Silk Road forums
Discussion => Security => Topic started by: shepj on June 20, 2011, 02:15 am
-
All of my notes are in red. They are present for a reason, read them.
Step 1) Download GNUPG
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/01-Download.jpg)
Step 2) Install GNUPG
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/02-InstallGPA.jpg)
Step 3) Open GPA
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/03-OpenGPA.jpg)
* GPA Main Menu
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/04-GPAMainOpened.jpg)
Step 4) Generating a Key
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/05-GenerateNewKey.jpg)
* Enter Name
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/06-GenerateaKey-EnterName.jpg)
* Enter Email Address
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/07-GenerateaKey-EnterEmail.jpg)
* Backing Up Your Key
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/08-GenerateaKey-BackupKey.jpg)
Step 5) Creating / Entering Your Passphrase
This step I will elaborate on. Your key needs to be extremely strong, having a 50-70 character password is not unheard of. The more characters (letters, numbers, and symbols) your passphrase contains, the harder it will be to crack. Also, when it is time to generate your key, the more you mess around on your computer (opening & closing files, listening to music, moving your mouse, etc.) the better the entropy.
Never store your key electronically. I recommend having two copies of your key WRITTEN. Storing your key is useless and will give LEO your passphrase (should your computer ever be compromised).
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/09-GenerateaKey-EnterPassphrase.jpg)
* Re-enter Passphrase
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/10-GenerateaKey-Re-enterPassphrase.jpg)
Step 6) Key Generation Complete
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/11-KeyCreated.jpg)
Step 7) Encrypting Messages
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/12-EncryptingMessages.jpg)
*Selecting a Key (the addressee)
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/13-Encryption.jpg)
*Encrypted Message
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/14-EncryptedMessage.jpg)
Step 8) Decrypting Messages
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/15-DecryptingaMessage.jpg)
*Message Decrypted
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/16-Decrypted.jpg)
The pictorial will be updated, as I need to elaborate on Key Exportation and utilizing Notepad. This is the beginning. Enjoy!
_____________________________________________________________________________________
Edit by nomad bloodbath
Other noteworthy threads include:
GPG HOWTO: Creating large keys and mixing algorithms (expert mode)
http://dkn255hz262ypmii.onion/index.php?topic=28474.0
GPG HOWTO: GPG Configuration - The gpg.conf file
http://dkn255hz262ypmii.onion/index.php?topic=34204.0
GPG HOWTO: Introduction to the GPG command line
http://dkn255hz262ypmii.onion/index.php?topic=35022.0
These points were made by Louis Cyphre, not me.
-
Thank you so much! this is very helpful!
-
Is the vulnerability of physical evidence the reason we have encryption in the first place? If the feds are on to you, they'll find your sticky note. What about sticking your super-long pw's in an encrypted container with an easier to remember, but still long, pw? Seems to be the best way to have all the security for sensitive online stuff while still being safe and accessible.
-
Thanks shepj.
I Nominate this for a sticky!
-
I've got a close to identical write up in onion form, for those worried about it.
http://p3lr4cdm3pv4plyj.onion/
If I need to add pictures I can, but I dont like clutter
-
This is a great tutorial, thank you very much for this.
-
To test that you've set it all up correctly, you can test your Encryption here:
http://p3lr4cdm3pv4plyj.onion/test.php
-
Ok, I followed all steps.. Now how do I find my public key for everyone to send to me?
-
I found a way from using Thunderbird with the Enigmail plugin to copy and sign my keys and then using Cryptophane to encrypt normal messages. I like the management with Enigmail and the ability to sign things like my address when ordering with Cryptophane. My problem with Cryptophane is that I haven't figured out how to add labels/emails to each key so it looks likes this:
http://xfq5l5p4g3eyrct7.onion/view.php?image=da1a6d42ede9ea4591c86a08fedb03f9.jpg
Which gets a little confusing...
-
Exporting a GPG Key:
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/17-ExportKey.jpg)
Export Public Key(s) To File:
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/18-ExportingPublicKey.jpg)
Public Key Exported:
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/19-PublicKeyExported.jpg)
Using Notepad:
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/20-UsingNotepad.jpg)
Public Key:
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/21-PublicKey.jpg)
Importing a Public Key:
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/22-ImportingaKey.jpg)
Import Key:
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/23-ImportKey.jpg)
Select Public Key:
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/24-SelectingPublicKey.jpg)
Public Key Imported:
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/25-PublicKeyImported.jpg)
-
Excellent! Great Finish!
-
Great thread guys. Hopefully new sellers will see this and use.
-
I have compiled this guide, and all the images and put them on my Tutorial Site:
http://p3lr4cdm3pv4plyj.onion/
This guide specifically is located here: http://p3lr4cdm3pv4plyj.onion/guides/shepj.html
All images linked in this tutorial have been moved to .onion so no clearnet links are used.
And yes, please use PGP encryption! thanks shepj for all the work and images.
-
Very helpful, thank you very much!
-
Cheers great info.Would be good to get stickied.
Anyway noob help: which components to install?
Kleopatra
GPA
GpgOL
GpgEX
Claws-mail
Gpg4win compedium
Which boxes do I tick? Cheers in advance
-
I'm torn between wanting be helpful, and wanting to kick the little kitties to the curb.
If you're here and you still don't have a clue about Tor and Bitcoin, maybe you should just ask for a hit off of Mommy and Daddy's joint.
-
This was incredibly useful. Much thanks to shepj and wicked420 for the work.
-
So when encrypting a message using the commandline client with something like:
gpg --encrypt --recipient 'blah@blah.com' message.txt
I end up with message.txt.gpg that doesn't seem very useful for sending over SR messages. How do I make the output something that I can paste into a message?
-
Great thanks for this, but when sending a PM to another SR user, do you copy and paste your PGB at the end of the message or theirs?
-
So when encrypting a message using the commandline client with something like:
gpg --encrypt --recipient 'blah@blah.com' message.txt
I end up with message.txt.gpg that doesn't seem very useful for sending over SR messages. How do I make the output something that I can paste into a message?
No need to save the encrypted material as a .txt file. When you have the encrypted text in GPA's clipboard, simply copy it, and paste it into an Email/PM.
Great thanks for this, but when sending a PM to another SR user, do you copy and paste your PGB at the end of the message or theirs?
I am not sure what you mean?
-
For Linux people like myself, GNU Privacy Assistant is the only program I've seen so far that has a clipboard function. Very useful for PMs!
-
is GPG preferred over PGP? is there a tutorial for PGP?
-
is GPG preferred over PGP? is there a tutorial for PGP?
This is a PGP tutorial ;-)
-
How can I import my private key to another computer? I just bought a new laptop, and after installing GPG the key manager wants me to generate a new key. When I try to import my personal key via a USB stick from my desktop it only imports the public key, and I can't decrypt with it. Is there a way to get my private key on the new computer without resorting to just generating a new key altogether?
-
I use Tails live OS to browse SR and keep by keys etc, the GUI is called Seahorse. The option for me is "Export complete key" which exports the private key, it took me a while to find this option. "Export" simply exports the public key.
-
thanks for posting this. im going to link this thread in my profile.
-
How can I import my private key to another computer?
GPA > Server > Retrieve Keys > Key ID > Password
Should do the trick.
-
Worked, thanks guys!!!
-
EDIT: I GOT IT!!!
hi guys,
a noob question.
for sending a pm to another sr user i only have to write down my text in the clipboard and encrypt it?
then i have to send this generated encrypted part in the pm (copy and paste) to the user?
that´s all or do i forgot something?
where do i have to put the public key to, below the message ?
before i created a key with a passphrase as described in the tutorial.
thanks for help!
EDIT: I GOT IT!!!
-
Does anyone have a mac that could help me with this?
-
Does anyone have a mac that could help me with this?
if someone could help me with this also...
pm please or quote
-
This was very straightforward and helpful, thanks! :)
-
wow thanks for this! People were cancelling my orders left and right, possibly because I wasn't using GPG or that I've only had one successful order in my history. Nonetheless I'm glad I took the time to follow this great tutorial.
-
thx for the great post! this has kept my laziness quota on target for today...
-
if someone could help? im trying to place an order and cant figure out the encryption. What do i do with the public key block the seller put on his listing. I figured out how to encrypt my message and can open it with the passphrase i created but how does the seller get my passphrase
-
shall be setting this up later, thx for the guide.
-
hi guys, I hope you can help , I have never used gpg , I followed all the steps , one by one, everything perfect
- going specifically, how do I decrypt the public key of another person ?
- how do I decrypt a message encrypted?
- how do I write an encrypted message?
I hope to find the right answers , sorry because surely are simple things, but I have never used gpg
thank you :D
-
please... no one can help me?
-
hi guys, I hope you can help , I have never used gpg , I followed all the steps , one by one, everything perfect
- going specifically, how do I decrypt the public key of another person ?
- how do I decrypt a message encrypted?
- how do I write an encrypted message?
I hope to find the right answers , sorry because surely are simple things, but I have never used gpg
thank you :D
you don't decrypt someone's public key, you encrypt messages to that person *using* their public key.
you write your plaintext message => encrypt with their public key => send them encrypted message => they decrypt with their private key
and vice versa.
so yes, include your own public key in the first step above so they can reverse the process using it.
=== the following is concerning linux/mac GPG usage ===
So when encrypting a message using the commandline client with something like:
gpg --encrypt --recipient 'blah@blah.com' message.txt
I end up with message.txt.gpg that doesn't seem very useful for sending over SR messages. How do I make the output something that I can paste into a message?
this produces a binary encrypted message. use the "--armor" flag to create an ASCII-encoded message instead.
what i do is write my message in a text editor, copy the whole thing to the clipboard, then run:
pbpaste | gpg --encrypt --armor --recipient blah | pbcopy
this will put the message back onto the clipboard in encrypted form.
here's a nice gpg guide: http://www.imeos.com/blog/pgp-on-mac-os-x-with-macgpg2/ (i'd recommend using your SR username as name and fake email for SR usage)
(P.S. what's with the concern over non-hidden links for publicly-available information?)
-
I have one little problem. I got PGP working fine, all is good except now I can no longer sent any emails from Outlook on that machine. It receives but will not send. Kind of a pain as I have to send all email from my laptop (which does not have PGP) or my iPhone.
Maybe I should just dump MS Outlook in favor of Gmail or similiar
-
sweet! got it all up and running, thanks for the guide!
-
Thanks so much for putting this up shepj. Made this process so much easier.
-
I have one little problem. I got PGP working fine, all is good except now I can no longer sent any emails from Outlook on that machine. It receives but will not send. Kind of a pain as I have to send all email from my laptop (which does not have PGP) or my iPhone.
Maybe I should just dump MS Outlook in favor of Gmail or similiar
That makes no sense. Outlook and PGP I don't think are even aware of each other's existence. Perhaps a crazy coincidence? Reinstall Outlook.
-
Does anyone have a mac that could help me with this?
For Mac Users:
Firstly, install GPGTools found here: http://www.gpgtools.org/installer/index.html
---Creating a Key---
Now the first thing you should do is create a key. Open GPG Keychain Access and click "New". Enter your username or a fake name and your tormail or a fake email. You can select whether or not you want to have the key expire too. Leave everything else default.
After you click "Generate Key", it will prompt you for a passphrase. The longer and more complex the better.
---Importing a Sellers Key---
Start by pasting the public key on their page to a TextEdit window. Be sure to include everything from the first dash to the last dash. Next select Format->Make Plain Text. Then save the doc to your desktop.
Open GPG Keychain Access and click "Import", then select the doc. The key should now appear in the list.
---Composing a Message---
Open System Preferences->Keyboard->Services. Scroll down to "Text" and check off all the OpenPGP options. Open a new TextEdit window and write your plaintext. Right click in the window and click "OpenPGP: Insert my key". Select your key and press "Choose private-key". Now your public key should appear in the box below your text. Always remember to insert your public key when sending a message to someone for the first time, as if you do not include it they will not be able to reply using your cipher. Select the text and right click again. This time select Services->OpenPGP: Encrypt. From the list that appears choose the recipient's key. You may have to repeat this step if it doesn't work the first time. The cyphertext should now appear in the window beginning with "-----BEGIN PGP MESSAGE-----" and ending with a similar footer. This can now be sent.
---Decrypting---
Paste your received message into TextEdit and select all. Use "OpenPGP: Decrypt" to decipher the message. A prompt will ask for your passphrase. You should be left with a plaintext message afterwards.
I think this info is all correct, but I'm new to GPG too so feel free to correct me.
-
thankyou xKurtz
your post made it possible for me to communicate with others. was finding it hard to understand how to export my public key but you made it simple and clear for mac users
cheers
Spanky
-
It's so easy when you know how.
Thanks xKurtz
-
---Importing a Sellers Key---
Start by pasting the public key on their page to a TextEdit window. Be sure to include everything from the first dash to the last dash. Next select Format->Make Plain Text. Then save the doc to your desktop.
Open GPG Keychain Access and click "Import", then select the doc. The key should now appear in the list.
Hey xKurtz. I followed all of your steps here but when I try to import the document in GPG my mac wont let me select the file. Usually this happens when the file type can't be opened in the program you're trying to open it in. Any thoughts on what might be happening here?
Cheers
-
Very informative. Thanks for the tut, and the others asking informative questions leading to great answers.
-
Thanks a lot, great tutorial! Even before I started using Tor I tried to learn about PGP and it never made any sense to me... until now!
Just one question: I understand the logic and mechanism of two people encrypting messages using each other's public keys so only the intended recipient (with the private key) can read them... but when and why would I sign a message? If I sign a message, the recipient needs my public key to decrypt it, right? So, is the practice to send every message but the first one both encrypted and signed?
-
...when and why would I sign a message?...
Signing allows the recipient to verify who it was that created/sent the message.
...If I sign a message, the recipient needs my public key to decrypt it, right?...
She needs your public key to verify the signature. She needs her own private key to decrypt the message.
...is the practice to send every message but the first one both encrypted and signed?...
Both signing and encryption are up to the individuals involved. I'd be wary of anyone -- buyer or seller -- who refused to encrypt or claimed it's too much bother. To me, signing is more of a personal preference than a requirement.
(You may want to add your public key to the "Post PGP keys here" thread [ dkn255hz262ypmii.onion/index.php?topic=174.msg824 ] as a convenience to your correspondents.)
-
Thanks a lot, CrunchyFrog! That cleared up all my doubts. And thanks for linking me to that other thread, too.
-
see here for step-by-step guide for OS X users: http://dkn255hz262ypmii.onion/index.php?topic=7753.0
-
perfect guide thanks so much
-
Great guide now I have GPG! Thanks a ton
-
Thanks a ton for the guide. It means alot to me that you would take your time to help other users be safe.
-
Sweet guide, thanks son.
-
pimp guide mane. I got PGP to work because of this guide! I also got it to run on both mac and windows. It kinda sucks on mac but it was fairly straight forward to set up on windows.
-
Is PGP different than GPG? If so what is the difference? Is there other ways to encrypt messeges besides PGP/GPG? What way is the strongest to encrypt messages?
-
Is PGP different than GPG? If so what is the difference? Is there other ways to encrypt messeges besides PGP/GPG? What way is the strongest to encrypt messages?
GPG is one set of software made to work with the PGP encryption protocol. It's the most widely used one, so most of the time, PGP and GPG can be considered interchangeable, even though that's not technically correct. As for other methods of encrypting mail, besides sending all your messages as attached text files inside an encrypted .zip (or similar) archive, I know of none.
-
Is PGP different than GPG? If so what is the difference? Is there other ways to encrypt messeges besides PGP/GPG? What way is the strongest to encrypt messages?
GPG is one set of software made to work with the PGP encryption protocol. It's the most widely used one, so most of the time, PGP and GPG can be considered interchangeable, even though that's not technically correct. As for other methods of encrypting mail, besides sending all your messages as attached text files inside an encrypted .zip (or similar) archive, I know of none.
Hey Horizons! You always have good answers to questions thanks for your help. So am I correct in thinking that in order to send encrypted E Mail I should use the Claws-Mail program?
-
Thanks a lot, Drunk N High! It's good to feel useful! :D
Claws Mail is a nice little e-mail client that integrates PGP functionality, so it's pretty convenient for sending and receiving encrypted messages. But you're not correct in thinking that you *should* use it. There are other solutions. For example, using Thunderbird with the Enigmail plugin, which gives it the same PGP functionality. Personally, I just use GPA's clipboard to encrypt my messages, then copy and send them through tormail.net's webmail client (and the reverse for receiving, i.e. copy them from the webmail client into GPA's clipboard and decrypt).
But I confess I haven't looked into the security aspect of this too deeply. It might be that Claws Mail is more secure than what I'm doing, or that Enigmail has some glaring security flaw I'm not aware of... hopefully someone more knowledgeable than me will clear your doubts better.
Anyway, good luck! If you find out more about this, I"d love to hear from you myself. :)
-
Thanks, this info is very helpful...
-
thanks for the GPG pictoral! because if it were in simple plain text, i wouldn't know what the fuck to do lol. very helpful indeed.
-
Is PGP different than GPG? If so what is the difference? Is there other ways to encrypt messeges besides PGP/GPG? What way is the strongest to encrypt messages?
http://dkn255hz262ypmii.onion/index.php?topic=7114.msg63363#msg63363
-
The file: gpa.exe shown in step 3 of shepj's original posting (folder - GnuPG) is somehow missing from my installation.
Is there anything I could have done to have caused gpa.exe not to install? The remainder of folder GnuPG appears to exist.
I'm running Gpg4win and Firefox Browser under Win7 Operating System.
-
The file: gpa.exe shown in step 3 of shepj's original posting (folder - GnuPG) is somehow missing from my installation.
Is there anything I could have done to have caused gpa.exe not to install? The remainder of folder GnuPG appears to exist.
I'm running Gpg4win and Firefox Browser under Win7 Operating System.
- perhaps anti-virus assuming its "spyware" and moved the .exe to the infected area, will have to check in the anti-virus config where that path is specifically.
-
TravellingWithoutMoving,
Thanks for the thought. I checked the quarantine and potential threat logs. Neither yielded any files from Gpg4win.
Another thought. Do I need to download and instal my Gpg4win 2.1.0 from inside Tor's FirefoxPortable? I also run a second full Mozilla Firefox (with Anonymizer) for faster general surfing. I don't know if it matters, but from therein is where I installed my GnuPG.
-
TravellingWithoutMoving,
Thanks for the thought. I checked the quarantine and potential threat logs. Neither yielded any files from Gpg4win.
Another thought. Do I need to download and instal my Gpg4win 2.1.0 from inside Tor's FirefoxPortable? I also run a second full Mozilla Firefox (with Anonymizer) for faster general surfing. I don't know if it matters, but from therein is where I installed my GnuPG.
Here are some notes :-
http://www.gnupg.org/gpa.html
http://www.gpg4win.org/package-integrity.html
SHA1 checksums
MD5 checksums
MD5 checksums
File lengths
If you have a mismatch on the checksum or a bad signature you should first verify that you really downloaded the complete file. Here are the lengths you should get:
39332992 bytes for gpg4win-2.1.0.exe
15465168 bytes for gpg4win-light-2.1.0.exe
271428912 bytes for gpg4win-src-2.1.0.exe
6002513 bytes for gpg4win-2.1.0.tar.bz2
http://www.gnupg.org/download/integrity_check.html
gpg --verify gnupg-1.4.11.tar.bz2.sig
- according to the instructions verifying the download requires gpg which seems to me to be a catch22. how do you verify the gpg4win download if its not installed?!
If you had another Linux box then the gpg --verify command above substituting the correct .sig file for the downloaded one could verify the download.
- the solution may be to download gpg4win-light-2.1.0.exe which may provide the basic gpg functionality ?! -then download the full version and verify both the .exe's.
- having said that i personally would rather download the gpg4win-light-2.1.0.exe with your Aurora / Tor firefox bundle.
- i have previously downloaded files and found the signatures to differ which were thru the Tor browser; i would retry the download multiple times till the signature
matches.
i'll post more info once i get my hands on it...
ok?
;)
-
Thanks for the great tutorial. Figures though, been searching Google for days trying to figure this shit out and this works on the first try.
-
The file: gpa.exe shown in step 3 of shepj's original posting (folder - GnuPG) is somehow missing from my installation.
Is there anything I could have done to have caused gpa.exe not to install? The remainder of folder GnuPG appears to exist.
I'm running Gpg4win and Firefox Browser under Win7 Operating System.
- i dont have an further explanation for gpa disappearing, reinstall is the next to do..i don't use win7 but would expect these gpg apps need to be installed under
admin rights or 'Runas' (administrator); some just give themselves windows admin rights and leave it like that, this is of course not an ideal situation as you
would have elevated rights under your login as admin and anything you execute {w2k, XP..} runs with full rights.
http://www.gnupg.org/gpa.html
-
The file: gpa.exe shown in step 3 of shepj's original posting (folder - GnuPG) is somehow missing from my installation.
Is there anything I could have done to have caused gpa.exe not to install? The remainder of folder GnuPG appears to exist.
I'm running Gpg4win and Firefox Browser under Win7 Operating System.
- i dont have an further explanation for gpa disappearing, reinstall is the next to do..i don't use win7 but would expect these gpg apps need to be installed under
admin rights or 'Runas' (administrator); some just give themselves windows admin rights and leave it like that, this is of course not an ideal situation as you
would have elevated rights under your login as admin and anything you execute {w2k, XP..} runs with full rights.
http://www.gnupg.org/gpa.html
I'm using Win 7 x64 here and it installs fine without elevated privileges. Likely GPA got deselected while installing .
-
The file: gpa.exe shown in step 3 of shepj's original posting (folder - GnuPG) is somehow missing from my installation.
Is there anything I could have done to have caused gpa.exe not to install? The remainder of folder GnuPG appears to exist.
I'm running Gpg4win and Firefox Browser under Win7 Operating System.
- i dont have an further explanation for gpa disappearing, reinstall is the next to do..i don't use win7 but would expect these gpg apps need to be installed under
admin rights or 'Runas' (administrator); some just give themselves windows admin rights and leave it like that, this is of course not an ideal situation as you
would have elevated rights under your login as admin and anything you execute {w2k, XP..} runs with full rights.
http://www.gnupg.org/gpa.html
I'm using Win 7 x64 here and it installs fine without elevated privileges. Likely GPA got deselected while installing .
I'm using w7 x64 aswell, no problems so far. Been looking around how to properly do this stuff for like 2 days... didn't think to look here first... Should've known.
Thanks a lot for the tut.
-undue
Edit: Does running programs and doing other tasks strongly affect the strength of the key?
-
Apparently running lots of shit is supposed to help make the key better with entropy or something. Not sure quite how it works but maybe someone with some computer science background can explain.
-
Nice guide, should help the new members with encryption.
-
When you talked about storing you public key....I have mine in GPA on my desktop and then the actual code thats on the note pad on a usb disk...Is this what you meant ? is this safe>? any better suggestions?
Did you mean putting GPA (the entire programn, key ring etc...) on a portable disk from the start????
-
When you talked about storing you public key....I have mine in GPA on my desktop and then the actual code thats on the note pad on a usb disk...Is this what you meant ? is this safe>? any better suggestions?
Did you mean putting GPA (the entire programn, key ring etc...) on a portable disk from the start????
http://www.gnupg.org/related_software/gpa/screenshots.en.html
- the gpa (gpg, pgp...etc etc) like most apps is most likely going to use its default file location to store the imported keys -this would need investigating if you wanted to
relocate them and then there's no guarantee the gpa app is going to work correctly if the configs etc are elsewhere, because sometimes the developers haven't
expected users to do this and they haven't accounted for this change when they coded it.
- whats in the edit or Keys menu options with regards to "file location" etc ?
;)
-
i need a bit of help, not sure what im doing wrong.
On MAC
when i generate my keys its only generating a private key, i cant see my public key.. is there something extra you need to do in order to generate your public key??
also, a full walkthrough from start to finish using tormail for example might be helpfull.. sorry noob questions.. i think im getting it though.
Thanks
-
i need a bit of help, not sure what im doing wrong.
On MAC
when i generate my keys its only generating a private key, i cant see my public key.. is there something extra you need to do in order to generate your public key??
also, a full walkthrough from start to finish using tormail for example might be helpfull.. sorry noob questions.. i think im getting it though.
Thanks
- i don't have any of this running on a Mac, but if your key is listed in the keyring just created, {windows r/click..} option click ....should get an option to export, this normal
export should export off to public key...obviously don't elect to export the private key too and NEVER GIVE THE PRIVATE KEY TO ANYONE.; open the public key
as if it were a text file, the first line should state something like '-----BEGIN PGP PUBLIC KEY BLOCK-----; = public key...
if you export the full public +private this is what the 1st line reads when viewed as text in a text editor '-----BEGIN PGP PRIVATE KEY BLOCK-----'
so thats how you know the difference.
- summary of sending gpg / pgp signed messages in tormail are;
- type up text in an editor save as xxx.txt
- use gpg utlility to sign the text with your "key" {...your private portion of key} plus their public key {by specifying them as the recipient..} ....
- open the signed version of the message usual xxx.txt.asc file format (?!), cut & paste the text to clipboard..
- logon in tormail, in the body of the email paste the encrypted message from clipboard...add your exported public key as an attachment....and send
http://dkn255hz262ypmii.onion/index.php?topic=7753.0
-
ok thank you, im getting the hang of it now i think, one more question.
when ecryping the message, should you encrypt ONLY your plain text message and THEN add your public key to the bottom?
OR
write your plain text, then wright YOUR key, THEN encrypt the whole message?
OR
attach your key to your email in an attached file and leave it out of the message body..
havnt got a reply from a vendor back yet.. think i may have did it wrong..
-
- some people like to add their gpg / pgp public key cut & paste as text at the bottom of the text "email", then encrypt the whole thing ...yes
- the other is adding the .asc public key as an attachment, this helps with being able to be saved directly as a file for later use;.
- its down to how people work whether they favour one or the other, of course you can do both above methods, encrypt all and add as attachment.
-
-----BEGIN PGP MESSAGE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
hQEMAyPOuj2JzM6YAQf/VoNZZQBP/kaj/jO8arCrUzVvg1zE+FdxZ9vRtza6njAD
/GYr2puKkaG/DRao965gB3hRhg7iGRtlsw7XaOGb7+rLjk0LNcrdCs9K6rqcAYNg
jvI8mglBJP3EyyA+l9fQ6Mypd4/4njOcx0p5Y12zr23QdHgRXgrJqE233s48nkuA
7622mSrl2Fq5jo2u/Osqu3u4pvI3MIhqMbmr3HhwQiIelvN1GqMHtP4XxPyA1+M3
nEf7Xc03zye3oYLC/4x28gf5Zl9E42QjoXGBOLCKYPcdfeOV9wYjoS0EJKDBktMR
RMtv0SmtPMxP1mS/XoVWcfIo8h3Pcb0QiZuEecYuZNLpARbatSFtlztBnKw6id/W
HT52p7/bngtZS5Xfoc1KROTNigajt2UXHzVM4qbHSD+phZtjfPVVg43AfWyTQTgO
5dJfq1St68iEqqPfwPQUqdi+xT0bHwXSbzAxbZB1lNgB48qPOwyM59mFfBMAp0HZ
sCzBFwnraDBBdc+fmxBTVyDurleIt+1UFR2aljUj/CerwfItxz0m5KTThBu/+QUi
k8z9wyDKekXyozFLGklN97zHt8py9t+OI8K9EcQ+FH8XCETi3Bvl3Ed8eW5LJK8P
O4kk1/4LjgHq2nIEoIjzb2Z/ZkQalGsRuhMoS03qBwDZxwThmN+9n/+bMadtdeqw
IkT95yuU11pmejl1TikVASyNtfRYsQiu0SSgP6fuRhlmpEOuFCq6Z+2S9nxcWaOD
onIHPoXKohm8h1doFscsLFO54oW58G0/isIcC6wqJmVEDQ7vTrdGfiUduKCk3j3E
k1qaevJG7rNMPpYoDi4S+0pL5IsrQ5Owoyjgw+l+DDrehez05IuoYvIaz3zm0uJx
YX77Gut+9S+Gvln/ewHGrYRpYMP3XuH830p75SWndrRsuN/q3rFBcXVOm8dhSGzk
XQbhVe62zvYqT1+WX3TJwt5ojRbnC43UMpImYdNdaYHM41+H7/D0qVDKvo+1L+ty
+F4CgCWesIaFpMtFzTScbAzADIZqaKOL1sPynNGngyTVf8BAr++k9O2IlRRjeuHX
lcfDB5uhNfQdLpNvsDa2myhrM4x7uqm5359RF2IBO7OAI8938FEAbZyc1q1AJAaX
/zQLBD3VueM5A2FnPWRHlNMHniy4nM768CuyzfVHlN8/ViIteJAfkqdedU2CBRd+
SqHN1jnhsrQIrPFDwOwiKzAnevs0DbNik48a95JeGqYDNmKnXv5ufxSu0+CAtS1n
IeKn4WNaThitEGNZ1iCKnxDG6QcrpgjwJOAFVgGpjw==
=+Uag
-----END PGP MESSAGE-----
-
Hey guys,
I hate to bother you with more noob questions, but I've been struggling with GPG for hours and I finally had to cave and make a post.
I got through everything fine, and I understand how it works and everything, but for some reason I can't import other people's public keys. On my mac, it won't let me select the plaintext file that contains the key -- it's grayed out for some reason when I try to select it.
If anyone has any help, suggestions, advice, etc, it'd be MUCH appreciated. This shit is getting extremely frustrating and I'm pretty much at a loss for what to do next.
THANKS!
f0ndu
-
Hey guys,
I hate to bother you with more noob questions, but I've been struggling with GPG for hours and I finally had to cave and make a post.
I got through everything fine, and I understand how it works and everything, but for some reason I can't import other people's public keys. On my mac, it won't let me select the plaintext file that contains the key -- it's grayed out for some reason when I try to select it.
If anyone has any help, suggestions, advice, etc, it'd be MUCH appreciated. This shit is getting extremely frustrating and I'm pretty much at a loss for what to do next.
THANKS!
f0ndu
- that would suggest to me OSX doesn't like the file format or the extension, how are you naming the key files?!
-
Do I have to do this?
waht if I already sent a message to somebody using silk road?
-
Do I have to do this?
waht if I already sent a message to somebody using silk road?
- ...do what ?
- a sent msg has already been sent its too late to do any gpg / pgp encryption on it.
-
Very nice and useful guide. It proved to be very useful for me.
Maybe http://p3lr4cdm3pv4plyj.onion/guides/shepj.html this version should be used as SRwiki article ? its nice and user-friendly guide. consider it ;p
-
found this tutorial really helpful, thanks for putting the time and effort into it.
cheers.
-
Do I have to do this?
waht if I already sent a message to somebody using silk road?
- ...do what ?
- a sent msg has already been sent its too late to do any gpg / pgp encryption on it.
haha, I didn't mean encrypt it in hinesight...I meant did I fuck up big time by sending an un-encrypted message or is it just frowned upon
-
Do I have to do this?
waht if I already sent a message to somebody using silk road?
- ...do what ?
- a sent msg has already been sent its too late to do any gpg / pgp encryption on it.
haha, I didn't mean encrypt it in hinesight...I meant did I fuck up big time by sending an un-encrypted message or is it just frowned upon
...its ok some of the time, but if you are going to ask specifics you might not get a detailed response cos in theory anyone could read these messages, see what sort of
reply you get and now you realise the possible reasons, just remember to encrypt where possible....however messages sent from within SR or this forum may be
considered "safe" by some...
-
could someone tel me if its a copy paste thing after messaging :o such as..-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.17 (MingW32)
mQENBE8vQvcBCADZLZ4UNcNJh+UJt6CAMxHAf4j5pW4FfX9epeoqNsUf2wP2U7hI
3HE/P1i1SW/BQYO3jJkLi78exE17uhotg5vs9qpSOVzp60tKemb3FQNNfqxUBqXx
/IooMkCYP7n5SprFhRByeONWH6Kw5Yrn6CIdgHx60EsQ1IETqEl4A57Wo4FcuQp3
tQSQaJzvtC1zfO4AXzS0o6vpUqaxqURsSMu2w52oj4WovCMxtXsTNc7j8Id9CJAv
d9t+kLLgP70BOaLHUgyJsWamVvMWbxohAtynjcUbL4GabLPPLGhsCwRlnDRNDQQz
jixii0u0efKFi01pT+BC1RLTadtb4Y6lBv21ABEBAAG0HmNhcm5vbSA8VC5iYWls
ZXkyNTZAeWFob28uY29tPokBOAQTAQIAIgUCTy9C9wIbAwYLCQgHAwIGFQgCCQoL
BBYCAwECHgECF4AACgkQ4l6e5UbFkJVI6AgAyV3CpM2ZMNuMjFMlr1dcm5mio8tI
+cHW7Jfhbvp0TgwUo9QX7+T2O5o9em3t2sCTzaVtP8ilM4vDjwoSDVGlwPehxPA1
faopQUK2QyNfj35FDNl8laqXXQrt07opzfwXc4LMsfo2a6gjKMh1Sadd8xKS3cn5
7/BMR9qcx0nIjGIgYlKwCo5zKOR/1axFa22zNiPClHpDsMT81AwH6GBLzu2kRIln
wSLHegoVd650LeY/gQMgNWaxlS+9KHZLs1ees0vf3BDD85eogyPc+xgcHZ7JYcWE
lkjWD9AIfaPX5ohJfdXQFWlVZm2WPom+c009VAX7KTGG28rDNLtqmYWWubkBDQRP
L0L3AQgA6/n4q7XybvAa8mvEkFhLlsKCvxZCdL2MZmNQrTpnOG9KUGhMAJc1+a3U
1MhZFpqkrHcYnSMAV0c6jerWuadlF8f88ITLmLyPGZ6j1SlPtaKKh3ZdZtaj1Yw1
1Bq/9lpJrfX2Tm6eFbRqfUgNNDDZDA4dplqYRnvzgUGh9qM7MQwQf2XvxPTxq+cN
Twhe95jNtAqqdbuY3zHcgFXCqE3sysVFqumdk6b3TklkRlELufgOqhBg/tow9nna
r2s8DBJFOSIVXmZwBdx9L0gSLqmaWErHzxYbtn6FFPXTe33gAkmLCGfHwGOk4Umq
2ceDz2cmpqudBrljOIPTEZWUj29lhwARAQABiQEfBBgBAgAJBQJPL0L3AhsMAAoJ
EOJenuVGxZCVDHMH/0EcgENuUIHwQUzKM7FgrQXhIZnSO1+knCUbQGTxZO79j03O
iqgLcDAwN+Pvn3jdDWUjCzfPAa94xT3YTkvgwNSkqXm3wno1z8OiANHZ9fvb4JQ8
rZO//To6k4NKIE+Xo5Sekoar7mfC8937np371st1aP/Mp7YSDcjSz4rU2mPBL4jx
kR6ZAMrARtclOdgiMDivQz82PBpXO6k3WGkZzqTgFVhDg3sbzYDUuz2B+R60fHKM
xqjKn9ca4NyJsrR4awOXrhs0juim1Y3Wk7poECEMWn3vvBSdgvAVzdA2kMBse9/Z
aH5qTBMdhrATl+BBFgqA3h/QLYvIAmtyVyoPqJ0=
=gx5M
-----END PGP PUBLIC KEY BLOCK-----
-
carnom :
- it imports fine
- i wouldnt use yahoo for this sensitive sort of mail, you might be encrypting everything ..but i would rather use an anonymous mail service..
- rather delete your original post, use another account that doesn't contain your name..{work on another email and pub key for gpg is my advice...}
-
download and install microsoft's md5 / sha verify tool:
http://download.microsoft.com/download/c/f/4/cf454ae0-a4bb-4123-8333-a1b6737712f7/windows-kb841290-x86-enu.exe
download gpg4win from :-
http://www.gpg4win.org/download.html
SHA1 checksum (for gpg4win-2.1.0.exe):
f619313cb42241d6837d20d24a814b81a1fe7f6d gpg4win-2.1.0.exe
To display the SHA-1 hash of a file, use the folling command:
fciv.exe -sha1 path.to/filename
OR md5
fciv.exe -md5 path.to/filename
for eg. fciv.exe -sha1 path.to/gpg4win-2.1.0.exe
- the output should equal f619313cb42241d6837d20d24a814b81a1fe7f6d
if the SHA-1 hashes above match you assume it is safe to install.
[I've not verified the install steps as i generally don't use windooz, just thought the notes would be of use to windooz users...]
;)
-
lol ;D
-
ok so i have been glancing over this ivc got thew gpa created key and im guessing in order to read a encrypted message you have to have the key well is the key put in once you sign a message ...sorry guys very new to this obviously
???
-
Very informative thread. Thanks for throwing this together!
-
What are the risks associated with keeping my passphrase key on my computer? Typing out a 50 character key every time will be annoying.
-
THANK YOU SO MUCH! It was driving me crazy trying to figure this out!
-
What are the risks associated with keeping my passphrase key on my computer? Typing out a 50 character key every time will be annoying.
- if you store the pf it needs to be under password too, could put it on a usb removable storage and hide it...
;)
-
Whats a GPG
-
Whats a GPG
http://dkn255hz262ypmii.onion/index.php?topic=7114.0
- GnuPG versus pgp versus OpenPGP
-
i just noticed from the gnupg.org website that:-
"Gnu Privacy Assistant
GPA is still work in progress, so don't expect that everything works and be careful when using production quality secret keys."
::) :-\
{right ...!?!!!??}
-
got GnuPG installed (with gpa) but the package doesn't come with WinPT and when i install winpt it cant link to GnuPG as it is saying "cannot find gpg.exe file, i have tried putting the file location in manually but no joy (cannot find file in specified directory) can anyone help please?????
-
Hey guys, forgive me if this is an obnoxious question, but I am not understanding how to encrypt my address on SR when placing an order, or how to encrypt SR messages. After reading through the tutorial and this topic, all I am seeing is instructions on encrypting email. Is this just me still not fully understanding the program, or is it as simple as copy and pasting the vendor's public key at the end of the box where your address is entered?
I'm obviously a noob, but I've been reading for a week now trying to get this right... disappointingly I had my first order cancelled today by the vendor. There was no message so I don't know if it's because I'm unknown or because I didn't encrypt my messages. If it's as simple as just re-reading the tutorial I'll give it another shot but wanted to throw this out there first (regarding encrypting one's address).
Thanks for everyone's patience on here while us noobs figure this shit out! :D
-
....type up email in a text editor, add your public to the to the end of the text message cut & paste it as text, ...so the top half is readable text followed by a begin and end
block = the exported public key...
encrypt the whole text document using your gpg / pgp program, open the new encrypted message as text, copy & paste the encrypted msg up to and incl:
-----BEGIN PGP PUBLIC KEY BLOCK-----
. . . .
. . . .
-----END PGP PUBLIC KEY BLOCK-----
....paste into the SR message block ....send as usual, you're sending the encrypted block as data and not the raw original unencrypted message.
;)
-
Svveet... got it! 8) (I think)
Big ups to shepj and Traveling!
-
Months ago, I found a video linked on here that has since disappeared. It showed how to use PGP, and it was a very easy video to understand. I need to start using PGP because a vendor requires it. Does anyone know about this video? Otherwise I have to sort through these instructions which is far more work than following the video.
-
there is no gpa.exe in gpg cant get past 3rd step
nevermind..u have to check it when u first install it
-
Thank you so much! <3
-
I'm at screen 2. downloaded the software. Any idea how I get to screen 3?
-
I'm at screen 2. downloaded the software. Any idea how I get to screen 3?
Install the software, not forgeting to check that GPA will be installed. (Forget about Kleopatra and Klaws, they're not needed.) Look for a shortcut on your desktop or in your Start menu. If there's not a shortcut, browse the folder to which you installed or search your drive(s) for gpa.exe.
-
So am I the only one here that doesn't see anything in "red"?
All of my notes are in red. They are present for a reason, read them.
Step 1) Download GNUPG
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/01-Download.jpg)
Step 2) Install GNUPG
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/02-InstallGPA.jpg)
Step 3) Open GPA
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/03-OpenGPA.jpg)
* GPA Main Menu
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/04-GPAMainOpened.jpg)
Step 4) Generating a Key
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/05-GenerateNewKey.jpg)
* Enter Name
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/06-GenerateaKey-EnterName.jpg)
* Enter Email Address
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/07-GenerateaKey-EnterEmail.jpg)
* Backing Up Your Key
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/08-GenerateaKey-BackupKey.jpg)
Step 5) Creating / Entering Your Passphrase
This step I will elaborate on. Your key needs to be extremely strong, having a 50-70 character password is not unheard of. The more characters (letters, numbers, and symbols) your passphrase contains, the harder it will be to crack. Also, when it is time to generate your key, the more you mess around on your computer (opening & closing files, listening to music, moving your mouse, etc.) the better the entropy.
Never store your key electronically. I recommend having two copies of your key WRITTEN. Storing your key is useless and will give LEO your passphrase (should your computer ever be compromised).
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/09-GenerateaKey-EnterPassphrase.jpg)
* Re-enter Passphrase
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/10-GenerateaKey-Re-enterPassphrase.jpg)
Step 6) Key Generation Complete
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/11-KeyCreated.jpg)
Step 7) Encrypting Messages
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/12-EncryptingMessages.jpg)
*Selecting a Key (the addressee)
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/13-Encryption.jpg)
*Encrypted Message
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/14-EncryptedMessage.jpg)
Step 8) Decrypting Messages
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/15-DecryptingaMessage.jpg)
*Message Decrypted
(http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/16-Decrypted.jpg)
The pictorial will be updated, as I need to elaborate on Key Exportation and utilizing Notepad. This is the beginning. Enjoy!
-
Months ago, I found a video linked on here that has since disappeared. It showed how to use PGP, and it was a very easy video to understand. I need to start using PGP because a vendor requires it. Does anyone know about this video? Otherwise I have to sort through these instructions which is far more work than following the video.
"Otherwise I have to sort through these instructions which is far more work than following the video."
Ahmen!
-
i just noticed from the gnupg.org website that:-
"Gnu Privacy Assistant
GPA is still work in progress, so don't expect that everything works and be careful when using production quality secret keys."
::) :-\
{right ...!?!!!??}
Okay, is there a page or link or ANYTHING that explains acronyms here? I'm already lost at what most of you are talking about when you speak plain English then you go say things like GPA and GNU, etc., etc. How about a break ya'all!
-
i just noticed from the gnupg.org website that:-
"Gnu Privacy Assistant
GPA is still work in progress, so don't expect that everything works and be careful when using production quality secret keys."
::) :-\
{right ...!?!!!??}
Okay, is there a page or link or ANYTHING that explains acronyms here? I'm already lost at what most of you are talking about when you speak plain English then you go say things like GPA and GNU, etc., etc. How about a break ya'all!
- acronym page -no doesn't exist, google is your friend..
- GPA - The Gnu Privacy Assistant
The GNU Privacy Assistant (GPA) is a graphical user interface for the GnuPG (GNU Privacy Guard).
http://www.gnupg.org/related_software/gpa/
http://dkn255hz262ypmii.onion/index.php?topic=7114.0
- GnuPG versus pgp versus OpenPGP
- try use the forum search function as there are numerous posts by everyone so tons of help with gpg / pgp and all the apps.
-
noob again, new to SR, in the process of aquiring bitcoins... not new to mail order services though, for others I've used hushmail or something similar.
alright, I give up after 3 days of searching and going through everything I could find
I've gotten as far as creating my keys but dont understand how to translate the rest of the info into a successfull encripted message.
I've tried the test page to no avail...
I'm able to encript and decript to myself but get lost otherwise.
dont understand the importing/exporting public keys.
some help would be greatly appreciated as I plan to be a regular SR consumer if I can work through this hurdle
-
I am so happy Thanx to the person who put the steps up with the onion address with the pics to walk u through GPG4win! I am a noob to GPG4win i have GPG with thunderbird mastered on my mac but that tutorial just helped me so much i have been messing with that copy and paste method for three weeks! Now i need to figure out a bitcoin wallet and get coins so i can get at this nice site.....
-
dont understand the importing/exporting public keys.
if you want to send someone an encrypted message, you encrypt it with their public key. to do this, you first import their public key.
if you want someone to send you an encrypted message, you send them your public key, which they will use to encrypt a message to send to you
-
I figured out the portable PGP, it was much easier for me
at least I was able to send message to the test page and it worked...
think I got it figured out now.
are PGP and GPG one and the same? meaning I send message using PGP but receiver uses GPG...do both sender and receiver have to use same program?
now to get those bitcoins:)
-
are PGP and GPG one and the same? meaning I send message using PGP but receiver uses GPG...do both sender and receiver have to use same program?
- same link posted previous to yours
http://dkn255hz262ypmii.onion/index.php?topic=7114.0
- GnuPG versus pgp versus OpenPGP
- i don't know offhand of any issues, any that do surface may be due to someone specifying a pgp or proprietary setting to encrypt or a feature
introduced that the open source build does not implement; i've not experienced issues that were narrowed down to incompatibility...
-
Hi, everyone
I have the PGP for Windows software, the one with Kleopatra as the administrating application. It's already downloaded and setup; I have a private and public certificate, know how to import others' public certificates, and can decrypt messages as well. The only aspect of it that I have a problem with is the encryption of emails. I compose a message in a text editor such as Wordpad or Notepad, save it as a 'plain text' file, then try to encrypt it with the program, and the result I get is either a text with Chinese or other foreign characters but not cryptography! What's going on?! Can anyone give advice?
By the way, saving the file in a different format like 'Rich-Text Format' (rtf) or 'Unicode Text Document' or 'MS-DOS Text Document' does not help either.
Thank you.
-
Thanks for this guide it made it easy :D
-
Hey guys,
I hate to bother you with more noob questions, but I've been struggling with GPG for hours and I finally had to cave and make a post.
I got through everything fine, and I understand how it works and everything, but for some reason I can't import other people's public keys. On my mac, it won't let me select the plaintext file that contains the key -- it's grayed out for some reason when I try to select it.
If anyone has any help, suggestions, advice, etc, it'd be MUCH appreciated. This shit is getting extremely frustrating and I'm pretty much at a loss for what to do next.
THANKS!
f0ndu
I'm having the same exact problem.
The file syntax is something like file.txt
-
i have tried it many times, i made anywhere a mistake, do someone know a different step by step guide with pictures?
-
i have tried it many times, i made anywhere a mistake, do someone know a different step by step guide with pictures?
..try page 8
??!
-
Installation crashes almost EVERY time on Windows 7, and I cannot get my seller to provide an email address (says it is in his home page but I can't find it). Also, do I enter my real email address -- seems like a security compromise? And what email program should I use? I usually use Outlook. Do I attach the seller's and my public key? The instructions make a lot of assumptions.
I also don't know what options to check on the installation page (e.g. Claws?) ... again, it's not in the instructions.
THERE MUST BE AN EASIER WAY!
And how do I use PGP for torpm?
BTW, SR Support advises against using PGP due to possible security breaches.
FRUSTRATED BEYOND BELIEF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
some quick answers:-
- dont have win7 to compare sorry..but
- look in the event and app logs maybe it describes the issue :
http://windows.microsoft.com/en-US/windows7/What-information-appears-in-event-logs-Event-Viewer
- you ought to specify the same email account = what was used in the pgp / gpg key creation.
- the sellers profile = 'homepage', on SR click the seller name thats hyperlinked, scroll down and read thru for this info...
ok?!
-
i have tried it many times, i made anywhere a mistake, do someone know a different step by step guide with pictures?
..try page 8
??!
the guide from 8 is the same as from 1....i dont know where i make a error, is there not a video trutiorial?
-
What about linux. What do I need to do after downloading GPA?
-
ok so i see peoples PGP keys on this thread. how do i add those keys to ym GNU to send them messages?
the tutorial was excellent in teaching me how to send myself encrypted messages, but how do i send encrypted messages to other people who don't have silver keys on my GNU?
-
Crashes after I enter my passphrase?
-
great tut
-
some quick answers:-
- dont have win7 to compare sorry..but
- look in the event and app logs maybe it describes the issue :
http://windows.microsoft.com/en-US/windows7/What-information-appears-in-event-logs-Event-Viewer
- you ought to specify the same email account = what was used in the pgp / gpg key creation.
- the sellers profile = 'homepage', on SR click the seller name thats hyperlinked, scroll down and read thru for this info...
ok?!
High Travelling! Thanx for the posts!
This one; > http://windows.microsoft.com/en-US/windows7/What-information-appears-in-event-logs-Event-Viewer < is 'Page cannot be found' - 'The page you requested cannot be found.'
I'm tryin too! :)
Oz
-
- its somewhere here as per pics:-
hxxp://www.petri.co.il/images/eventvwr_vista_7.gif
hxxp://imgsrv.worldstart.com/ct-images/event_log_3.JPG
{swop the xx for tt so it reads http..}
- similar location for win7.
-
I've been working on this for weeks now. Each time I come back in here daily and spend hours reading posts I learn just a tiny bit more. I just used the GPG (Step-by-Step: Windows Pictorial) and sent myself an encrypted message. Hoo-ray - right?
NOT! I have 2 keys, both (wrong or not) with the same pass phrase. Both saved on a 1 gig USB. I tried both keys and entered the pass phrase 5 times each. Can't copy and past it so I watched my finger and punched in each character 5 times each. Each time it said the password was incorrect!
I checked the pass phrase 4 times for each key right after I used them. It is the same one that my GNU says is wrong now.
I give up!
I think SR should just encrypt everything they want encrypeted. It's their assess too and they have a lot more money and smarts than I do. Trust that! Lol.
Oz
-
..nope, its in your best interests to encrypt your own messages its not just SR messaging here, the gpg/pgp thing is used when encrypting / decrypting msg's outside of
SR too; there's only so much someone should be spoon fed; the obvious reason why gpg/pgp is an individual responsibility is the owner needs to own / maintain their
own keys so this is also why its back to our own apps, i suppose you could pay someone some service to do it for you...but then you're partly back to the reason why
gov's own and think for everyone cos the general public don't want responsibility and expect gov's & local authorities to regulate more and more.
-
I have a question about messaging my Public Key and signing the message. (I am using gpg4usb BTW) I write my message and paste my key,
"Message"
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (MingW32)
"block of code"
-----END PGP PUBLIC KEY BLOCK-----
Then I sign the message and it breaks my public key somewhat, like this...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Message"
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (MingW32)
"block of code"
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
"block of code"
-----END PGP SIGNATURE-----
The extra dash and space, "- " in front of my public key's header and footer messes it up. If I delete that before sending, it breaks the signature.
Does this problem make sense? Any ideas how to fix this?
-
http://i1142.photobucket.com/albums/n610/pictorialone/GNUPG%20Step-by-Step/03-OpenGPA.jpg
My GnuPG download folder looks just a bit different from this screenshot and more importantly, does not contain gpa.exe
What went wrong?
PM me if you choose not to directly respond in this thread.
-
Thanks for the tutorial and to all the people whom contributed responses to the questions. I checked my key and all that at this link and everything seems to work. Guess ill see when I make a purchase if I really learned it all., thanks again
Test Link
http://p3lr4cdm3pv4plyj.onion/test.php
-
i may have missed something.. but can anyone tell me where i can find my own gpg key?
-
i may have missed something.. but can anyone tell me where i can find my own gpg key?
- your keyring manager of choice, my personal keys , your key / or one of a few you've created, r/click ....export....save as....name it appropriately perhaps name-pub.key..
to remind you its for public {something like that...}
-
You mean I cannot use it for my Mac? I want to use the key and encryption, but cannot get it done...not nerd...
Somebody help me for the Mac?
-
You mean I cannot use it for my Mac? I want to use the key and encryption, but cannot get it done...not nerd...
Somebody help me for the Mac?
IM IN THE SAME BOAT !!! HELP :-\
-
Hey pretty new here so sorry if I sound overly noobish
I pretty much understand the concept and everything but I don't understand the msging system/ what I would write in a key to export to someone..
After I make my key do I start encrypting it with my personal msgs with my info s for suppliers and then export the key and send it to them? and then wait to get a message back from?
When I copy & paste the keys on the suppliers prof page and paste it in decrypt it doesn't translate anything
Thank you in advance
-
At last, i got pgp up and running. I was having a lot of trouble until I found this thread. The OP deserves a tip!
-
Brilliant! very helpful :)
-
http://www.youtube.com/watch?v=HuLr8PdkdOY&feature=relmfu
Here is a youtube video of the exact same thing this SR tutorial is on.
Seams pretty useful for someone computer illiterate like me.
-
Nice work, thanks. BUT, Gpg4win's Kleopatra and GPA both crash and burn on my favored machine. Anyone have suggestions for paid, supported PGP/GPG software? Danka.
Thank you so much! this is very helpful!
-
If you surf to the site that has Gpg4win, there's also an Apple version there.
You mean I cannot use it for my Mac? I want to use the key and encryption, but cannot get it done...not nerd...
Somebody help me for the Mac?
IM IN THE SAME BOAT !!! HELP :-\
-
Hey pretty new here so sorry if I sound overly noobish
I pretty much understand the concept and everything but I don't understand the msging system/ what I would write in a key to export to someone..
After I make my key do I start encrypting it with my personal msgs with my info s for suppliers and then export the key and send it to them? and then wait to get a message back from?
When I copy & paste the keys on the suppliers prof page and paste it in decrypt it doesn't translate anything
Thank you in advance
No you have to type your message and copy and paste your key into your pgp portable or whatever you downloaded into the clipboard of that program. Then you hit encrypt on the tab in your clipboard. Once you do that It will make what looks like a key, you copy and paste that into the message box on silk road and hit send. Once he gets that message he puts it into his clipboard and hits decrypt and enters his private pass phrase and the key opens up into the message that you wrote. This had me confused beyond belief and then a dude made a post that made it all so clear. Let me know if you still don't know what I'm saying and Ill try to find you pics or a video.
Peace
-
Nice work, thanks. BUT, Gpg4win's Kleopatra and GPA both crash and burn on my favored machine. Anyone have suggestions for paid, supported PGP/GPG software? Danka.
Thank you so much! this is very helpful!
I would skip the kleopatra and see what happens. It isn't necessary.
-
Yeah, I was skipping it anyway because it crashes at each launch. BUT, check this...
Derp. I had a feeling that the five (!!) downloads and installations of Gpg4win had somethin' wrong with the files or installation. So I got a brand new copy of the bundle from a site other than the one I tried the first five times, and installed everything except Claws mail. Removed some fussy VPN software, so it makes me mildly suspicious that was part of the problem.
Launched GPA and easily created the first key. This time when I launched GPA the only difference was that when it asked me if I wanted to backup the key during creation, I declined. Then I copied the key later to a secure, encrypted location. Derp.
Nice work, thanks. BUT, Gpg4win's Kleopatra and GPA both crash and burn on my favored machine. Anyone have suggestions for paid, supported PGP/GPG software? Danka.
Thank you so much! this is very helpful!
I would skip the kleopatra and see what happens. It isn't necessary.
-
Yea I declined to make a back up as well. Had enough shit to figure out. Have you sent a message with it yet? If so did everything work.
-
Hey, just a quick follow up question:
Should buyers sign their encrypted messages or give the vendor their public key? I don't quite understand the proper uses of signing. Thanks!
-
Hey, just a quick follow up question:
Should buyers sign their encrypted messages or give the vendor their public key? I don't quite understand the proper uses of signing. Thanks!
Unless your asking for a tracking number or something sensitive I don't think its necessary. Hell I don't even get a pm back after I make a purchase. I just send my personal info with it encrypted and wait for the package. However If the vendor has to send a personal message back to you than yes you should provide your public key in the encrypted message. The signing thing I'm don't know to much about, it just shows that it was you who sent the message I don't think its necessary.
-
Hey, just a quick follow up question:
Should buyers sign their encrypted messages or give the vendor their public key? I don't quite understand the proper uses of signing. Thanks!
- add your public key pasted as text at the bottom of your message, then encrypt the whole lot to send..who decrypts the msg {cos you encrypted it originally with the vendors public key ..{and added your own to be able to decrypt it {if you know how to do this..}} he can decrypt it cos its his key pair {public + private}.
- sometimes or as an extra option can add your public key as an attachment of the email, its for convenience and to save as on their local drive to import etc {just as
you would import other peoples pub keys..}
- you would "sign" someones imported pub key in your keyring / key manager, based on the trust level.
- you could give out your public key to whoever you wanted -think of it as a business card of sorts., pub is for public, private portion is to be kept securely by yourself.
if you give out your private key you could be impersonated.
-
How would I decrypt a obvious chain of pgp text, that does not have the usual formatiing (begin pgp ....) just the block chain of text, that was sent via privnote, i have searched the forums ad nauseum trying to figure this out.
-
How would I decrypt a obvious chain of pgp text, that does not have the usual formatiing (begin pgp ....) just the block chain of text, that was sent via privnote, i have searched the forums ad nauseum trying to figure this out.
Have you tried looking at another public key and just adding what has been left out? I was wondering the same thing but never got a message like the one you stated. Let us know what you find out.
-
How would I decrypt a obvious chain of pgp text, that does not have the usual formatiing (begin pgp ....) just the block chain of text, that was sent via privnote, i have searched the forums ad nauseum trying to figure this out.
try adding the (begin) and (end) pgp to the text.. maybe they did it by accident?
-
Wow! I just want to say, what a great thread and big ups to ShepJ for the visual tutorial. It's what finally made it sink in for me. Took me a couple tries, but I think I've got it. It's amazing how the lightbulb just turns on after a little bit of time invested in reading and then practicing. And I want to thank Traveling & CrunchyFrog. Some of your answers were exactly what I needed as they were pretty clear. I was confused on encrypting the message with my public key at the bottom and then pasting it, you guys cleared that up as well as the whole signing process! AWESOME community here!! Now I just need to figure out a secure email service since tormail is not allowing new registrants :/ lol Any suggestions? Thanks in advance!
-
Which boxes do I check before installing?
-
CT I checked all of them. Including the Claw mail. The pic tutorial covers the GPA that is unchecked by default.
-
Hi
I downloaded everything you said I did get an error message but I was still able to do everything until I got to step 7? And now how do I use it and when
-
Unable to import a key..I dl the key to my desktop,also copy and save to notepad..I keep getting "no keys were found" when I try to import it..
-
Ok I fixed that problem....
-
Help appreciated!
Whenever I try to decrypt a message it tells me:''The GPGME library returned an unexpected error: General error'' or something along those lines when I try to decrypt messages around Silkroad, now I am super newbie, any mistake is possible.
Thanks in advance,
Me
-
Thanks a million to all the contributors. It just clicked. Took a while but I got there ;)
-
Thank you so much for this Tutorial ShepJ! Great responses, couldn't have figured it out with out this feed. Thanks to the guest that said what boxes to check, I was struggling with that one lol
-
I am so fucking lost....
I have downloaded the GPG4win bundle, and when I open the Kleopatra program I can create a key (or certificate as it calls it) -
After this I have NO IDEA! I do not see a clipboard on kleopatra. All it has is my certificate on it. I don't know what to do, and I have the first three pages of this post. My one vendor has disappeared and now the new one wants me to encrypt, but I still don't know how! It would be easy if there was a clipboard, but I do not see one. I don't know, the original guide was for a different program, it looked different and everything.
This is so frustrating because I RARELY have problems figuring anything out, and I am just stuck with a freaking key I created, and no further knowledge of how to even START a message to use the key. I even tried to import a vendors public key, but since there is no clipboard I opened up a text doc on my computer and pasted the public key for this vendor. I then went to "Import Certificate" and the file wouldn't even show up as one I could import.
Please help, at least with a link for a dummy guide for Kleopatra that someone here has used.
Thank you, for whoever helps me.
Eco
-
Hey ecopaktm, I'm not an expert obviously, I'm a newbie. But when you download the GPG4Win, there's a prompt that asks you what you want parts of the program that you want to install. The GPA is unchecked by default. It's the second one in the list I believe. Check that box. If you have to, go through the unistall and reinstall because i'm not sure how to add it after it's been installed. Once that is checked in the install process, you'll get the GPA app on your desktop and that is the program that nice picture tutorial is from that ShepJ did. I was lost too, until I realized that. Hope that helps
-
I got same problem :/ have u figuried out how to fix it yet? :)
-
Thanks a massive amount to all the contributors here - seemed daunting at first but the pictorial is spot and and makes it pretty simple to get your head around.
Just a quick question - if LE were to (worst case scenario) somehow open your version of GPA would this work as evidence (i.e. they open it and see a stored key with the name as same username in SR, additionally other keys with username of sellers if you had not deleted them)?
Or would it be a case of without the pass code they could not really do anything???
From this do people then not use the same username as SR / Forum for the GNU key? Noticed already that some sellers keys will bring up other information on them in GNU, i.e. email addy, SR username
*
Also it would seem the best way for security would be not using email and just PM encrypted messages through SR - less of a trail?
I am probably totally wrong as not very technically savvy but for me this seems certainly the easiest way.
Thanks again for all the help from the community here
D
P.S - bit of a silly question but just wanting to confirm doing this all right -
EDIT: Answered this last question myself! If anyone can answer the above that would be fantastico though :)
-
Thanks for this tutorial. This will make life a lot easier getting this setup.
-
Help appreciated!
Whenever I try to decrypt a message it tells me:''The GPGME library returned an unexpected error: General error'' or something along those lines when I try to decrypt messages around Silkroad, now I am super newbie, any mistake is possible.
Thanks in advance,
Me
Bump
-
Thanks a massive amount to all the contributors here - seemed daunting at first but the pictorial is spot and and makes it pretty simple to get your head around.
Just a quick question - if LE were to (worst case scenario) somehow open your version of GPA would this work as evidence (i.e. they open it and see a stored key with the name as same username in SR, additionally other keys with username of sellers if you had not deleted them)?
Or would it be a case of without the pass code they could not really do anything???
From this do people then not use the same username as SR / Forum for the GNU key? Noticed already that some sellers keys will bring up other information on them in GNU, i.e. email addy, SR username
*
Also it would seem the best way for security would be not using email and just PM encrypted messages through SR - less of a trail?
I am probably totally wrong as not very technically savvy but for me this seems certainly the easiest way.
Thanks again for all the help from the community here
D
P.S - bit of a silly question but just wanting to confirm doing this all right -
EDIT: Answered this last question myself! If anyone can answer the above that would be fantastico though :)
I just buy so I put in a fake email and name. And yes I encrypt a message and then copy and paste it into the S.R. message box. You would not want your private key on the same computer that the gpa is that's for sure. Also use a shit load of characters for your pass phrase I use like 40 all letters, numbers, and symbols.
-
When I go to decrypt it, I get this error:
The GPGME library returned an unexpected error. The error was: General error This is probably a bug in GPA. GPA will now try to recover from this error
Does anyone have a fix for this?
-
Thanks a massive amount to all the contributors here - seemed daunting at first but the pictorial is spot and and makes it pretty simple to get your head around.
Just a quick question - if LE were to (worst case scenario) somehow open your version of GPA would this work as evidence (i.e. they open it and see a stored key with the name as same username in SR, additionally other keys with username of sellers if you had not deleted them)?
Or would it be a case of without the pass code they could not really do anything???
From this do people then not use the same username as SR / Forum for the GNU key? Noticed already that some sellers keys will bring up other information on them in GNU, i.e. email addy, SR username
*
Also it would seem the best way for security would be not using email and just PM encrypted messages through SR - less of a trail?
I am probably totally wrong as not very technically savvy but for me this seems certainly the easiest way.
Thanks again for all the help from the community here
D
P.S - bit of a silly question but just wanting to confirm doing this all right -
EDIT: Answered this last question myself! If anyone can answer the above that would be fantastico though :)
My suggestion about this as I've read on some other threads on here is to make sure you're running tor inside of a virtual machine along with anything else you use like the GPA program, maybe have it on an external hard drive. Use VM Ware Workstation. Then use truecrypt (open source=free) and encrypt the whole virtual machine. They'll never be able to open it to see any kind of evidence. Deny everything.
-
I've gone through the steps and now know how to encrypt my own message.
I assume I copy and paste the encrypted message into the address space on silk road when ordering.
How does the seller decrypt it?
Something's missing, right?
-
Yep you're almost there bro. What I do after reading it several places on here is after typing your address in the clipboard before encrypting it to post to the address box on SR is to paste YOUR Public key below your typed address and then encrypt that whole thing so when they decrypt it on their side they'll have your address and your public key. So yeah you encrypt your address with the sellers public key and they read/decrypt with their private key and vice versa if they send you a message back. Cheers!
-
Yep you're almost there bro. What I do after reading it several places on here is after typing your address in the clipboard before encrypting it to post to the address box on SR is to paste YOUR Public key below your typed address and then encrypt that whole thing so when they decrypt it on their side they'll have your address and your public key. So yeah you encrypt your address with the sellers public key and they read/decrypt with their private key and vice versa if they send you a message back. Cheers!
Ok very confused again.. First you say to paste my public key to my address. Then you say encrypt my address with the sellers public key. ???
How do I get the sellers key? That's not in the step by step instructions
-
So how do I encrypt my message with the seller's key? I see no way of entering his key after pressing the encrypt button.
-
if someone could help? im trying to place an order and cant figure out the encryption. What do i do with the public key block the seller put on his listing. I figured out how to encrypt my message and can open it with the passphrase i created but how does the seller get my passphrase
^ This is exactly my problem and yet no one answered him.
-
blueberrytree & peterkoff8273
Which OS, which program ? This installing a new/different version.
Mongrelbuster
Seller has to give you his private key so you can encrypt your message with it. Check his profile or ask him.
It will look something like this
-----BEGIN PGP PUBLIC KEY BLOCK-----
LOTSOFRANDOMTEXT
-----END PGP PUBLIC KEY BLOCK-----
1. Write your message
2. Encrypt
3. Choose sellers public key
4. Paste it to the seller
In GPA - Gnu Privacy Assistant
1. Open the program
2. Click Clipboard
3. Write your address
4. Click Encrypt
5. Choose the key of the vendor
6. Click yes.
7. Paste it to address box on the SR page
What Ninja is talking about is to add your PGP public key to the message. Same steps as above with one small variation.
1. Open the program
1.5 Click on your key (golden icon) and click "Copy"
2. Click Clipboard
3. Write your address
3.5 Click Paste (you'll be adding your PGP key to the message)
4. Click Encrypt
...
-
I just got it. You have to copy and paste the sellers encrypted key into the key manager.
I still find it strange that my key is to be decrypted by the seller yet i was unable to decrypt him and nor was it necessary. ???
-
1. Open the program
1.5 Click on your key (golden icon) and click "Copy"
2. Click Clipboard
3. Write your address
3.5 Click Paste (you'll be adding your PGP key to the message)
4. Click Encrypt
...
Ah the final piece of the puzzle! Thanks
-
blueberrytree & peterkoff8273
Which OS, which program ? This installing a new/different version.
Mongrelbuster
Seller has to give you his private key so you can encrypt your message with it. Check his profile or ask him.
It will look something like this
-----BEGIN PGP PUBLIC KEY BLOCK-----
LOTSOFRANDOMTEXT
-----END PGP PUBLIC KEY BLOCK-----
1. Write your message
2. Encrypt
3. Choose sellers public key
4. Paste it to the seller
In GPA - Gnu Privacy Assistant
1. Open the program
2. Click Clipboard
3. Write your address
4. Click Encrypt
5. Choose the key of the vendor
6. Click yes.
7. Paste it to address box on the SR page
What Ninja is talking about is to add your PGP public key to the message. Same steps as above with one small variation.
1. Open the program
1.5 Click on your key (golden icon) and click "Copy"
2. Click Clipboard
3. Write your address
3.5 Click Paste (you'll be adding your PGP key to the message)
4. Click Encrypt
...
Wow nice work mate! I don't think it could get much clearer than that. If I could give karma I'd +1 you for sure!
-
Great info. Thanks a lot. Saved me time and more importantly, hassle.
-
Might sound like a dumb question - but do I need to encrypt my own public key block as well as the message text, when I send my first message?
-
That's a good practice Anathem.
You see, if the other person wants to write back, he needs your public key and including it in the first message cuts one step of him writing you "Need you private key", so yeah, do it for the first time when talking to someone new.
-
im still trying to figure out gpg4win
anyway i think ive got it but i now cannot remember my passphrase and cannot find where the fuck i need to be to get it sorted,can anyone help me out please ?
-
i need a mac pictorial :-[ :-[ :-[
anyone..??
x
-
Is the 40 digit string the "public Key"?
Is the public key the certificate? Are these all Synonyms?
Is my Pass code my secret key?
Holy shit I wish my son were still living with me! Big help!
Any way back to the lesson at hand. Li'L' help over here in isle 7. Isle 7.
thank You.
Celestine
Public key will look something like this
-----BEGIN PGP PUBLIC KEY BLOCK-----
LOTSOFRANDOMTEXT
-----END PGP PUBLIC KEY BLOCK-----
Check the following thread for examples - http://dkn255hz262ypmii.onion/index.php?topic=174.msg824
"Pass code" is your password that you type when you encrypt/decrypt/sign messages.
Certificate consists of multiple things but public key is one of them. There are no actually synonyms but you can think of the as such in Kleopatra.
Guide for it here - http://p3lr4cdm3pv4plyj.onion/guides/kleotxt.html
Also try GPA.exe (also included in gpg4win unless you unchecked it). More intuitive for me.
dmtdoodeelsd
Take a look through the following links.
dmtdoodeelsd
http://dkn255hz262ypmii.onion/index.php?topic=22513.msg232891#msg232891
http://dkn255hz262ypmii.onion/index.php?topic=8235.msg75141#msg75141
http://www.robertsosinski.com/2008/02/18/working-with-pgp-and-mac-os-x/
-
cool thanx random - i know one day ill get it sorted out but tbh i'm in asia still on 'holiday' so it might have to wait until i'm bk heheh 8) 8) 8)
-
Hello everyone. New GPA user here and I am having what I believe to be problems. I created a public key and a passphrase. I go on clipboard, write a message and encrypt with MY key. I then decrypt and type my passphrase, the message appears. However, i tryed encrypting a message with someone elses public key, and when I try to decrypt, GPA says "Clipboard contained no valid encrypted data." So i then signed the message encrypted with another persons public key and then hit decrypt. A notification pops up and says "Clipboard does not contain any OpenPGP data."
Can anyone help me or point me in the right direction here?
-
You can't decrypt messages that are encrypted to other people's keys. Like if you write me a message and encrypt it with my key, only I can decrypt it.
You write the message, sign it and then encrypt it. If you'll sign an encrypted message GPA won't detect the PGP message (no OpenPGP data) unless you select just the part that starts with -----BEGIN PGP MESSAGE----- instead of the whole -----BEGIN PGP SIGNED MESSAGE-----Hash: -----BEGIN PGP MESSAGE-----.
-
...I go on clipboard, write a message and encrypt with MY key. I then decrypt and type my passphrase, the message appears. However, i tryed encrypting a message with someone elses public key, and when I try to decrypt, GPA says "Clipboard contained no valid encrypted data." So i then signed the message encrypted with another persons public key and then hit decrypt. A notification pops up and says "Clipboard does not contain any OpenPGP data."...
You need the *private* key of the person to whom the message was encrypted in order to decrypt it. Since you don't have the recipient's *private* key, you can't decrypt the message.
You do, however, have *your own* private key, which is what allows you to decrypt messages encrypted with your public key..
-
brilliant thread and tutorials. kudos and thank you to those involved! super easy to understand, even for a n00b like me. +1000
-
Great thread and awesome insight I am still having an issue though. When I am trying to import a vendors public key from their profile it is saying "no key found"
My steps - Copy pasta the public key from start hash to end hash. Paste into a text file. Select import, browse to folder, click text file, hit ok. Am I missing a step?
-
All good peters.
Try your procedure with keys from this thread - http://dkn255hz262ypmii.onion/index.php?topic=174.550
If you're getting an error, it's something at your end, if not, it's the sellers key.
Alternative - post his key here and I'll try importing it.
-
Thanks a lot boss. I did import other keys from the public key thread and it was fine. Let me know if you have any luck
------BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.17 (MingW32)
mQENBE85UnoBCACyzs0kbgjvAztSAOq0Z3XoB8HFDFaB8SqQh/c4lhAqdQ5e8IOl
wMv/kCGokwdEobZHreLqAV+enEw6jC9/VjaYYCJ3lZ6sYlEUYaUjz8XTubJS5qYu
yc22EinjAjgF5iBwKARynCR9A27eqk2YECJ1BKJ+cmJYz7K+UVCAFurz9R+c5qdh
/O3VBBAbkinl+rBOiJJQtqiLcRCgqA60Pp8a3Wy7Pqo9gn5RLjf2T8vajUoXjbSV
rFsLv9Y3b7gsYWW1HK7c6f5nFitFSAgoVQlUhkK7Pzz0CMaWQdnt+T859UQ/bWnT
1B8fTlbaGKeBrPxThaC7ARu51UmjO05X5Hs7ABEBAAG0H1N5bmFwdGljIDxzeW5h
cHRpY0B0b3JtYWlsLm5ldD6JATgEEwECACIFAk85UnoCGwMGCwkIBwMCBhUIAgkK
CwQWAgMBAh4BAheAAAoJEHJmOxHrCC2piVkH/1ancNa8BbdJfNrnJH/des/vZla8
2QpRueB+1pU8j+/eVU80pVNjEDNjafVVpUvu7wPVtkFWsSnjaq3xMrCjhcIN+UmL
LAir3cwFGTKK9JF9hy5RgNJipr1bPRlV/0rCJD/ayVczKCPKHVLLlThlv6mxJQ5T
mrqoGbN9gGI+74NmxTT2eGhR/U3A2vSCeZP4yADpnH/krAVL8kckOhbMQtPpkb7g
DCVm6MhuzU6Y0qp44xlEIMLFyoW8z1ET2Hk2l/i0t/0vuBnHnmUEdKEoVQ+tTgVS
f6TK7Xq+OS1QerWT7hMJ/TudTy0yYjSC/BTOV5Wb3NbNTQPnbo6MfphNdk65AQ0E
TzlSegEIAKhCtPbeHgVa/OdDxan5rY73z9N1qEOE1br3/xT1p+uxq8pGOozYSict
JfOjCqaeyDRbqWC/N+pLYJL/H3RalmqO5Y2gTkjOCuVYxqSUEJ2xpmi9DLkgG0R2
pYW+ZVhMQCAV3uiXVZmY/myzTzuM8tyr4fh+QcLs99zMLRYaMxtVWzB25FAvOf0q
VKLFglk86lM3D42FiYqUCyKG5XXKoCDBYW8zJ0w0N3NbZo27dd8c8kCUamiaMbhX
B9AQa/bpQXzJRo4BFj2UuQneZPW3bvjedt0b5zlUzx3gLQfdUC70z2+0Kg4jALV/
TM9+nxBXYm5PmZwkrNaItWqpWEm6eF8AEQEAAYkBHwQYAQIACQUCTzlSegIbDAAK
CRByZjsR6wgtqft6B/sEnTscMSKYThECyyU1C7DUOCeYnRo2OHyY6xO0lvPvueiF
obC9FzxOSl9f0zAPQyatMKfGx8tqbMm26GqRkp5HjOG4zQ7iH5ArvMhWJt+lH5uW
XkzfU2RWr+i9mavW5nwEPIaM1xzNznEdmXbtYpc08E4uSObPRR2I0kicxGB0YWuF
9G51FVpZ6/B1yZOD/n/Dp2o6b/ob9n3A/9b+HVzxbrvLkac6LShMYP3sewnc0QrO
jr9NFbEkauJYBzwPWFpTF56Rgb5szSecQZmGSw6QdGyhWvBwYwFFztf54h7BPyBD
1w7CwbqeAB5HB7LDXgfDaKfPWDmCrBQE/nw1/ENl
=lCiM
------END PGP PUBLIC KEY BLOCK-----
-
If look closely at the key you've pasted, there are six "-" in front of END/BEGIN PGP text. There should only be five.
I've removed the additional "-" and pasted the key below. I'm not sure why this happened, I'm guessing it's GPG software related.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.17 (MingW32)
mQENBE85UnoBCACyzs0kbgjvAztSAOq0Z3XoB8HFDFaB8SqQh/c4lhAqdQ5e8IOl
wMv/kCGokwdEobZHreLqAV+enEw6jC9/VjaYYCJ3lZ6sYlEUYaUjz8XTubJS5qYu
yc22EinjAjgF5iBwKARynCR9A27eqk2YECJ1BKJ+cmJYz7K+UVCAFurz9R+c5qdh
/O3VBBAbkinl+rBOiJJQtqiLcRCgqA60Pp8a3Wy7Pqo9gn5RLjf2T8vajUoXjbSV
rFsLv9Y3b7gsYWW1HK7c6f5nFitFSAgoVQlUhkK7Pzz0CMaWQdnt+T859UQ/bWnT
1B8fTlbaGKeBrPxThaC7ARu51UmjO05X5Hs7ABEBAAG0H1N5bmFwdGljIDxzeW5h
cHRpY0B0b3JtYWlsaLm5ldD6JATgEEwECACIFAk85UnoCGwMGCwkIBwMCBhUIAgkK
CwQWAgMBAh4BAheAAAoJEHJmOxHrCC2piVkH/1ancNa8BbdJfNrnJH/des/vZla8
2QpRueB+1pU8j+/eVU80pVNjEDNjafVVpUvu7wPVtkFWsSnjaq3xMrCjhcIN+UmL
LAir3cwFGTKK9JF9hy5RgNJipr1bPRlV/0rCJD/ayVczKCPKHVLLlThlv6mxJQ5T
mrqoGbN9gGI+74NmxTT2eGhR/U3A2vSCeZP4yADpnH/krAVL8kckOhbMQtPpkb7g
DCVm6MhuzU6Y0qp44xlEIMLFyoW8z1ET2Hk2l/i0t/0vuBnHnmUEdKEoVQ+tTgVS
f6TK7Xq+OS1QerWT7hMJ/TudTy0yYjSC/BTOV5Wb3NbNTQPnbo6MfphNdk65AQ0E
TzlSegEIAKhCtPbeHgVa/OdDxan5rY73z9N1qEOE1br3/xT1p+uxq8pGOozYSict
JfOjCqaeyDRbqWC/N+pLYJL/H3RalmqO5Y2gTkjOCuVYxqSUEJ2xpmi9DLkgG0R2
pYW+ZVhMQCAV3uiXVZmY/myzTzuM8tyr4fh+QcLs99zMLRYaMxtVWzB25FAvOf0q
VKLFglk86lM3D42FiYqUCyKG5XXKoCDBYW8zJ0w0N3NbZo27dd8c8kCUamiaMbhX
B9AQa/bpQXzJRo4BFj2UuQneZPW3bvjedt0b5zlUzx3gLQfdUC70z2+0Kg4jALV/
TM9+nxBXYm5PmZwkrNaItWqpWEm6eF8AEQEAAYkBHwQYAQIACQUCTzlSegIbDAAK
CRByZjsR6wgtqft6B/sEnTscMSKYThECyyU1C7DUOCeYnRo2OHyY6xO0lvPvueiF
obC9FzxOSl9f0zAPQyatMKfGx8tqbMm26GqRkp5HjOG4zQ7iH5ArvMhWJt+lH5uW
XkzfU2RWr+i9mavW5nwEPIaM1xzNznEdmXbtYpc08E4uSObPRR2I0kicxGB0YWuF
9G51FVpZ6/B1yZOD/n/Dp2o6b/ob9n3A/9b+HVzxbrvLkac6LShMYP3sewnc0QrO
jr9NFbEkauJYBzwPWFpTF56Rgb5szSecQZmGSw6QdGyhWvBwYwFFztf54h7BPyBD
1w7CwbqeAB5HB7LDXgfDaKfPWDmCrBQE/nw1/ENl
=lCiM
-----END PGP PUBLIC KEY BLOCK-----
-
Outstanding and thank you so much. I still had to copy paste from the vendors page but removing the extra dashes worked perfectly! Again thank you
Edit: Wanted to give you karma for the help but I am not seeing the option so know that you get karma from the heart!
-
Thanks! This helped a lot, very detailed.
I also looked around more to find out how to encrypt using others PGP and found this:
http://p3lr4cdm3pv4plyj.onion/guides/shepj.html
it helped me out hope it can help others!
-
Hey, thanks for help with this.
I managed to set up all fairly uneventfully, all except no mater how i import a vendors key, it wont let me select it in the recipients list when exporting the message, it just comes up with mine?
I have read another post with the same issue but couldn't see any resolution?
Any help is muchos appreciated ;D
-
...sorry, forgot to mention, I am using a Mac...
Seems to have some significance ???
Any help that can resolve this issue will be rewarded with a very big thanks, as I am gagging to get started on here now.
;D
-
:(
-
Which software are you using lamonteyoung ? Try switching to someone suggested below.
LInks that might help
http://dkn255hz262ypmii.onion/index.php?topic=22513.msg232891#msg232891
http://dkn255hz262ypmii.onion/index.php?topic=25404.msg271478#msg271478
http://dkn255hz262ypmii.onion/index.php?topic=16023.msg158149#msg158149
http://dkn255hz262ypmii.onion/index.php?topic=1922.msg16055#msg16055
http://dkn255hz262ypmii.onion/index.php?topic=18317.msg220173#msg220173
-
Hey,
Many thanks for the reply.
Yup, using the recommended software as per guides (GPGtools), followed all the tutorials and guides, but no joy.
It only seems to be some Vendors, some come up in the recipient lists, looks like it might be a MAC - PC conflict thing..
Will read again through your links you attached, thanks ;-)
-
I just got it. You have to copy and paste the sellers encrypted key into the key manager.
I still find it strange that my key is to be decrypted by the seller yet i was unable to decrypt him and nor was it necessary. ???
Okay, so I feel like a total moron here, but I can't figure this part out. I can decrypt my own message with the fake name/email key I generated in the key manager. But how do I send that to someone else? And more importantly, how do I get the sellers key? I'm stuck at the point where I can decrypt my own message. Now what?
Thanks!
-
Sorry I can't help more lamonteyoung. No Mac here.
You encrypt the message with the receiver's key which should posted in his profile. Maybe you have to ask for it, it depends on the vendor. You send it via PM, email, etc. If you have specific problems with encrypting it tell me the name of your software and I'll check it out.
For BigScrote.
-
i cant find the gnu.exe file in my map only kleopatra seems like a program..
-
Try gpa.exe
-
i cant find the gnu.exe file in my map only kleopatra seems like a program..
Like random said above, try gpa.exe. Also, when you initially run the installation, the box next to "Install GNU/GPA" is un-checked by default. You may have made the same mistake I did when I first installed it, and have to re-install it and check the box.
-
Good info, a lot easier than I thought it would be.
-
Thank you very much
-
What a life saver of a tutorial for encryption.
I was lost at sea until I saw this!
-
And how to import vendors key generated by "Version: BCPG v1.39"
GNU dont accept them.
-
The extra dash and space, "- " in front of my public key's header and footer messes it up. If I delete that before sending, it breaks the signature.
Does this problem make sense? Any ideas how to fix this?
The extra dash and space is added by the OpenPGP client (in this case GPG) so that the recipient's client will correctly detect the real end of the message at the bottom of the signature. This is expected behaviour.
Modifying the content of the message to remove the extra dash and space will invalidate the signature. This is also expected behaviour. The signature is there to verify that the content of the message has not been modified.
To send a signed message which contains another armoured block (e.g. a public key), the best option is:
1) Write the message and include your public key.
2) Sign and encrypt the message to the recipient: gpg -s -u [your key ID] -ea -r [recipient's key ID] -r [your key ID] filename.txt
That will result in a file (filename.txt.asc) which is signed with your key, encrypted with your key, encrypted with the recipient's key and containing whatever you included in filename.txt (including your public key).
-
Is there any gui application for Liberte Linux, that vendors can use for sending / receiving email, generating keys ,etc so that no command line is needed, only the GUI?
For instance, can thunderbird (w /plugins) be used for everything needed to send/receive emails for vendors like it can be on windows? Can this be done with a @tormail.org address?
-
Nice info.
-
OH MY DOG
I need help.
I got the sellers key. I put it into the clipboard on gnu privacy assistant clipboard.
WHAT BUTTON DO I PUSH!?!?!?
STEP 7 is killing me..... Do i just add my message after the vendors key?
I really dont know what im doing here.......
-
Quick question. Ok I downloaded GPG, set a pass phrase, exported public key, and am looking at it. This is where I am stuck. How do I send an encrypted message through SR? I can go to a vendor's page and see that vendor's public key, but when I got to send a message it's not like there is a specific place to paste it. What am I missing? And then I assume I give the recipient of my message my public key to send me a message back? I am definitely missing something lol. Thanks for the help.
-
Great tutorial. However one thing that I'm surprised I can't find here or on another thread is some sample test messages we can send to each other. Like how come no one has posted their PGP (public key) for some of us use it to send them a test message and vice versa so that we can all see if we've got everything working?
I figured out how to encrypt and decrypt my own messages, but I want to test it in action via SR or Tormail
-
Quick question. Ok I downloaded GPG, set a pass phrase, exported public key, and am looking at it. This is where I am stuck. How do I send an encrypted message through SR? I can go to a vendor's page and see that vendor's public key, but when I got to send a message it's not like there is a specific place to paste it. What am I missing? And then I assume I give the recipient of my message my public key to send me a message back? I am definitely missing something lol. Thanks for the help.
Put your public key in the message and then encrypt the whole thing. Click on the name of the seller and then "send vendor a message". Paste in that box and voila
Great tutorial. However one thing that I'm surprised I can't find here or on another thread is some sample test messages we can send to each other. Like how come no one has posted their PGP (public key) for some of us use it to send them a test message and vice versa so that we can all see if we've got everything working?
I figured out how to encrypt and decrypt my own messages, but I want to test it in action via SR or Tormail
Try here http://dkn255hz262ypmii.onion/index.php?topic=30746.0
I got the sellers key. I put it into the clipboard on gnu privacy assistant clipboard.
WHAT BUTTON DO I PUSH!?!?!?
STEP 7 is killing me..... Do i just add my message after the vendors key?
1. Save sellers key in a TXT file. Name it whatever you like (sellerskey.txt maybe)
2. Open GNU privacy assistant
3. Click "Import" and find sellerskey.txt
4. Click "Clipboard" and write your message
5. Click encrypt and select the sellers key
6. Paste the message to the seller
-
best guide iv seen
totally spelled it out. AND tells you what buttons to push......
http://x35jfacrznhhtrfr.onion/tutorials/pgp/windows/
-
Thanks randomodvb and jim, I'm all set, just sent my first pgp message! This is a great safety feature.
-
I have ran the GPG4WIN lite like was mentioned, check the right boxes, unchecked the others. Made it to the create key, no problems...as soon as the notepad screen was supposed to come up with the key I received the following error:
GPGME library has experienced an error END OF FILE with a big red circle and a line in it. Click the repair button. but it just keeps coming back with the same error. I can see my username down in the address bar of the notepad but do not see a user key in the field it is supposed to be in?
I have uninstalled and reinstalled this thing 5 times with fresh reboot everytime...Now when I reinstall, it will not allow me to make a new key, just skips over to the above screen and error? Went into control panel, C: / Doc settings and deleted all traces of GPG but must be missing something that will not remove itself at uninstall???
Tried doing a search before coming in here with no avail, any help would save me from throwing this box thru the window! Thanks for Any input into this!!!
-
I have ran the GPG4WIN lite like was mentioned, check the right boxes, unchecked the others. Made it to the create key, no problems...as soon as the notepad screen was supposed to come up with the key I received the following error:
GPGME library has experienced an error END OF FILE with a big red circle and a line in it. Click the repair button. but it just keeps coming back with the same error. I can see my username down in the address bar of the notepad but do not see a user key in the field it is supposed to be in?
I have uninstalled and reinstalled this thing 5 times with fresh reboot everytime...Now when I reinstall, it will not allow me to make a new key, just skips over to the above screen and error? Went into control panel, C: / Doc settings and deleted all traces of GPG but must be missing something that will not remove itself at uninstall???
Tried doing a search before coming in here with no avail, any help would save me from throwing this box thru the window! Thanks for Any input into this!!!
Try GPG4USB or Kleopatra.
-
Hi team!
Relatively new to SR, but I have had a few successful orders so far.
I am struggling a bit with encrypting my details for my next order.
I have created my own key, and imported the vendors public key. Problem is, when I try to encrypt my address, the vendors key does not appear in the recipient selection window.
I have not had this issue before, and I have compared the details of this key against other keys that do appear to no avail.
Any ideas what could have gone wrong? Much appreesh for anyone who can shed some light on this! I'm using a mac with snow leopard 10.6.8...
ss
-
Very helpful, thanks. Now using, I'm amazed at what im learning at the moment. Its fascinating stuff. Full respect to you all. Peace
-
Brilliant tutorial! P2P etc still crashes my system when i launch it though, need a workaround..
-
HELP!
So when after I install, I went to the folder to open it (step 3) and I have nearly every icon EXCEPT gpa.exe, gpgkeys_curls, gpgkeys_finger, gpgkeys_hkp, gpgkeys_ldap, and several other executables.
anybody have any idea whats going on? I tried reistalling, all to no avail.
-
I was wondering how to find my public key so i can have people respond back to me.
-
awesome. thank you for this!
ice
-
I was wondering how to find my public key so i can have people respond back to me.
Which software ? Usually it has to do something with right clicking your key.
HELP!
So when after I install, I went to the folder to open it (step 3) and I have nearly every icon EXCEPT gpa.exe, gpgkeys_curls, gpgkeys_finger, gpgkeys_hkp, gpgkeys_ldap, and several other executables.
anybody have any idea whats going on? I tried reistalling, all to no avail.
Try GPG4USB or Kleopatra.
-
im using GPG-4win 2.1.0
-
http://p3lr4cdm3pv4plyj.onion/guides/shepj.html.
I can't make it any more clearer than this. Just scroll down to Export Key section.
-
So after days of trying to read all the forums on GPG for Macs (yes I know they are hard work at times like this) and testing all the great tutorials one after the other, I am still close, but no cigar. I have a mac air running lion 10.74 which when I download GPG 9.9 it says it is not compatible. Have tried to install GPG 10.1 but it still reads as 9.9 and same problem. Tried Guru's 'nightly' link as he had similar issue I think but no joy. Tor seems to crash constantly on 10.74 too, I have to install it each time to use browser - many forums on that and apparently it is a glitch with Tor. So now I have dug out my old macbook and after trying two of those great tutorials, I got as far as creating my own keys but when importing vendor keys from text edit, the saved file won't highlight as an option. Not sure what that is about. So read further down the forum and apparently GPG is only compatible with 10.6 and above - my macbook is 10.58 so crap once again. Tried one more tutorial (you guys are seriously fucking awesome) but got stuck at changing keyboard options and text edit options as there is no 'service' option in my preferences. So.. I noticed one person suggested privenot.com and it looks super simple but not sure if vendors like it or if it is as easy and safe as it sounds. I have tried to read all the advice before posting another 'help me' note but seriously, any tech heads out there know what I am missing??
Thanks!
-
So when I'm creating a key pair, should I use my TorMail as the email or is it actually better to use a fake email?
-
So when I'm creating a key pair, should I use my TorMail as the email or is it actually better to use a fake email?
The information you include in your key user ID(s) can be seen by anyone with a copy your public key. So it's up to you whether you want to include a real address.
If you use a fake address be sure to use something like example.com (it is a domain created entirely for using as an example in RFCs and accepts no email) or something with an obviously false domain. Actually you can enter pretty much any string you like.
Personally I didn't bother and included my Tor Mail address. If anyone uses that address I'd rather the email be encrypted anyway.
-
Great tutorial, putting it to the test as we speak!
-
Thanks a lot for this guide, it made getting started with PGP a lot simpler than I thought it would be!
I only just joined here, and the sheer amount of work people have put into protecting their own and others' privacy online through services such as Tor and PGP is amazing to me. These efforts should be commended.
-
Thanks for this info! I'm still new on SR so learning how to use pgp was on the to do list.
-
HI ALL,
I'm new here and just would like to say thankyou thankyou soooooo much shepj for the tutorial. GrEAT and much needed information which set me on the right track!
Props to putting this all together for us
cheers ;D
-
This seems very straightforward, but I'm having trouble figuring out how to select the addressee's public key. Can anyone help me out? Here's what I did:
1. generated my key, okay no problems there
2. created a text file of the addressee's public key and imported it, just fine so far
3. clicked Clipboard, wrote my message
4. clicked Encrypt... under 'Public Keys' I can only see my own key that I generated... I cannot see the public key that I imported, so I can't encrypt a message to that user...
Am I doing something wrong? I tried a variety of things, refreshed my key list, restarted the program, tried selecting either my own key or the public key before going to clipboard... nothing... it only lets me encrypt to myself. What am I missing?
Edit: Now I see that the public key I imported is actually expired, obviously that's why I can't select it. problem solved
-
..noticed gpa crashed a few times and its basic functionality.?!
-
none of these links are working for me bro can you please help me
-
Hi!
Im new to SR and all this stuff. I managed to install this program and create my keyes. I want to send a message to the vendor to ask whether he sells to first-buyers or no. But;
When I send a message to the vendor do I just encrypt it with GNA, then send a message through his profile page including my public key in the end? Or do I send two messages one with message one with public key, or something?
Thank you in advance
-
Great tutorial! Definetly helped me get up and running.
Quick question. Say I am sitting at home and my computer is on, and I get raided. LEO grabs access and opens my PGP software therefore displaying all the public keys I have in turn making me guilty by association with say top vendors on this site? Are you guys holding they keys on a USB or another encrypted file and accessing the keys when its time to send a message? Thank your input/methods/tips!
-
Hi Guys,
i followed the instructions from the frist post this day and don't get along with the instructions..
i have installed Kleopatra and don't know how to use it.. it's not like the "old" GPG and the pictures from post 1 don't look helpful.
Can someone help me to encrypt messages?
cheers!
-
Hi Guys,
i followed the instructions from the frist post this day and don't get along with the instructions..
i have installed Kleopatra and don't know how to use it.. it's not like the "old" GPG and the pictures from post 1 don't look helpful.
Can someone help me to encrypt messages?
cheers!
im having the same problem. wtf is this kleopatra stuff? completely different to the tutorial...
-
Hi Guys,
i followed the instructions from the frist post this day and don't get along with the instructions..
i have installed Kleopatra and don't know how to use it.. it's not like the "old" GPG and the pictures from post 1 don't look helpful.
Can someone help me to encrypt messages?
cheers!
im having the same problem. wtf is this kleopatra stuff? completely different to the tutorial...
hi, i made a separate thread for this problem:
http://dkn255hz262ypmii.onion/index.php?topic=35779.0
i did what they say and it works:
You need to uninstall all of that and then when reinstall. but this time when you re install you have to pay attention and not just click next next next. Anyways. When you are installing it you will see it come up with a list of what you want to install. GPA is on that list but for some reason it is not checked by default. so you have to check it then it will install it. You can even uncheck Kleopatra if you want.
hope it will help you too ;)
-
I am having trouble viewing the encrypted PGP message after I encrypt a message. I saw on the pictures that the OP had the encrypted message up on a clipboard, but I cannot find an option for a clipboard on Kleopatra. I'm running the pgp4win Windows version. How do I view the encrypted text?
-
Great tutorial! Definetly helped me get up and running.
Quick question. Say I am sitting at home and my computer is on, and I get raided. LEO grabs access and opens my PGP software therefore displaying all the public keys I have in turn making me guilty by association with say top vendors on this site? Are you guys holding they keys on a USB or another encrypted file and accessing the keys when its time to send a message? Thank your input/methods/tips!
- you would be associated to a random person on SR, they would have to catch the very same vendor...who has the corresponding private key
(private key you dont have)
- otherwise anyone could save anyone elses public key it doesnt mean anything; could cut & paste -save every vendors pgp public key into
your key management tool, need more evidence to prove you did anything with the said data.
Look after your own security to ensure you are safe and thus not implicating anyone else.
Peace
TWM
-
Great tutorial!!
-
This wasn't as hard as I thought it would be thanks for the easy tutorial. +1
-
<- i learned my pgp from this thread
-
awesome! thanks guys, for the information! :)
-
http://silkroadvb5piz3r.onion/index.php/silkroad/user/1ed6c2a34a/70
Anyone having problems with this guys pgp?? I cant seem to encrypt using it
-
Hey guys quick question.
I encrypted my message with my address in it, however i had it like this
Xxxxx
Xxxxxx
Xxxxxx
Xxxx
And when i decrypted to see how it looked, it was like this with no line breaks..
XxxxxxxxxxxxXxxxxxxXxxxxxxxxXxxxxxxxxxxxx
How do you guys do the line breaks so it looks like an address should???? I am using notepad with cleopatra clip board! Thanks
-
I am having trouble viewing the encrypted PGP message after I encrypt a message. I saw on the pictures that the OP had the encrypted message up on a clipboard, but I cannot find an option for a clipboard on Kleopatra. I'm running the pgp4win Windows version. How do I view the encrypted text?
Kleopatra encrypts/decrypts to the clipboard. Unfortunately, the only way you can view the clipboard contents is by pasting it into an editor, e.g. Notepad.
Guru
OK, I finally figured it out. Thanks!
-
Hey guys quick question.
I encrypted my message with my address in it, however i had it like this
Xxxxx
Xxxxxx
Xxxxxx
Xxxx
And when i decrypted to see how it looked, it was like this with no line breaks..
XxxxxxxxxxxxXxxxxxxXxxxxxxxxXxxxxxxxxxxxx
How do you guys do the line breaks so it looks like an address should???? I am using notepad with cleopatra clip board! Thanks
That's a word-wrapping issue which some GUIs have a problem with (in some circumstances) and some don't. Enigmail does a similar thing when encrypting using PGP/in-line instead of PGP/MIME (neither of which concerns most people here because of the way we use GPG).
I suggest installing GPA and seeing if it does the same thing. Alternatively, saving the address as a file and encrypting that should preserve any line breaks or carriage returns in the file.
-
Yay for PGP tuts
-
Newbie question here, when you send an encrypted message does your public key go with it automatically or should that be something you copy and paste into the message manually?
-
Newbie question here, when you send an encrypted message does your public key go with it automatically or should that be something you copy and paste into the message manually?
You need to copy it into your first message manually, but once someone has it they don't need a new copy each time.
-
One question, if I wanted to send my home address to a user whose know his public key can encrypt the message with his public key and make sure that he can read?
-
Thanks for the great tutorial. I was mystified by the whole GPG thing until I read it.
-
Does GPG = PGP ?
-
Does GPG = PGP ?
Both GPG and PGP are implementations of OpenPGP (the protocol which sets the standard for all implementations). PGP was the first, created by Phil Zimmermann which is why the name is used for everything. PGP is a proprietary software package currently owned by Symantec. GPG is a free software package written by g10/Werner Koch in Germany.
-
Does GPG = PGP ?
Both GPG and PGP are implementations of OpenPGP (the protocol which sets the standard for all implementations). PGP was the first, created by Phil Zimmermann which is why the name is used for everything. PGP is a proprietary software package currently owned by Symantec. GPG is a free software package written by g10/Werner Koch in Germany.
Thank you very much for this info. How does vendors on SR use PGP if it costs above $100 on Symantec site? Is there cracked edition on the net or sellers use the GPG free software?
I'm asking because one vendor asked me to use the PGP while I didn't have any idea what it is.
-
Does GPG = PGP ?
Both GPG and PGP are implementations of OpenPGP (the protocol which sets the standard for all implementations). PGP was the first, created by Phil Zimmermann which is why the name is used for everything. PGP is a proprietary software package currently owned by Symantec. GPG is a free software package written by g10/Werner Koch in Germany.
Thank you very much for this info. How does vendors on SR use PGP if it costs above $100 on Symantec site? Is there cracked edition on the net or sellers use the GPG free software?
I'm asking because one vendor asked me to use the PGP while I didn't have any idea what it is.
Most people use GPG, including the vendors, but they generally just call it PGP. The reasons why they shouldn't is just far too irritating to explain to each person on a case-by-case basis, so I usually don't.
Just install the right version of GPG for your operating system and go from there. Read through all of the stickied threads in the Security forum too and use PGP Club (one of the stickied threads) to practice once you have it installed and your key ready.
-
Does GPG = PGP ?
Both GPG and PGP are implementations of OpenPGP (the protocol which sets the standard for all implementations). PGP was the first, created by Phil Zimmermann which is why the name is used for everything. PGP is a proprietary software package currently owned by Symantec. GPG is a free software package written by g10/Werner Koch in Germany.
Thank you very much for this info. How does vendors on SR use PGP if it costs above $100 on Symantec site? Is there cracked edition on the net or sellers use the GPG free software?
I'm asking because one vendor asked me to use the PGP while I didn't have any idea what it is.
Most people use GPG, including the vendors, but they generally just call it PGP. The reasons why they shouldn't is just far too irritating to explain to each person on a case-by-case basis, so I usually don't.
Just install the right version of GPG for your operating system and go from there. Read through all of the stickied threads in the Security forum too and use PGP Club (one of the stickied threads) to practice once you have it installed and your key ready.
Hey thanks for the great answer.
I don't want to sound rude for asking more questions, but what is the best option for Win7 32bit?
Is it risky to send privnote .com to the seller for my address or when using the SR messages system?
I saw this bootable linux USB for sale, I will get this as soon as I can.
Thank you for your time.
-
thanx guys))
-
thanks for this tutorial
-
Every time I try and create a key it doesn't works and says "general error"
-
there is no gpa.exe in that folder ? Has the file name changed in recent versions?
-
i dont have de gpa.exe O.o
thats wierd?
-
Do you have Kleopatra in the folder ? I'm not sure what they've changed with the GPG install suite, but you can use any key manager.
I have compiled shepj's guide as well as my own for kleopatra on this onion: http://p3lr4cdm3pv4plyj.onion/
There is also a link off of that to test your GPG encryption methods as well. worst case, install the old version of GPG that's referenced in my tutorial on that onion.
Good luck! let me know what you find!
-
Ok now I've spent the last two or three months scouring Tor and its forums trying to find out how to encrypt/decrypt/send encrypted messages/etc. and I have obviously found the OP to be VERY HELPFUL. But I am also assuming that, like many visual learners out there like me, prefer to see things in real time rather than click, paste, look, repeat. Here is a link to a youtube video that helped me out tremendously. Once again big props to the OP for helping out a noob like me in understanding the vast world of encryption and computer logistics.
http://www.youtube.com/watch?v=SywCI91kfq0&feature=related
Please be cautious when viewing this video on the tor network or on unprotected computers as they can be linked to you.
CHEERS!
-
I'm very, very new, but thanks to you, I am now encrypting all my sensitive messages and addresses. ;D
-
Hello im new to SR and am very confused, is this the same way to set up for a mac ?
-
a poster on this thread said its the same for a mac
http://dkn255hz262ypmii.onion/index.php?topic=83886.15
but I disagree. I am pretty good on a mac, but this is either WAY over my head or not compatible on a mac. The windows set up DEF is different.
I followed the video here http://support.gpgtools.org/kb/how-to/first-steps-where-do-i-start-where-do-i-begin#newkey and yet my vendor says he cant read it. It looks the same..but it doesnt have a header on the key.
so I disagree, its NOT the same on a Mac
-
by the way...there is some sort of issue depending on operating system.
Open GPG says it works for Lion but its BETA for Mountain Lion, which I have. Seems as if I shouldn't have upgraded. I am going to ask my IT guy at work....in general conversation...,to teach me about encrypting
-
Finally! Much thanks to all for their time and effort! :)
-
please help me. i downloaded gpg4win from the website www.gpg4win.org and I read everything connected with it, even the installation process step by step with pictures. well, I downloaded it, but the installation process that they showed me with pictures step by step did not take place. And I can't even find my download. I looked in "downloads" and it's empty. so can you please help?
because first I read wiki like I was told to on the forum, and did what I was told and no gpg4win! so i have no encryption so I can't order anything. I thought this was kind of too good to be true anyway, ordering whatever I need. yeah, right.
Is there someone I can communicate with, or ONE CENTRAL LOCATION where newbies like myself can just follow step by step, and then have it actually work?!
First I read wiki like instructed to on the forum. Itt led me to a site where I can download gpg4win. I read and watched the instructions with pictures, and then I downloaded it. It never went through the installation process, and gpg4win is nowhere to be found.
. This reminds me of a maze with 50 different forks in the road, all leading to nowhere!!
Here, you can buy this medicine that you desperately need and cannot spare any time getting it because you need it NOW, oh, but here it is for you. All you have to do is A, B, C, D, and E before you can order this medicine from me. But as far as how to do A, B, C, D, and E, there's no clear road how to do that.
I spent days dicking around on here. Can you get ONE CENTRAL LOCATION and say this is what you do? There has to be hundreds like me. Not everyone is a computer geek. We all have different skills. It doesn't mean someone is lazy. I'd even be willing to pay for the help, if there was a number to call or a person I could communicate with, or even one central location for the information I need to do A, B, C, D and E.
-
Gotta say i'm loving GPG. Once i got the hang of it, awesome. GPG4USB is great. 8) ;D
-
Forget about GPG4WIN. Download GPG4USB instead. The interface is 1000x easier than GPG4WIN.
The site also has screenshots, showing you how to use the program, although they probably aren't necessary, because GPG4USB's interface is just that good. People have spent days trying to figure out GPG4WIN, and then they tried GPG4USB, and were up and running in 10 minutes.
GPG4USB homepage: http://gpg4usb.cpunk.de/index.html
Guru
Let me confirm this. I just made the switch because after installing GPG4WIN countless times, this last time Kleo would not import any key not matter what I did. I moved on to GPG4USB and not only did the problems IMMEDIATELY disappear, but the interface as GURU states rocks!
-
thanks for that! :)
-
Thanks. I'm a total noob and you saved me lots of heartache.
-
You don't need this if you're only planning on purchasing, right?
-
You don't need this if you're only planning on purchasing, right?
you have to supply your address in order to get your purchase.
The questions you have to ask yourself about this is:
Do you trust SR with your address (not your vendor, but the unknown admins of this site)
Do you trust that SR has never been, and currently isnt compromised in any fashion? (not to say it is, but it could be)
Do you trust that the vendor you're buying from will check his orders and ships your order before the site has a problem and goes down, or gets seized, etc.
ultimately, do you trust your unprotected address on a site as popular and famous as this, for both law enforcement, hackers, and the only form of trust you have with a vendor is their approval rating?
I hope your answer to any of these questions is no, you dont trust anyone on a site like this with your address, except maybe the vendor you're dealing with itself.
Please use GPG encryption when you can. -- Its not that hard, can be kinda cool (talking all encrypted) and ultimately keeps you infinitely more protected than if you dont use it at all.
-
You don't need this if you're only planning on purchasing, right?
ultimately, do you trust your unprotected address on a site as popular and famous as this, for both law enforcement, hackers, and the only form of trust you have with a vendor is their approval rating?
I hope your answer to any of these questions is no, you dont trust anyone on a site like this with your address, except maybe the vendor you're dealing with itself.
Please use GPG encryption when you can. -- Its not that hard, can be kinda cool (talking all encrypted) and ultimately keeps you infinitely more protected than if you dont use it at all.
+1!
-
I downloaded and installed GPG, but can't open gpa (per step 3) it's not listed in my directory.
Any ideas....
-
I downloaded and installed GPG, but can't open gpa (per step 3) it's not listed in my directory.
Any ideas....
Just ditch GPG4WIN and use GPG4USB instead. http://gpg4usb.cpunk.de/index.html
After that, just go to Astor's tutorial: http://32yehzkk7jflf6r2.onion/gpg4usb/
That should get you up and running in 10-15 minutes.
NC
-
Just type PGP Encryption in YouTube, click the first video and follow the tutorial. It doesn't get any easier or informative than that. There is a bunch of videos on it. It took me 5 minutes to master it after beating my head over the table trying to figure it out for days. It's really as simple as 123. Remember to check the GPA tab. That's the most important one. Good Luck and feel free to message me if you have any questions that you want answered from a newbies perspective.
-
Great guide thanks! I had trouble finding gpa haha!
-
What is gonna stop "the feds" or the admins, or any other entity actively trying to retrieve my address, from doing so? What is stopping them from using the very same encryption software that my supplier is using to decrypt my address, to decrypt anyone's encrypted address they want to?
Am I the only one who thinks this process is a lot of work for no more protection at all?? Or do I have it wrong, and there is some information that I am missing about the process?
-
thanks So much for this guide it is greatly appreciated! :)
-
FUCKIN AWSOME