt it is with the private key that corresponds to the public key used to encrypt it. If you don't have a PGP key already, there's no way for you to decrypt it. Read about how PGP works. There's a really simple, one-paragraph explanation in the link I posted above:
You create a pair of keys that are mathematically related to each other, one is public and the other is private. Never share your private key with anyone. Give your public key to your friends. Collect public keys from your friends. Use their public keys to encrypt messages to them. They use your public key to encrypt messages to you. You use your private key to decrypt messages.
-
Thanks for all the quick responses people, great community of people here willing to lend a helping hand Karma to all of you! still trying to work through it but im making progress i think!
much love
-
right, so i have downloaded gpg4usb. now i still cant figure out how to decrypt the message
-
If you did not supply the vendor with a key to encrypt the message prior to sending it to you . YOU will not be able to read this message! I would send the vendor a note letting them know that you do not have PGP yet but are working on it. It sounds like he might of confused you for someone with PGP. was it just there key that they send you or an actual message?
-
right, so i have downloaded gpg4usb. now i still cant figure out how to decrypt the message
As Astor has correctly pointed out, you don't get to decrypt it, period. The only messages you can decrypt are those encrypted with a public key that you have generated, for which you have the private half. Let me put it this way... if this were NOT the case, then the encryption would be of no value whatsoever, as anyone could decrypt any message, as long as they had a copy of the software. That also goes for the police, naturally. If you were able to decrypt this message, then so could the police, or anyone else -- the software would be useless, providing no protection whatsoever.
The entire idea behind PGP/GPG, is to be able to encrypt messages that only the intended recipients can decrypt -- not you, not me, not the police. If you didn't provide the vendor with a PGP key that you generated, then the message is encrypted with a key that does not belong to you, therefore you cannot decrypt it. I suspect that the suggestion that the vendor made a mistake is correct, that you were sent a message encrypted to someone else's key.
NC
-
Great explanation Nightcrawler. Hopefully s/he's starting to get it. :)
-
A great tutorial. You state that quote GPG4Win is a popular one, but GPG4USB is better. endquaote.
Is that still true?
-
I think so, take a look at this exchange between me and BlarghRawr where he tries to verify a signed message with GPG4Win and GPG4USB and only the latter does it correctly.
http://dkn255hz262ypmii.onion/index.php?topic=95761.msg684475#msg684475