Silk Road forums

Discussion => Silk Road discussion => Topic started by: Dread Pirate Roberts on June 19, 2011, 09:03 pm

Title: PGP signed admin messages
Post by: Dread Pirate Roberts on June 19, 2011, 09:03 pm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Major announcements will, from now on, be signed using the Silk Road public key that has been on the Silk Road user page (http://ianxz6zefk72ulzz.onion/index.php/silkroad/user/1) since the beginning of the site.  This will allow you to verify that the site wasn't taken over somehow, unless our private key is compromised of course.  We'll occasionally make a signed post on this thread if there are no announcements for a while :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJN/mOrAAoJEAIiQjtnt/olqBcH/3GP+y8rpI5zscbyGkEHtzN4
9aLtW0ikX7crqZDVBr3kxYiKBS8H6oIbxgZhYbxIpI99YDDRyO5tnqbAizTKu0k1
F/WwVzaK7ZX8c32M5wISyKZTzp7HkXjgpE/xH8Pm9BGkbXse38TKPch8su1zL77h
nRPSmMgTQuQ2qNoSoMaxFFd0qoCmiIGuvPXEqsLwtHVrv0e+TMm18dndAf9DBiLo
G25gj3eC+eEX5dzOwKTgf9dZIhZhhsQykoWwtebl52hoCokLTgzIE0jS3DzSqUh5
0oDeggttGhCT9+NHuBa+AXM/k5KTnJxwKjq8tRxbOOjeu91JvGFNE65JVpxTTFk=
=i5ZZ
-----END PGP SIGNATURE-----
 
Title: Re: PGP signed admin messages
Post by: sandybridge on June 20, 2011, 11:07 am
(You should really not sign it with your public key as that would defeat the purpose of signing as since your private key is not known to us.)

tl;dr: You sign with the private key, which we can read with your public key.
/PGP lesson

Great policy.
Title: Re: PGP signed admin messages
Post by: techlord on June 20, 2011, 11:55 am
Awesome. I hope you never divulge your passcode to anyone under any circumstances, even threat of castration. :)
Title: Re: PGP signed admin messages
Post by: Dread Pirate Roberts on June 20, 2011, 05:32 pm
(You should really not sign it with your public key as that would defeat the purpose of signing as since your private key is not known to us.)

tl;dr: You sign with the private key, which we can read with your public key.
/PGP lesson

Great policy.

are you sure this is incorrect?  I used the GNU Privacy Assistant wizard to do it.
Title: Re: PGP signed admin messages
Post by: TikTok on June 20, 2011, 05:51 pm
(You should really not sign it with your public key as that would defeat the purpose of signing as since your private key is not known to us.)

tl;dr: You sign with the private key, which we can read with your public key.
/PGP lesson

Great policy.

are you sure this is incorrect?  I used the GNU Privacy Assistant wizard to do it.

I can verify the message, you did it correctly, you just phrased it in a weird way. :)
Title: Re: PGP signed admin messages
Post by: techlord on June 20, 2011, 06:28 pm
(You should really not sign it with your public key as that would defeat the purpose of signing as since your private key is not known to us.)

tl;dr: You sign with the private key, which we can read with your public key.
/PGP lesson

Great policy.

are you sure this is incorrect?  I used the GNU Privacy Assistant wizard to do it.
You signed the message properly. I have no idea what these other people are talking about.
Title: Re: PGP signed admin messages
Post by: Ambulate on June 20, 2011, 07:08 pm
I'm probably using the wrong tool, but if I import SR's key into Kleopatra, save the message at the top of the thread to a text file, then "decrypt/verify" it in Kleopatra it fails. I've tried using .asc and .txt file extensions.
Title: Re: PGP signed admin messages
Post by: sandybridge on June 20, 2011, 07:30 pm
(You should really not sign it with your public key as that would defeat the purpose of signing as since your private key is not known to us.)

tl;dr: You sign with the private key, which we can read with your public key.
/PGP lesson

Great policy.

are you sure this is incorrect?  I used the GNU Privacy Assistant wizard to do it.

Yeah, no, you did it right, I was just being anal about the terminology.  8)  :-X   :-[   :-*
Title: Re: PGP signed admin messages
Post by: techlord on June 20, 2011, 09:19 pm
I'm probably using the wrong tool, but if I import SR's key into Kleopatra, save the message at the top of the thread to a text file, then "decrypt/verify" it in Kleopatra it fails. I've tried using .asc and .txt file extensions.
You know this probably isn't the best thread to ask for tech support, right?

Silk Road's public key is here: http://ianxz6zefk72ulzz.onion/index.php/silkroad/user/1

Import that public key to Kleopatra, then copy/paste the entire signed message (including the header and footer, -----BEGIN PGP SIGNATURE----- and -----END PGP SIGNATURE-----) to a text application like notepad.

You don't even have to save the file, just highlight the signed message and verify with Kleopatra.
Title: Re: PGP signed admin messages
Post by: -Bish0p- on June 21, 2011, 11:55 pm
I tried the same thing using seahorse and it failed for me too.

I'm new to PGP some I'm not exactly sure how to verify a clearsigned document.
Title: Re: PGP signed admin messages
Post by: techlord on June 22, 2011, 12:27 am
I tried the same thing using seahorse and it failed for me too.

I'm new to PGP some I'm not exactly sure how to verify a clearsigned document.
This is not a tech support thread. :/
Title: Re: PGP signed admin messages
Post by: sandybridge on June 22, 2011, 11:53 pm
Just to clear up any confusion:

C:\Users\XXXXX\Desktop>gpg --import c:\sr.key.txt
gpg: key 67B7FA25: public key "Silk Road <staff@silkroadmarket.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

C:\Users\XXXXX\Desktop>gpg --verify c:\abc.txt
gpg: Signature made 06/19/11 22:01:31 using RSA key ID 67B7FA25
gpg: Good signature from "Silk Road <staff@silkroadmarket.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 07E2 9C07 DC63 7C8D 1891  2CA7 0222 423B 67B7 FA25

translation for those what can't read computer:
1. import the key from the profile (i saved it as sr.key.txt)
2. verify the message (copied and pasted into abc.txt)
Title: Re: PGP signed admin messages
Post by: Ambulate on June 23, 2011, 03:46 am
Thank you! Command prompt method works. Kleopatra I'll deal with later.
Title: Re: PGP signed admin messages
Post by: phubaiblues on June 23, 2011, 04:52 am
One thing helped me, when Kleopatra kept coming up wrong, was to make sure that the text document I copied to, had wordwrap *off*.  If not, I was having the same problems other newbies are, when transferring from email, say, to notepad: I'd save it as an .asc document, in 'all files' but had forgotten to turn wordwrap off.  So if you're transferring it, go to format, and make sure wordrap is unchecked...Soon as I got that right, it worked fine.  Sane linux users won't have problem.
Title: Re: PGP signed admin messages
Post by: quinone on September 18, 2011, 05:54 am
You can decrypt/verify etc. in Kleopatra without putting things into notepad.

If you right click the icon in your taskbar, you can do various things to whatever you have in your clipboard (so in other words you need to copy the public key using CTRL+C but you don't have to paste that anywhere)