There are probably other members better equipped to answer your questions, but here's what I can tell you. 1) It's not simple. I recommend reading the wikipedia page: http://en.wikipedia.org/wiki/Public-key_cryptography but basically pgp allows you to scramble (encrypt) data with a persons "public key" so that only they can unscramble (decrypt) it with their private key. 2) Typically sellers will publish their public key so that buyers can encrypt messages and their mailing address so that only the seller can decrypt and read it. 3) If you want encrypted messages sent to you, you need to generate a pgp key pair (public and private keys) and give your public key to anyone sending you messages. 4) Encryption is built in to tor so that all traffic from your tor browser to the Silk Road hidden service is encrypted. All data is stored encrypted at Silk Road, so there is never a point where the data is not encrypted except when it is displayed in your browser. However, using pgp gives you yet another layer of protection so that even if Silk Road was compromised somehow (e.g. we were coerced into decrypting the server), your message or address would still be encrypted and only decryptable by your specific vendor. 5) Don't know. Gnu Privacy Assistant (GPA) seems to be a popular encryption software for widows and linux and a good place to start.