Silk Road forums
Discussion => Silk Road discussion => Topic started by: Dread Pirate Roberts on June 19, 2011, 09:03 pm
-
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Major announcements will, from now on, be signed using the Silk Road public key that has been on the Silk Road user page (http://ianxz6zefk72ulzz.onion/index.php/silkroad/user/1) since the beginning of the site. This will allow you to verify that the site wasn't taken over somehow, unless our private key is compromised of course. We'll occasionally make a signed post on this thread if there are no announcements for a while :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJN/mOrAAoJEAIiQjtnt/olqBcH/3GP+y8rpI5zscbyGkEHtzN4
9aLtW0ikX7crqZDVBr3kxYiKBS8H6oIbxgZhYbxIpI99YDDRyO5tnqbAizTKu0k1
F/WwVzaK7ZX8c32M5wISyKZTzp7HkXjgpE/xH8Pm9BGkbXse38TKPch8su1zL77h
nRPSmMgTQuQ2qNoSoMaxFFd0qoCmiIGuvPXEqsLwtHVrv0e+TMm18dndAf9DBiLo
G25gj3eC+eEX5dzOwKTgf9dZIhZhhsQykoWwtebl52hoCokLTgzIE0jS3DzSqUh5
0oDeggttGhCT9+NHuBa+AXM/k5KTnJxwKjq8tRxbOOjeu91JvGFNE65JVpxTTFk=
=i5ZZ
-----END PGP SIGNATURE-----
-
(You should really not sign it with your public key as that would defeat the purpose of signing as since your private key is not known to us.)
tl;dr: You sign with the private key, which we can read with your public key.
/PGP lesson
Great policy.
-
Awesome. I hope you never divulge your passcode to anyone under any circumstances, even threat of castration. :)
-
(You should really not sign it with your public key as that would defeat the purpose of signing as since your private key is not known to us.)
tl;dr: You sign with the private key, which we can read with your public key.
/PGP lesson
Great policy.
are you sure this is incorrect? I used the GNU Privacy Assistant wizard to do it.
-
(You should really not sign it with your public key as that would defeat the purpose of signing as since your private key is not known to us.)
tl;dr: You sign with the private key, which we can read with your public key.
/PGP lesson
Great policy.
are you sure this is incorrect? I used the GNU Privacy Assistant wizard to do it.
I can verify the message, you did it correctly, you just phrased it in a weird way. :)
-
(You should really not sign it with your public key as that would defeat the purpose of signing as since your private key is not known to us.)
tl;dr: You sign with the private key, which we can read with your public key.
/PGP lesson
Great policy.
are you sure this is incorrect? I used the GNU Privacy Assistant wizard to do it.
You signed the message properly. I have no idea what these other people are talking about.
-
I'm probably using the wrong tool, but if I import SR's key into Kleopatra, save the message at the top of the thread to a text file, then "decrypt/verify" it in Kleopatra it fails. I've tried using .asc and .txt file extensions.
-
(You should really not sign it with your public key as that would defeat the purpose of signing as since your private key is not known to us.)
tl;dr: You sign with the private key, which we can read with your public key.
/PGP lesson
Great policy.
are you sure this is incorrect? I used the GNU Privacy Assistant wizard to do it.
Yeah, no, you did it right, I was just being anal about the terminology. 8) :-X :-[ :-*
-
I'm probably using the wrong tool, but if I import SR's key into Kleopatra, save the message at the top of the thread to a text file, then "decrypt/verify" it in Kleopatra it fails. I've tried using .asc and .txt file extensions.
You know this probably isn't the best thread to ask for tech support, right?
Silk Road's public key is here: http://ianxz6zefk72ulzz.onion/index.php/silkroad/user/1
Import that public key to Kleopatra, then copy/paste the entire signed message (including the header and footer, -----BEGIN PGP SIGNATURE----- and -----END PGP SIGNATURE-----) to a text application like notepad.
You don't even have to save the file, just highlight the signed message and verify with Kleopatra.
-
I tried the same thing using seahorse and it failed for me too.
I'm new to PGP some I'm not exactly sure how to verify a clearsigned document.
-
I tried the same thing using seahorse and it failed for me too.
I'm new to PGP some I'm not exactly sure how to verify a clearsigned document.
This is not a tech support thread. :/
-
Just to clear up any confusion:
C:\Users\XXXXX\Desktop>gpg --import c:\sr.key.txt
gpg: key 67B7FA25: public key "Silk Road <staff@silkroadmarket.org>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
C:\Users\XXXXX\Desktop>gpg --verify c:\abc.txt
gpg: Signature made 06/19/11 22:01:31 using RSA key ID 67B7FA25
gpg: Good signature from "Silk Road <staff@silkroadmarket.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 07E2 9C07 DC63 7C8D 1891 2CA7 0222 423B 67B7 FA25
translation for those what can't read computer:
1. import the key from the profile (i saved it as sr.key.txt)
2. verify the message (copied and pasted into abc.txt)
-
Thank you! Command prompt method works. Kleopatra I'll deal with later.
-
One thing helped me, when Kleopatra kept coming up wrong, was to make sure that the text document I copied to, had wordwrap *off*. If not, I was having the same problems other newbies are, when transferring from email, say, to notepad: I'd save it as an .asc document, in 'all files' but had forgotten to turn wordwrap off. So if you're transferring it, go to format, and make sure wordrap is unchecked...Soon as I got that right, it worked fine. Sane linux users won't have problem.
-
You can decrypt/verify etc. in Kleopatra without putting things into notepad.
If you right click the icon in your taskbar, you can do various things to whatever you have in your clipboard (so in other words you need to copy the public key using CTRL+C but you don't have to paste that anywhere)