Silk Road forums

Discussion => Security => Topic started by: mrbateman on November 18, 2012, 11:27 am

Title: Dummies guied to PGP... Help!
Post by: mrbateman on November 18, 2012, 11:27 am
Hi guys,

So being a total newbie with this, i was looking for some advice on the easiest and most straight forward way for me to buy on SR using PGP?

I'm on a Mac, OSx Lion, and i've downloaded GPG, but it's telling me the plugins aren't compatible with the version of Mail/OSx that i'm using.

I've tried reading tutorials (most are for Windows) and after 2/3 days i'm just about ready to give up!

Any help or step-by-step tutorials anyone has for a total beginner would be much appreciated.

Thanks!
Title: Re: Dummies guied to PGP... Help!
Post by: wsg on November 18, 2012, 02:41 pm
Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
http://dkn255hz262ypmii.onion/index.php?topic=30938.0
might get more help here
Title: Re: Dummies guied to PGP... Help!
Post by: Nightcrawler on November 18, 2012, 07:36 pm
Hi guys,

So being a total newbie with this, i was looking for some advice on the easiest and most straight forward way for me to buy on SR using PGP?

I'm on a Mac, OSx Lion, and i've downloaded GPG, but it's telling me the plugins aren't compatible with the version of Mail/OSx that i'm using.

I've tried reading tutorials (most are for Windows) and after 2/3 days i'm just about ready to give up!

Any help or step-by-step tutorials anyone has for a total beginner would be much appreciated.

Thanks!

First off, you can completely forget about using Mail. The reason for saying that is that Mail will work only with clearnet (i.e. non-anonymous) email accounts, like Gmail, Hotmail, Yahoo, etc.  These types of accounts are NOT suited for use on Silk Road, as they can be traced.  Please remember that PGP provides privacy -- it does not provide anonymity. Ideally, you want both anonymity and privacy.  That means that you want to use Tormail and PGP, if you're going to use email at all.  Remember, some vendors will refuse to use email at all, while others only provide a Tormail address as a backup in case of Silk Road downtime.

Most of your interactions with vendors will  likely be via PM here on the Forum, or on the Silk Road site proper.  Some vendors prefer all communications to be PGP-encrypted, while others prefer only address or other identifying information to be encrypted.

Here are some instructions (originally written by Guru) that should get you started:

GPGTools is highly version dependent -- depending on which version of OS X you have, it may or may not work as expected.  If you have Leopard (10.5) then you're pretty much out of luck. Your only option then will be using the command-line.

If you have Snow Leopard (10.6), Lion (10.7) or Mountain Lion (10.8), the following instructions should be sufficient to allow you to get up and running.

Download and install GPGTools: http://nightly.gpgtools.org/GPGTools_Installer-trunk.dmg

Once you have installed GPGTools,  what you want to do is to go into System Preferences --> Keyboard --> Services.

Scroll down until you find the following entries. Be sure to put a check mark in the boxes to activate each keyboard shortcut.

Keyboard shortcuts:

OpenPGP: Decrypt Selection:             Shift-Command-D

OpenPGP: Encrypt Selection:             Shift-Command-E

OpenPGP: Import Key from Selection:     Shift-Command-I

OpenPGP: Insert My Fingerprint:         Shift-Command-F

OpenPGP: Insert My Key:                 Shift-Command-K

OpenPGP: Sign Selection:                Shift-Command-R

OpenPGP: Verify Signature of Selection: Shift-Control-V

Remember, these shortcuts only operate on highlighted or selected text.

To select text within TextEdit, use Command-A to highlight the entire document, or use your mouse to selection the section that you want to verify/sign/encrypt/decrypt. It is highly recommended that you use only plain-text, as opposed to Rich Text (.rtf) format. Use Command-, to bring up Preferences and ensure that the plain text radio button is checked.

Also ensure that the following are UNCHECKED in TextEdit preferences: smart quotes, smart dashes, smart links.

Once your text is highlighted in TextEdit, (by pressing Comand-A) you then encrypt using Shift-Command-E. You will then be presented with a list of keys to encrypt to, that you hve added to your PGP kryring


Other Commands You May Need:

OpenPGP: Decrypt File:                   Control-Command-D

OpenPGP: Encrypt File:                   Control-Command-E

OpenPGP: Sign File:                      Control-Command-S

OpenPGP: Verify Signature of File:       Control-Command-V

Naturally, you can change any of these shortcuts to ones of your own choosing, if you wish.


Once you have setup these shortcuts, you can begin using GPG.

To encrypt a message to someone using GPG, you first need a copy of the recipient's PGP public key.

Once you have located someone's PGP public key, you should copy and paste it into TextEdit. Save the file to a file; you can file the file, import.asc, for example. This saved file will usually be found in the Documents folder.

Launch GPG Keychain Access from the Applications folder. click on the Import icon in the upper left hand corner. GPG Keychain Access will then prompt you for the name of the file which contains the key to import. It will usually show you a list of files in the Documents folder. Click on the file named import.asc, and click ok. The PGP public key will then be imported into your PGP keyring.

To encrypt a message to a person, the message must be contained in a TextEdit document. Use Command-A to hightlight the entire document. Then use Shift-Command-E to encrypt. GPG will pop-up a list of public keys in your PGP keyring. Each key will have a little checkbox beside it which you can check, to select that particular key. If you were encrypting a message to me, you would put a check in the box beside my PGP key (Guru@SR). When you click on OK, the plaintext (unencrypted) message in TextEdit will be replaced with the encrypted message. You can then copy and paste the encrypted message to enter it into a form on Silk Road, or anywhere else that it needs to go.

To decrypt a message sent to you by other people, you need to copy that message to the clipboard, and paste it into a TextEdit document. Again use Command-A to highlight all the encrypted message. Then use Shift-Command-D to decrypt the message. If the message is encrypted to your PGP public key, you will be prompted to enter your passphrase. Once the correct passphrase has been entered, and you click OK, then the message will be decrypted, and the decrypted text will be placed in the TextEdit document, replacing the encrypted message that was there previously.

Title: Re: Dummies guied to PGP... Help!
Post by: bateman on November 19, 2012, 08:47 pm
Hi, me again, i forgot my password to mrbateman!

Nightcrawler, thanks so much for your help! that helped out a LOT!
Title: Re: Dummies guied to PGP... Help!
Post by: RaFaeL5 on December 08, 2012, 01:26 pm
Great guide!!!!

The PGP guide for dummies - THANK YOU!!!

But...when I do all that you say here,
when I encrypt in TextEdit I get the error:
"Encryption canceled. No private key selected to add to recipients".

What am I doing wrong?

Thx a LOT for this page!  ;D
Title: Re: Dummies guied to PGP... Help!
Post by: RaFaeL5 on December 08, 2012, 01:37 pm
Also:

I've been testing my skills @ TorID's testpage:
http://p3lr4cdm3pv4plyj.onion/test.php

But I constantly get an error message, when I try to encrypt and when I try to decrypt.
is this page down, or am I making a mistake somewhere?

Cheers to all
Title: Re: Dummies guied to PGP... Help!
Post by: RaFaeL5 on December 09, 2012, 10:50 am
SOOOOO....it took me lots of time & energy,
but I managed to solve all my problems.

This page has been very helpfull also:
http://support.gpgtools.org/

Now I just have 1 last question:
many forumguests have a "signature" where there's a link to their Public Key.
How do you do that?

Cheers,
R5
Title: Re: Dummies guied to PGP... Help!
Post by: Theophilus on December 09, 2012, 09:21 pm

Now I just have 1 last question:
many forumguests have a "signature" where there's a link to their Public Key.
How do you do that?

Cheers,
R5

Go to this thread and post a reply with just your PGP Public Key: http://dkn255hz262ypmii.onion/index.php?topic=174.0 (it's just a thread that was created for this purpose, a repository that you can link to. Although I've seen some use links to services like pastebin etc,)

Right click on the link at the top your post in that thread and copy the link.

Go to profile / forum profile and paste the link in there.
Title: Re: Dummies guied to PGP... Help!
Post by: asdfjkl101 on December 10, 2012, 12:34 am
posted this in the paralyzed by pgp thread, but everything seemed to skip over to the next page and i doubt anyone noticed it. any help is greatly appreciated.

alright, i've got it! i've got the bare bones, basic functions all down. the one problem i'm having is that after importing an individual's key, there will be a drop down arrow next to their alias. under that drop down arrow are three things, "pub, uid, sub." but if i'm unable to encrypt a message to them, since their name will just not show up on the list of recipients, the drop down arrow will only list two things instead, "pub, uid."

am i just not able to import their subkey, which makes me unable to encrypt messages to them? i don't see what to do or how to fix this.
in addition, i'm using gpgtools on mac osx.