Silk Road forums
Discussion => Security => Topic started by: tizzy on June 18, 2011, 07:28 pm
-
I am relatively new to this site. Yes I came after the gawker article. Please dont hate me for that fact alone. I need some help with encryption. If I wanted to send a private message on the Silk Road site or on these forums, in order to encrypt my message, what would I need to do? If I am sending a message would I need to use my key or the key of the person i am sending the message to??? Can i just paste the key into the top of the message and then write my actual message below the encryption key? How do I generate my own GPG key? When do I use the public key vs. the private key?? Any help is much appreciated.
-
g7pz322wcy6jnn4r.onion/opensource/II/index.html
-
http://p3lr4cdm3pv4plyj.onion/
I wrote this up too, cause that other is a little old, same concept though.
-
@tizzy: I'm in very similar boat, and just yesterday went to: http://www.gpg4win.org/ if you are using windows, and read all the stuff, downloaded it, and it included good explanations for everything and slowly but surely I'm figuring it out...
I know the more we protect ourselves, the better off we--and the site--is. I'm going to switch back to linux, soon enough, also...just a lot to do, right? :)
-
Ok, n00b here. I was able to get the GPG installed and I've generated a few keys. I am using fake email addresses for GPG. Im still a bit confused on how I can encrypt my messages. I know it will just take some time. Im using a mac too. Do the users need to know the email addresses that I used in order for them to see the message. I know that Ill get it, but im just a bit frustrated.. BTW, here is my Key.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJN/W2YAAoJEDlPiZCjKj7KHycQAMJtorzGIxeE8RG3v0LVWMtU
bOMrSGBe83IjPVkkUeFk0A04ijPQMWa+sGRRc16eALT2hBxXbt68+pZhyBYd0gRv
8mFG+g+uqdr0mUKfjYCXL6X31hy0qd7Op/1YDnVZkB+++noWVw9J8meaw9Shn4sH
/ceuzIV/N3ZXZQvVCCoQK2YoIpXHlbmbDOsmWtHgsRLiZWttQlxSTaQnjpQbDuiy
tkkCLtNGFssIfsJ6YMlMyIc421CEWTqdsDh2dAQwDmTHYKKmMceXHnJQauJRrMAH
4hUetFtxwPG8IvvSw4Dy+vA/frDdRarIPnpYBr7MKsL45QoKyaIKUMymuPR6noTd
ybz28RVRLOhwTrRLtdJ3yobiXNrdnEBoP7h3Zk6RGNeJF1nT9/RJry+6Bz4eHCav
el0scaPZqYoyDJj91RGYUV9/pujgIBVmMTNjHa3K/oXgpopn82uDHD4rqMx91LBj
yRZhCf5QvJk1rtvPrKrVfSu7fEHhefygo4s2E2yQvfpnRUo5wzJojPAZHruij3h6
ZtrNu+5K+vi797ZrWMkBGFg3tDJostRMMCpEi4cer6hV5kSSO0nx6Ac58QCta8a8
i5SUtDe0mgmHAR4uv+ET5HSRfu2vAq+FsrZ3Wn39wFAnmsXWcrKlYjl7xptRDc2/
9LdpucyaAUVEHIhNlwBN
=wsmt
-----END PGP SIGNATURE-----
So far so good? or would you need to know the email address that I used for this key?
Thanks
-
Going to make this suggestion again. Go to a torrent site.. say kat.ph and look for:
PGP & GPG - Email for the Practical Paranoid
Everyone who is one here making transaction is putting there well being at risk, and when this is your biggest protection the least you could do is read a quick book on it : )
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJN/Y72AAoJEOs5nLuOI///EAkH/il6tWNlt023lH7dOgejGbB6
oOqotvmBjotUVxLwsA59pU3jYgoXLxzCAA7gQU7dpIZvPKyR47FvSmmc8ky12q2c
dzt6DTHxpdyinG5wt61kOS+oxIptMB2/Hms/hCxe4qbGaiMOTCV2THPMJQWPuDs5
/J2VjmWyM9GvkiefjLM2KlLqaUukPYhuy1AosrMn6fTQcyw+sI+6WiGBt1qewK6e
18iadIbfVnQHvQAPIM3ivQrVcOd7pCjaDw+aY2zEetkCofoDwX38YnaxWpi4oO1D
bFdumpj6cDKkLYNGy62znIvVvnYajk7BD32Zn/x46RVoMrenuoDlxQJ9/gpjL0o=
=oLpp
-----END PGP SIGNATURE-----
Peace,
DigitalAlch
-
http://p3lr4cdm3pv4plyj.onion/
I wrote this up too, cause that other is a little old, same concept though.
Nice tut and easy to follow for a complete noob. thanks!
-
Any guides or tuts for Mac users, specifically for users using Version 10.5.8 or earlier?
Cheers.
-
@thisaintme - Glad the tutorial worked out for ya !
@bigshin, ill try and get other tutorials typed up for other OS's
good luck!
-
Also: I"m putting puppylinux on a small usb flash drive, downloading tor and gpg to it and keeping that separate and dedicated to SR, w/it's own encrypted dropbox etc.. Could swallow the sucker. Sound good?
-
I am also some what new to this whole GPG stuff. Was wondering if anyone can help someone who has gpg keychain access for a mac , i also got fire gpg in the process of trying to make it all work. If anyone has any tips or info on how to send and encrypted message i will dearly appreciate it as i am kind of lost on this :-\ Any help?
-
I've been using GnuPG for over 9 years and would be happy to take anyone's questions (either here or PM).
-
Hi vortex. Thanks for the offer to help! PM sent.
-
Thanks alot for all the help everyone, I believe I have an OK understanding of it now. Now if I could just have the balls to actually place an order....
-
Ok, n00b here. I was able to get the GPG installed and I've generated a few keys. I am using fake email addresses for GPG. Im still a bit confused on how I can encrypt my messages. I know it will just take some time. Im using a mac too. Do the users need to know the email addresses that I used in order for them to see the message. I know that Ill get it, but im just a bit frustrated.. BTW, here is my Key.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJN/W2YAAoJEDlPiZCjKj7KHycQAMJtorzGIxeE8RG3v0LVWMtU
bOMrSGBe83IjPVkkUeFk0A04ijPQMWa+sGRRc16eALT2hBxXbt68+pZhyBYd0gRv
8mFG+g+uqdr0mUKfjYCXL6X31hy0qd7Op/1YDnVZkB+++noWVw9J8meaw9Shn4sH
/ceuzIV/N3ZXZQvVCCoQK2YoIpXHlbmbDOsmWtHgsRLiZWttQlxSTaQnjpQbDuiy
tkkCLtNGFssIfsJ6YMlMyIc421CEWTqdsDh2dAQwDmTHYKKmMceXHnJQauJRrMAH
4hUetFtxwPG8IvvSw4Dy+vA/frDdRarIPnpYBr7MKsL45QoKyaIKUMymuPR6noTd
ybz28RVRLOhwTrRLtdJ3yobiXNrdnEBoP7h3Zk6RGNeJF1nT9/RJry+6Bz4eHCav
el0scaPZqYoyDJj91RGYUV9/pujgIBVmMTNjHa3K/oXgpopn82uDHD4rqMx91LBj
yRZhCf5QvJk1rtvPrKrVfSu7fEHhefygo4s2E2yQvfpnRUo5wzJojPAZHruij3h6
ZtrNu+5K+vi797ZrWMkBGFg3tDJostRMMCpEi4cer6hV5kSSO0nx6Ac58QCta8a8
i5SUtDe0mgmHAR4uv+ET5HSRfu2vAq+FsrZ3Wn39wFAnmsXWcrKlYjl7xptRDc2/
9LdpucyaAUVEHIhNlwBN
=wsmt
-----END PGP SIGNATURE-----
So far so good? or would you need to know the email address that I used for this key?
Thanks
FYI, that's not your public key. It's a message signed with your key. It says so right there. A public key will say it's a public key.
For example:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
mQINBE3vMbQBEADaXb3irjHuWSmM29d245lG2xbb2QUc01ZK3eo3z3hH/5mP+dhg
PUm/1YDRFCkLlSX115d9PZN95FmatwNU0In1fn06xOvlQC0ZVoYVno6/2spa3QYw
WX/JxyoiaaHKaOeZUceMQU6UT2HxgxPGytFRoqdO1dwLd4EPovROj0QSXSkGZaSY
59GKTusk+I+FHqJYzhS7Pt10NKWka32ydft9oS65UYwjKJr5VgnLT8dUklJtZAst
sbXg3c+Cnkl3jM/tvrhzo2PM5WKKdBvfWUlwmYY78zGmL+fHcCSbvrt5YvVthK3/
eyfhz04hNE1DCbDlHzp6lFowrN3fE2migMefZwDCVdN321k09YSj2Ldq82nTFf7t
Wo9r1BBIF2QMuPbvKyQxD17w8322R+ziS9BwI1wTtpVgiBXi1fl8byXC2glng88e
bh1hGLMQut5nzmf05TwPhqId5i62HoeBAq38IOsYvkFxW4WBS+MmhQy3rHaQDuNp
SolX0kNkvMj7nVHfqHj8FYhdrZKr4VLGvyMJdp3ewpQ0BpBDkIqcv/xtCiKYPPca
iWcopHMPqo3GgiwBWYxtosCyxDg1RAt+/8HhMyvLcGtxbVlK7ZfUCaw938RsFMWm
51q/LOsxyaPMmTSWDh4AlzU2KJf4we49mVs57RcTPFDI1ISS6cP2YTOsUwARAQAB
tAh0ZWNobG9yZIkCOAQTAQIAIgUCTe8xtAIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC
HgECF4AACgkQNDFxF/yl6fHwsQ//VouAEkUEeKGNQs8D0s04Vt8+5Hy0q5qmuJt1
rymnyib/l+5KksNG2FJi1AMLrZarmd8m2MoRpB8bEVBigEl5hJumW4eQgx+T/O7z
0AM7ThhaX0CGzqecW2NXhPU/RQLgXABNB/JhSNKJP5Rs/ZOJjy/5o/MOKIzgBZ7B
UjS5gugWE7Wvm6kVvewDLxi6FJeoCoPMhdLZcObq2x2ECE+T9zKdEFpmDR0G4/8s
P4t023pv0NlPpsOFTuaaodPgIYKacpl7Yp+73R1qMH9mDbw1JbPyJRX4vhmHmy2B
I9qsb/T4xOr0xnSHK9w3YUqZuDOSkhZluRQPuxGsVvaieHEmpLgyGyHuL0PJqUF4
IVFNtzfpgMYlCb7LyZFm+hY5kd6triWaCfNRl4df/eJOj3SqdzNhmfyjiljFuiWP
beZ9MXIrHZMVg2Y47LhFGDdAQqDbPTx+3yP1l2oNX2ik2zfYJL3ZJ60AdJUU8Hig
wBJnACcvTuRbuLitMb4vbNtGovUAhK5FrYehfodKd4P0sQC7WK5fThPztvZNKO8T
G75+XGkiJL/rMNcAzkd6qknlF8egKdngoFem84aLuYfOXN+ZOCrXmw8SvnYlrZrB
k0ub3QtA9oD/Zzl62drX9VjsJ12kei24//m5/mdnOwP0W1Nyor19VpU73SgTeM/G
0gK5JXO5Ag0ETe8xtAEQAMZ9oJeUWwof9B7N1029eCy8xb9pS7J7I4fCvHVsE7Tx
rKr0om53t2zeQMKAAZHrkkU5b2x0yzlXtbQxkr+bkEdvaeaO8B7ZuNNnSkR/Tbtf
qbyHhdyi247jnKMmKAilYBt1M0RfeohSCh06zaUHrNEdA4aZR7+QiFaceHc+IqKH
Bwe6tvgSRTHD/7HIUkYGcbLOYj0epCkJu8RcsSptTPaDX5OXX3GUwhCzpqQIKegZ
u2fuVJzWDcfBD8htlfwhNXUOMkGIuHxHVild/TZ4DzJbaM6mVsg5fr/yfOqkxke+
8+EVrTpE9puEIgM2UDdFSpXc8Q6cs2c4GpL4oyubO64KKdTbd6wXsSzaPNhcg3fs
cZ7Yvu3c2/H10PFCgFMTTr/0A+bTq6Zcqw/maV/m3lpDXIy8gkBOC9wDAZt3HBnf
Q6dT7ouibsUPgyXiAtWPxzarlF4CFJ1/qPN41rCe0oAOu71nXLw3Er2EgueCvAa2
ZZ+mU8MAJoumY9PaQFtchvLjtsK/aJoz301Fqz0QrwakrEvht8teXXimLkcdOeBf
tuKuSkAMsZEC6zppOQgkfMtec5tT2WNGYf3KkUmRVD2xmXXeY0U18wN07FVhWABf
2vsbRXMIRWITJ+Ze2TeCl0RDbsFstBxz6mj9NxtWEZHVCDy8T8/SxSX2mZzgz7O1
ABEBAAGJAh8EGAECAAkFAk3vMbQCGwwACgkQNDFxF/yl6fHliRAAv7UfyqHch3TR
Tpz9idChel2CWCP1lgCpJgMQzOnzusCFHaZC3PRRHZngsC3GMZ1ojmUNStKYtIz5
J+OXdjWfi+OuhmPON5oBpLJDXb2m6ylOnxSFKNctsHlJ4Dc/2lNHSDT+A4NbqCIC
U6DEaIgKRdbXArBLBiuII3JCPSw1bOjnp5BJ96UE8wrc+ILvZHWn1nqr1niiWdsx
7pa5+e/zsJS6urcQnH+C0zpA/ONrFwSUpv0ttsP819s934kerVYuPGBBNJvj16K+
aJAZPKip2JVwen0wDKRA8Ny8MEBA6L5IwL+6RofsvAS72do7jg6Osu68mHYVpDzY
oQwNwZ4GEHjKmke2mK4qVkQB3bwhuIVQWUMiuKs/IO2zzxpFpxtey4V6G47HJ+1G
nbooCOyhXqB7G0lWaDdnQ0qsKMpIwkDKZqek6kRdkkrfZI59JagoyFZOpc6E1x7i
ABNbq4XXpTP3wZ438//8qf3UIqrcgtpbO9vQFYi0caNyLxesk0bXow5uSJ1NjTv1
D0fTYjcHZlHuMhAX/f4GNKcqGjoHibeMXyYdr0ki4gNxlnF23EXOfoRuHm0LR2kz
EFPB4ck1H6yAcpmOVQPUUbTBf+zeZ3kYYSkTfOxkOj1lXn4X2ckF39ZH/sfwYeLd
k0fFGKu4WaR4cq/e/LOSD3lac42VBJU=
=SgQY
-----END PGP PUBLIC KEY BLOCK-----
-
This is how you use a signature:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I, techlord, have signed this message so that anyone in possession of my public key can confirm that it's actually I who wrote this message and that it has not been tampered with or edited in any way. You are reading this message in plaintext, so obviously it isn't encrypted, it's signed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJN/vpTAAoJEDQxcRf8penxFJwQAMQBilLcPcqmOkeZjMebYRIa
mHDqLh6pofirvSLO/aeYC4cdxUzcD1SKH2ru2fa+8gmkMsEwauX/mCp8MdP3ZJ9B
HwWOdK9n/ekA0RRkSlkCs81545BNfE2NtNR0LRl4DJ6ygZfp7MPM/K6ofuMpDwhd
nUKbXbd/tq/jXAf5mrH9XryTP7FIFpQhHqrzzjBwyMVlNGiIquWSBUKoC+DeA0lv
tJSm8LxgA36qAyWVo0QHUjlBe90c/ZRRoouTxekK37PAUpredMCY1h3RvIWVu4ws
jw20jI/NeDuUiuFZ3+zWtGrkTC4Pk6rERhtQeBXt5V6gACzROfRVva8xQPzcmup6
fd9z6ve3v+sGbfLUmCvcLfQFR1c6izwEg2vHmZLAHW8wZrc+coQ/jgAMClj6zE9w
HdUhqfqMMgf7Qb1483DKLMXdDn7JfDdEc0XojuDfnEtdGPtZxVZD8DVF1A/XWTGN
91yth6m9Uh0dvwYtQk/Tv902PJj9ef01Yq5wd8nMPdM8uuTQhlb0n558hxmsg1s5
PRdMMd9Au114A8YbrneeLV6jHD68SoIq7tKKH2NeAx2eHs6hmSoU/jzI0+qHxmhh
YEbZtoHR0L+BlIoSR/5q7NZGcwpQIQGBjNeta11BY3RGK3wPo0apjTwPK9PDacYS
KnzSykQVu6I6UUDn0k/d
=WtpD
-----END PGP SIGNATURE-----
-
I just built this to test your encryption method:
http://p3lr4cdm3pv4plyj.onion/test.php
Let me know what you think!
-
Can anyone give me any information on how to verify a clearsigned document using seahorse?
It seems that you verify files emailed to you by simply double clicking on the signed file, but I cant figure out these clearsigned documents.
I'm sure its something simple that I am overlooking.
-
Can anyone give me any information on how to verify a clearsigned document using seahorse?
It seems that you verify files emailed to you by simply double clicking on the signed file, but I cant figure out these clearsigned documents.
I'm sure its something simple that I am overlooking.
First of all, make sure you have the sender's public key in your key manager.
To verify:
1) Create new document with gedit
2) Paste the signed message into the document
3) Highlight the entire message (including header and footer)
4) Edit > Decrypt/Verify
-
How do I take a copied public key that I saved in a .RTF and get it to a ASCII format? Im using a mac. Just jumping hurdle after hurdle, one day Ill finish the race,lol...
-
> How do I take a copied public key that I saved in a .RTF and get it to a ASCII format?
I'd look for a word proccessing-type application that has a "Save As" function, which may be hiding under a "File" dropdown menu. Sorry I'm not a Mac person so I can't be more specific.