Silk Road forums

Discussion => Security => Topic started by: jojo on November 17, 2012, 07:12 pm

Title: GPG newbie
Post by: jojo on November 17, 2012, 07:12 pm
Newbie,
I installed GPG for the purpose of when I type in my address in a SR order it will be encrypted. However, I dont see how you do that. It keeps talking about encrypting emails. I 'think' I just want too encrypt the text in the address box and ensure the receiver can unencrypt it,
Title: Re: GPG newbie
Post by: woahmang on November 17, 2012, 08:22 pm
I don't use Windows because fuck Windows, but in Ubuntu I do this:

To set up the first time:

1) Press windows key to open the search and type "keys", then click on "passwords and keys" icon.
2) Choose "New" from the file menu to create a new key
3) Choose "PGP key" and enter your key details (your name or alias, a tormail.org or fake email address and an additional comment)
4) In "Advanced key options" change the Key Strength to 4096 (because bigger is better!)
5) Click create and enter a password so that only you can send messages using this key.

To add a new dealer:

1) Create a new text file on your desktop, call it Dealer.asc where dealer is your dealer's name.
2) Copy and paste your dealer's public key into this file and save it
3) Press windows key, type "keys" and click the "passwords and keys" icon
4) Go to File->Import menu, then choose the key file.
5) Delete the key from your desktop, it's now in your keyring.

To send a message to a dealer:

1) Right click on your desktop and create a new text file. Call it message.txt
2) Open terminal: Press windows key and type "term", click on the terminal icon
3) Type cd ~/Desktop to move to the desktop
4) Type gpg -e -a -u "YOUR ALIAS" -r "THEIR ALIAS" message.txt to encrypt your message. You should now see a message.txt.asc on your desktop
5) Type gpg --export -a -o pubkey.asc "YOUR ALIAS"
6) Send both the encrypted message.asc.txt and the contents of pubkey.asc to your dealer

To read a message from your dealer:

1) Copy the encrypted message and save it to your desktop in a file called message.txt.asc
2) Open terminal and move to the desktop as above
3) Type gpg --decrypt < message.txt.asc to get your message

Security tips:

1) Before deleting messages or any other files you can use the shred message.txt command to obliterate them
2) Delete dealer keys from your keyring if you're never going to use them again, you can always add them again later
3) Run BleachBit (available for free in the software center) to delete browsing history, deleted files and so on.
Title: Re: GPG newbie
Post by: nitpi950 on November 17, 2012, 08:31 pm
If you don't want to fuck with any terminals and you're on Windows, the process is, assuming you've already imported the public key of the vendor, which is straightforward enough, to write your address in the field, select all and cut, right click on the Kleopatra system tray icon, go to clipboard, select "Encrypt..." and follow the prompts, and then paste the result back into the field. The only recipient you have to add is the vendor, since you presumably won't forget the contents of your message, since it's your address.
Title: Re: GPG newbie
Post by: Nightcrawler on November 17, 2012, 09:13 pm
Newbie,
I installed GPG for the purpose of when I type in my address in a SR order it will be encrypted. However, I dont see how you do that. It keeps talking about encrypting emails. I 'think' I just want too encrypt the text in the address box and ensure the receiver can unencrypt it,

Just download and use GPG4USB.  Add the vendor's keys to your keyring, compose your message in the edit window. Check the boxes beside the key(s) you want to encrypt to in the right hand pane where the keys on your keyring are shown.  Then click the Encrypt button.  Copy the encrypted message to the clipboard, and paste it wherever you want it to go.

GPG4USB home page: http://gpg4usb.cpunk.de/index.html

Follow the instructions in the documentation. You'll be up and running in 10 minutes.

Nightcrawler
Title: Re: GPG newbie
Post by: Publius on November 17, 2012, 10:50 pm
gpg4usb is the way to go.
Title: Re: GPG newbie
Post by: jojo on November 18, 2012, 01:18 am
I have a mac and installed GPG. So does the vendor need to supply me with a key?
Title: Re: GPG newbie
Post by: Nightcrawler on November 18, 2012, 01:38 am
I have a mac and installed GPG. So does the vendor need to supply me with a key?

Yes, the vendor needs to supply you with their PGP key, which you add to your PGP keyring.

When you go to encrypt a message, you encrypt it to the vendor's key as well as your own.

If you wish to communicate securely with your vendor, you also need to supply him/her with your PGP key.

Head over to the PGP Club thread to get some practice using the software.

Nightcrawler

Title: Re: GPG newbie
Post by: wicked420 on November 18, 2012, 01:45 am
http://p3lr4cdm3pv4plyj.onion/

Here are a few guides on how to setup GPG encryption - and there is also a way to test your setup.  the PGP club thread is also fun of friendly people willing to tech support for ya!
Title: Re: GPG newbie
Post by: nitpi950 on November 18, 2012, 05:54 am
I have a mac and installed GPG. So does the vendor need to supply me with a key?
Most vendors keep they public keys on their SR vendor pages. Copy it and save it to a text file with the extension .gpg, import that with Kleopatra, and use that when you select recipients when you encrypt as I described before.
Title: Re: GPG newbie
Post by: midwestmedical on November 18, 2012, 10:02 pm
I have a mac and installed GPG. So does the vendor need to supply me with a key?

Like others have said, the vendors public key is usually on their page.  When using a mac, i first copy the info over and save it in text edit.  You will have to change the extension on the file to .asc so the PGP program will import it.