Silk Road forums
Discussion => Security => Topic started by: bedtime666 on September 09, 2013, 01:24 am
-
So I am using the GnuPG/GPA package from gpg4win.. I will soon be switching to a linux OS and I want to know PGP more intimately to be dependent of these "plug n play" options and to have a harder key to break..
So where/how are these vendors generating those BIG ASS pgp keys?
Thanks
-
GUI PGP apps should have an option when you create the key to increase the key size. If your app doesn't have that option, it's a piece of shit and you should stop using it.
GPG4USB lets you change the key size when you create it.
On Linux, using the command line gpg, it will ask you for the key size when you run gpg --gen-key.
-
Wow yeah, just tried to generate a new key and saw this wasn't an option.. At least by default, the key just generates. I definitely want to learn more about command line GPG.. Can you use GPG4USB on Linux in the command line? I definitely want to get more acquainted with what the actual process looks like, I understand an app like GPA is just entering the text into the command line for me, more or less..
Thank you for the repl(y[ies]) Astor, I truly appreciate your presence here. I swear you are a saint for not offering a donation addy in your sig LOL!!
-
Aha, I just found that in GPG4WIN there is a tab "Preferences", you must click "use advanced mode" and "show advanced options" to get the prompt for bit-count.. Thank you for prompting this simple trouble shoot Astor :D
I would really appreciate being able to pick someones brain in PM about these subjects, would especially be willing to donate BTC for this privilege of some free time..
-
GPG4USB lets you change the key size when you create it.
Is there a way to generate an 8192 key with this? A way to change the limit of 4096 in the program?
-
Wow yeah, just tried to generate a new key and saw this wasn't an option.. At least by default, the key just generates. I definitely want to learn more about command line GPG.. Can you use GPG4USB on Linux in the command line?
GPG4USB is a GUI app. The whole point is to not use the command line, otherwise you can use gpg directly. Most GUI apps are just graphical interfaces that send commands to gpg. Even on Windows, they come with gpg.exe, a Windows port of gpg that you can actually use from the command prompt. Type: gpg.exe --gen-key, and it works the same way.
That being said, GPG4USB runs on 32 bit Linux, but it's harder to get working on 64 bit Linux, because it isn't built for 64 bit so you have to install like 200 MB of multiarch libraries.
Thank you for the repl(y[ies]) Astor, I truly appreciate your presence here. I swear you are a saint for not offering a donation addy in your sig LOL!!
Well, one reason not to list an address is that I use Bitcoin the right way and create a new address for each transaction. ;)
Even if you don't care about privacy, you should do that to protect the privacy of the people you transact with. SR should create a new bitcoin address for you after each deposit, like MtGox and other services do. Although there are so many clueless people in this community that a lot of them would send coins to the old addresses.
Aha, I just found that in GPG4WIN there is a tab "Preferences", you must click "use advanced mode" and "show advanced options" to get the prompt for bit-count.. Thank you for prompting this simple trouble shoot Astor
Awesome. That should be on the SR wiki.
Is there a way to generate an 8192 key with this? A way to change the limit of 4096 in the program?
No, even gpg is limited to 4096 bits, unless you change the source code and compile your own version.
I have done it and created a 16384 bit key. See here: http://dkn255hz262ypmii.onion/index.php?topic=157004.msg1102015#msg1102015
Problem is that other people's PGP clients don't properly create a message when encrypting with the key. I don't know what pine was using, but her client failed silently. I couldn't decrypt the messages that she encrypted with my 16384 bit key, although I could decrypt messages that I encrypted, so I know my gpg was working.
So until everyone is using PGP clients that support larger key sizes, there's not much point to doing it yourself.
-
@Astor
Thanks and thanks for all the contributions to the forum. You and a few other people but up a lot of great info.
-
Wow yeah, just tried to generate a new key and saw this wasn't an option.. At least by default, the key just generates. I definitely want to learn more about command line GPG.. Can you use GPG4USB on Linux in the command line?
GPG4USB is a GUI app. The whole point is to not use the command line, otherwise you can use gpg directly. Most GUI apps are just graphical interfaces that send commands to gpg. Even on Windows, they come with gpg.exe, a Windows port of gpg that you can actually use from the command prompt. Type: gpg.exe --gen-key, and it works the same way.
That being said, GPG4USB runs on 32 bit Linux, but it's harder to get working on 64 bit Linux, because it isn't built for 64 bit so you have to install like 200 MB of multiarch libraries.
Aha, do you know where I could find any recommended reading on using PGP command line? I found a cheat sheet I'm going to print out, but I'd like some more in depth reading.. Also how would I use GPG on a Linux OS? I am going to switch over to Linux as soon as I have read enough on installing/operating it... I am going to try doing it in windows command prompt now... Thank you for the homework Astor :)
-
First, do yourself a favor and replace the gpg.conf that came with your app with this:
no-greeting
no-emit-version
no-comments
utf8-strings
armor
expert
trust-model always
no-mdc-warning
personal-cipher-preferences AES256 TWOFISH CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128 CAST5 3DES BLOWFISH
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1
personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
cert-digest-algo SHA512
If you have multiple keys, you can set a default with:
default-key <key ID>
Command line gpg is easy to use. There are a handful of basic commands, and gpg will ask you for any input that it needs if you haven't provided it. I can give you a run down of the basic commands right now. For the commands that require input, you can either specify a file or type/paste stuff directly in the command prompt window.
I will use the "gpg" command, but on Windows you'll have to use "gpg.exe".
To import a key:
gpg --import
If you just type that, you'll see a cursor in the command window and can paste the key in the window. After pasting it in, hit CTRL+D. Otherwise you can save the key in a file and specify that:
gpg --import buddy.key
To print out your public key, so you can give it to other people:
gpg --export KEYINFO
Where KEYINFO is either the name, email address or key ID. gpg will search your key ring and use the first match. If it's a long name, you only need to supply a part of it, enough that it uniquely matches that key.
The previous command will print it in the command window. You can put the output in a file with redirection:
gpg --export KEYINFO > pub.key
Ok, with the basic importing and exporting out of the way, we're ready to do encryption. The simplest command to encrypt is:
gpg -e
Yep, that's it. If you don't supply the recipients, it will ask you for them. Just type in some key info, like above, either part of the name, email address, or key ID. You can add as many recipients as you want, and hit enter (blank recipient) to stop adding recipients.
Then you'll get a cursor to type your message. and when you're done, hit CTRL+D, and it will spit the encrypted block into the command window.
Alternatively you can type your message in a text file and specify that.
gpg -e message.txt
And you can specify the recipients too, although I'm too lazy to do that and let it prompt me. :)
gpg -r astor -r bedtime666 -e message.txt
It will create a file called message.txt.asc which contains the encrypted message.
To decrypt a message:
gpg -d
And you can paste the message in the command window, then hit CTRL+D. Or specify the file:
gpg -d encrypted_message.txt
That's enough to get you started.
-
Oh yeah, one more thing:
gpg --list-keys
You'll use that a lot. Should be obvious what it does. :)
-
I fucking love you. I couldn't seem to get a response last night out of gpg.exe, before reading that though.. Gonna try and implement my new l33t hax skills tonight, thank you so much bro :)