Silk Road forums

Discussion => Security => Topic started by: HRleyquinn on January 16, 2013, 06:02 am

Title: HOWTO: GnuPG from the command line
Post by: HRleyquinn on January 16, 2013, 06:02 am
GPA is screwed right now and doesn't work on Ubuntu even though there have been multiple open bug reports since last summer, so I had to use the command line like a fucking caveman. Here's how it's done:

1. Install GnuPG
apt-get install gnupg

2. Create your key pair.
gpg --gen-key

3. Answer the questions appropriately.

4. Export your public key, assuming you want other people to encrypt messages sent to you. In this command, replace My Name with the name you used in step 3. Leave the single-quotes intact.
gpg -a --output mypublickey.txt 'My Name'

# Your public key is now in the mypublickey.txt file. Open it, copy the contents, and paste it in your profile, post it here, whatever. It's not a secret.

5. Import the public key of the person you want to send a message to (a seller, probably). First, get their public key from their profile. Then copy it exactly into a file called seller_publickey.txt. Then:
gpg --import seller_publickey.txt

4. Verify that you didn't fuck up the key import, and that you've got the right key for the person you're sending a message to:
gpg --list-keys

#You should see your key, and all of the keys you've imported. So really, just two keys unless you have followed these instructions multiple times. Notice that each key has three lines of information.

5. To make a purchase, you need to encrypt your name and address. So open a text editor and put your name and address into a file called address.txt. In this command, replace selleruserid with the UID of the seller as listed in step 4. It's the first section of the middle line in the key list. It's probably the person's SR username.
gpg -ea -r selleruserid address.txt

#The encrypted message is in address.txt.asc.

6. Open address.txt.asc with a text editor.
vim address.txt.asc

7. Copy the contents into the address field in the shopping cart, then finish your order.

Obviously this only works for one seller at a time because you can only encrypt for one key at a time.

EDIT: Read comments below for refinements, including how to specify multiple recipients.
Title: Re: HOWTO: GnuPG from the command line
Post by: astor on January 16, 2013, 06:56 am
Obviously this only works for one seller at a time because you can only encrypt for one key at a time.

You can define multiple recipients.

gpg -e -r Recipient1 -r Recipient2 -r Recipient3

Also, for something as simple as your address, you don't need to create a text file (although you may want to for a long message).

In the command above, simply hit enter after the last recipient, and you'll see blinking cursor. Type out your address and hit ctrl+d when you're done.

Lastly, add the word "armor" to a separate line in gpg.conf so you don't have to type -a in every command.

It's not caveman-ish at all. A properly configured gpg.conf makes command line gpg easy.
Title: Re: HOWTO: GnuPG from the command line
Post by: astor on January 16, 2013, 06:58 am
BTW, you don't even have to define the recipients in the original command.

Just type

  gpg -e

It will ask for the recipients and you can add as many as you want until you enter a "blank" recipient, then it will give you the blinking cursor to type out the message.
Title: Re: HOWTO: GnuPG from the command line
Post by: Nightcrawler on January 16, 2013, 07:00 am
GPA is screwed right now and doesn't work on Ubuntu even though there have been multiple open bug reports since last summer, so I had to use the command line like a fucking caveman. Here's how it's done:

1. Install GnuPG
apt-get install gnupg

I'm not sure why it's necessary to install gnupg, as there isn't a Linux distro I'm aware of that doesn't include it already.

2. Create your key pair.
gpg --gen-key

3. Answer the questions appropriately.

4. Export your public key, assuming you want other people to encrypt messages sent to you. In this command, replace My Name with the name you used in step 3. Leave the single-quotes intact.
gpg -a --output mypublickey.txt 'My Name'

# Your public key is now in the mypublickey.txt file. Open it, copy the contents, and paste it in your profile, post it here, whatever. It's not a secret.

5. Import the public key of the person you want to send a message to (a seller, probably). First, get their public key from their profile. Then copy it exactly into a file called seller_publickey.txt. Then:
gpg --import seller_publickey.txt

4. Verify that you didn't fuck up the key import, and that you've got the right key for the person you're sending a message to:
gpg --list-keys

#You should see your key, and all of the keys you've imported. So really, just two keys unless you have followed these instructions multiple times. Notice that each key has three lines of information.

5. To make a purchase, you need to encrypt your name and address. So open a text editor and put your name and address into a file called address.txt. In this command, replace selleruserid with the UID of the seller as listed in step 4. It's the first section of the middle line in the key list. It's probably the person's SR username.
gpg -ea -r selleruserid address.txt

#The encrypted message is in address.txt.asc.

6. Open address.txt.asc with a text editor.
vim address.txt.asc

7. Copy the contents into the address field in the shopping cart, then finish your order.

Obviously this only works for one seller at a time because you can only encrypt for one key at a time.

Ye gods, why are you telling newbies to use Vim?  Vim is perhaps the most newbie-unfriendly editor (with the possible exception of Emacs) that you could have told them to use. They'd be far better off using Nano. (Don't get me wrong -- both Vi and Emacs are fabulous editors, but both are far from newbie friendly.)

SEcondly, you can encrypt to multiple recipients on the command line -- just use the following syntax:

gpg --ea -r recipient1 -r recipient2 -r recipient3 -r recipient4 address. txt

If you regularly deal with a dozen vendors, you could conceivably encrypt your address to all the vendors that you use.  Note however, that this risks revealing all the vendors who you deal with, unless you use the --throw-keyid  directive, which will not likely make you popular with vendors.

Nightcrawler <Nightcrawler@SR>
PGP-Key: 4096R/BBF7433B 2012-09-22
Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433B
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
Title: Re: HOWTO: GnuPG from the command line
Post by: Tessellated on January 16, 2013, 07:13 am
Great tutorial.

Pro tip, when creating a message to someone else include your own key as a recipient so that later you will be able to read what you wrote.
Title: Re: HOWTO: GnuPG from the command line
Post by: signal16 on January 16, 2013, 08:29 am
i always used gpg from command line, i think its easier.
also dont use sha1 its set by default use sha512
setpref command or edit gpg.conf
also you can edit the source code to allow for larger than 4096 bit keys
edit keygen.c to allow for longer key lengths.
u need to edit gpg.c to allocate more secure memory if you want larger than 8192 bit keys
dont forget big keys are useless without really big passwords
Title: Re: HOWTO: GnuPG from the command line
Post by: SorryMario on January 16, 2013, 08:32 am
I was never able to get GPA working on Ubuntu either. But there's another Gnupg front-end that you can use - KGPG. It should be right there in Ubuntu software ctr, or you can do the apt-get route.

Seriously, get yourself Kgpg. It's almost as good as GPG4USB on windows and you don't have to be a caveman working with the command line  ;D

I should let you know that a lot of people (me included) weren't able to get Kgpg to run after the initial installation. If that happens, here is the magical fix that makes it run perfectly:

Open the kgpg.desktop file with the command-line:
Code: [Select]
su gedit /usr/share/applications/kde4/kgpg.desktopThe 2nd or 3rd line in that file says: Exec=kgpg %U
Add "<space>-k" so it says: Exec=kgpg %U -k

Save and close the file. You might have to restart your computer at this point (the problem was that Kgpg would have a process running and not close properly). You've now got the best GUI front-end for Gnupg there is this side of GPG4USB!
Title: Re: HOWTO: GnuPG from the command line
Post by: happyroller1234 on January 16, 2013, 12:22 pm
Thank you so much for this!
Title: Re: HOWTO: GnuPG from the command line
Post by: Tessellated on January 16, 2013, 05:05 pm
Real nerds use the command line!

CLEARLINK: https://xkcd.com/196/