Silk Road forums
Discussion => Security => Topic started by: jdtd123456789 on January 06, 2013, 01:52 am
-
Hey everyone, I have been trying to message a couple vendors for the past two days but havent gotten any response. I am still a little new to all this, so I was wondering if maybe there is something wrong with my PGP? :-[ I will post a message here and sign it with my PGP signiture. Can maybe some of you be so sweet as to let me know you can read it or not? I really appriciate any help....Thanks :-*
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (MingW32)
hQIMA+cj8TyXs09RARAAgESqPPa/ZunWZELR25ljhFVNKIu1ri04iiODdMLUT7OQ
ZpTcMSq5BUONCNxapy2xmgGdGysFPjbakApZnAyhp9QoxP/BkN2TNvMoeLFifJAa
BZkfm3r42iOAkCthYcpKBzkvJYahUoTNQQMLBB8jzm5pS9+g+LtQJ6/DdHj6Czqj
mbmEPjO6BtiP/vKZI1hEthxfp/3OZ7y3pIHbwpZxxJRSZOwsBCF1U9ev/s002+2b
BFFzUPEFV6UfDgxuZxQqfqocUpQJNiSc2Nic1ZnZMSuawphV09eZB+mKijfbC3zd
nHGv04iXT4tyIp4nxoetTYOdOBDtfLE0S1DcyncOPjBG/KNE5xIyIDXMltyuww6z
RTSIE/jxrmaamcSIsxP7fz+lSa88EThhuHIndoaZ3FtINELWlGmyU7qw9WKkylWE
y9rdE1tX3sFXNWuRlnZvOunuOfV0CAHiwWJt/b3S3k5ke3urFry1SkMlfBfSIwbl
O7ofSPxBbzBO2waFXjcXhlQ9ghhwntb18zxYE+yDbvmPDE61HQA4WsV6C7RLeS6z
738Njppi8+hrsfNMfQ2S9DJpphTcPbLxymm/XmfizPbt2IN4FkLVShAaLroNfHjk
otu1kVde6TSiJsK7ob2IZTs0WEyrUfClw/y/ZIgGE1SsdKk+06kwlPIJ81chFCHS
igH4iUMuMCMyKfAYyCod44qaKrrbYalP9Z2FbNWXnEiZG62uo0zqC9DE3S8XIlAC
2iom41nQtwp+zrcKWoiRT4rgcQpbrLvWopFWOAD5vBJ8gyCtmosoIJxim+JPAPfB
mQJfGBUiHlNG/hNQjEV0BVSGU+WdqLWMhQEq04vYhY/IF6/vB0REyRr8kQ==
=aPpt
- -----END PGP MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
iQIcBAEBAgAGBQJQ6NfGAAoJEN+tSKAu0BTl/ggP/iUqSFbWJ1giWsgywvZ7q71v
a463E66CziY28d19oGr7DXBk2ChJaA6JLMXesNJ4QCC48LCTNx1l/+UCEX56s8I0
je9b2f+vGZgnHmBqXWfgtJoMEy744BlRz6W6ZjYYGDsUOy+J9TFzWqaI/pEwruK7
tyyTDGNzROc8Z74KaOoji4jHQG2CpzkyvVcFMi+j5Hja41LescP5SCR98KEGlp2Q
sCCRVWUE30bXKsb/alw0WRiGbLsbsa5l+pepLSC0snvxhy+G2k1aL/t3x9eNLiAN
lFqn3BzQJvxJ06nVUfoQ/QjeKHEKfVhLISmyYvkIIy6mQsXgX2LdLBwH5fC84/XC
Ha8mhlqlElhmocIfAkmEtBuKqkJSlVhReFKELz5cuEKkMf2vaf3fVRfXczgrX9fc
3Yp7vqFTt4V+V+j6YPG2gbJJ/moU33OuyLgfVHdY+TqXMa85VW0zzLr0aCa3YHR3
/5np9XQo63Vpae7o6Ln69rwStu4lPDckkoOOOgdzkYOm9Ayz7Q8t4swDMtpfc3D9
0ina0pDok3x7LuZzeAbEoxBcitxmyQHXhfWPy2R+pFcHeh9+2qQshNrAOJhkkxUj
hN/tUSlWzpL2bYuN99OZV0ZSR67sqF7TfUSceaotyeTYSOFWU3ohxf3OxPJkJRIK
TWXmBDvsu3pg98Nc6my2
=tH0m
-----END PGP SIGNATURE-----
-
Of course we can't read it unless you encrypt it to our public keys.
Let me guess, you're encrypting it to your own public key. That only lets you decrypt it. Further, you don't need to sign an encrypted message. I've been seeing more and more people doing this and I wonder where they are getting that idea. Is it some shitty tutorial?
If you want to test your ability to encrypt a message, grab my public key from the link in my signature and encrypt a message to that. Then post your public key so I can encrypt a message to you and see if you can decrypt it.
Also, we have a whole thread for PGP help called PGP Club.
http://dkn255hz262ypmii.onion/index.php?topic=30938.0
You don't need to start a new thread for this.
-
oh my God, I feel like such an idiot....sorry everyone, please just ignore this post. I feel so stupid right now. Thank you, again, im sorry
-
I got the idea that i needed to sign all of my messages from a vendor who said " please sign your messages so it is easier to respond to them", sorry I dont remember who it was. Again, im so sorry, I just feel so......well...newbie right now.
-
I'm guessing the vendor meant sign your SR username, not sign with your PGP key. Like if you send him/her an email, you should type your SR username at the end of the message so he/she knows which SR buyer you are.
Don't feel bad about the mixup with PGP - the learning curve takes a little while to get past. Once you "get" how the key pairs work it will all suddenly make sense.
-
Another thing is, if you are going to combine signing and encryption, you should sign a plaintext message first, then encrypt it.
It avoids this problem:
- -----BEGIN PGP MESSAGE-----
- -----END PGP MESSAGE-----
See the dash and space at the beginning of those lines? The recipient has to manually remove them in order to decrypt the message, and that's a pain in the ass, especially for a vendor who deals with dozens of encrypted messages a day.
-
I got the idea that i needed to sign all of my messages from a vendor who said " please sign your messages so it is easier to respond to them", sorry I dont remember who it was. Again, im so sorry, I just feel so......well...newbie right now.
The major problem with signing messages, as you have done in this thread, is that a valid digital signature utterly destroys plausible deniability. Let me put it this way. Anyone can order anything, encrypt your address with the vendor's public key, order from a vendor and have something shipped to your house.
Once any incriminating information is signed with your private key, it can be verified by anyone with your public key. If a message verifies, it is proof positive that _you_ signed it, as only _you_ have a copy of your private key. Essentially, a signed message is a written confession admissible in a court of law.
NC
-
Anyone can order anything, encrypt your address with your public key, order from a vendor and have something shipped to your house.
No they can't, because if the adress is signed with my public key, the vendor (or LE) cannot read it - They would need my private key to decrypt it.
-
Anyone can order anything, encrypt your address with your public key, order from a vendor and have something shipped to your house.
No they can't, because if the adress is signed with my public key, the vendor (or LE) cannot read it - They would need my private key to decrypt it.
Good catch. Obviously, I meant encrypted with the vendor's public key
If an address is signed with your private key, in addition to being encrypted with the vendor's key, only the vendor can decrypt the message. He can use your public key to verify the signature on the address. The problem is, if the vendor should be busted, and the authorities come across the signed address, you have no plausible deniability, due to the PGP-signature.
NC