Silk Road forums
Discussion => Security => Topic started by: tor12345 on November 08, 2012, 07:06 am
-
Hey everyone,
Until trying to do this I considered myself fairly technically competent. I was obviously mistaken. I've seen the 2x speed screencast by GPG tools and I can copy all the stuff they do which seems like a decent start.
Here is the link for anyone who may need it: https://www.gpgtools.org/screencast.html
I'm just not sure what to do though.
Do I copy someones public key and put it into the OpenPGP program or what? I've been at this for a few hours and I'm completely lost and super frustrated. I know this is very basic but for some reason I just can't grasp it. I searched the forum for a step by step guide but had no luck finding one. Will someone outline the steps I need to follow to send an encrypted message please?
Thanks
-
Copy/paste someone's public key into the program TextEdit. Select the key. Go to TextEdit>Services>Import Key.
Write your message in TextEdit. Select it. TextEdit>Services>Encrypt. Choose the key of the person you are writing. Do NOT sign. Add to recipients. Encrypt.
Copy/paste the encrypted message from TextEdit to the message field on SR. Done!
-
Fantastic. Thank you.
-
Are you guys running OSX Mountain Lion?
As I have set it all up and I think I know what I am doing, however, after a bit of research I am wondering if there is full support for Mountain Lion yet?
-
It appeared to work correctly for me on Mountain Lion. Will you please share your concerns?
-
Hmmmm.
Well I had some success but I can't get this key to import properly. I select it and import it but no email address shows up and it is not in the list of keys when I try to encrypt my message.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG C# v1.6.1.0
mI0EUEOmfAEEALQKib+TaJ2NtAz9tIIUmN+Mjyw+C0NvakcMw+tdjj7dLluYV04s
YmxfE2vBLHNiWhGAei1auL9cDQ1KDg31AbDc07AFhvfqrFuYHUc8fgYxgSh0MaY+
yQliOKzHnCorgGMz4pGl1GQyiYehafy5bpq23so50XZNvLCZ/pdJRak9ABEBAAG0
D2FhbmJvZC1saXZlLmNvbYicBBABAgAGBQJQQ6Z8AAoJENi4Btf1nVBQO3wD/1G4
QyfcUtQNZaFj+S9dMSvgTi4nA6sJAy2TxS5CmmgOKf6dsD4N3VlGteHpHgzVdg0J
B4PWEJCNe6eGYqLzPH3koRF7w5SJBQ1SiimIJgLk5L4M62K0yRzalK44rFvNCpzg
3ndBQ+UIAs+fkIgLPW2wJuSYQlyTUs6bejjPjIVm
=I+XG
-----END PGP PUBLIC KEY BLOCK-----
Any ideas out there?
Thanks in advance.
-
I was able to import it. There is no email address associated with this public key.
-
I was able to import it as well but it does not show up in the list of recipients. Not sure what to do.
-
I'm certainly no expert when it comes to encryption, but it sounds to me like the program you're using is pretty lame and uses the email address to actually keep track of recipients. So no email address, no entry for the recipient maybe?
Try another PGP program.
-
Thanks.
Does anyone have suggestions for good Mac PGP clients?
-
Almost anything with the GNU name is solid and reliable. Try the Mac port of GPG: http://macgpg.sourceforge.net/
-
That's what I'm using now unfortunately.
-
Oh, then I don't see how that could be the problem. Imports fine and shows up in my list with gpg in Linux, BTW. But it's a 1024 bit key, which is a bit weak. and it has no comment. And no email. And the username is a domain (aanbod-live.com ???)
Who the Hell gave you this key? It's awfully... weak, in a few different senses of the word. Are you sure you want to interact with this guy?
-
He is a vendor here with numerous positive reviews and great prices so I would like to interact with him. ;)
Unfortunately I don't recall his name and I'm unable to access the marketplace right now. Once the marketplace is back up I will mention these issues to him and maybe he will fix them.
It's unfortunate I'm unable to find the resolution to this. I did pull up his information and saw the key was weaker than others I have imported. When you imported his key does anything show up on the "subkey" tab? It is empty for me while all the others I've imported have data there.
-
Nope, nothing. I've seen a couple of other keys without that, but I'm not knowledgeable enough about encryption schemes to know exactly what that means. I *think* it means that they can't sign something (as in sign it to guarantee it really did come from them)... but I'm none too sure about that.
I'll say this. Of the few vendors I've seen who don't have a subkey, only one (out of 3) I'd do business with. That one is spectacular to do business with, as it so happens... but the others I wouldn't buy from unless I were hard up or had no other options. Just my 2 cents.
... it's also retarded to not use your fucking name as your key name. I mean seriously, that's just silly. Doesn't he want people to do business with him?
-
Thanks for the help. I've run into another issue. I think it's pretty simple and I'm hoping someone can help me out.
I have an encoded message and the public key which has been imported into PGP Keychain access. When I highlight the message in text edit and choose "decrypt" the encrypted message vanishes and no clean text replaces it. Text edit is empty.
Would someone please write out the correct procedure please?
Thanks
-
You're using the wrong key. The public key encrypts the message so that the only person who can decrypt it is the one who has the private key. Generally, that's the guy who gave you the public key, since otherwise getting an encrypted message from you won't do him any good w/o that private key. :)
And no, you cannot decrypt your own messages after you've encrypted it. Once it's encrypted, only the guy with the private key can decrypt it. To be clear, that means no one should ever, ever have your private key. If you ever make a key pair, you pass out the public key like vendors do, and guard the private key with your life and use that to decrypt messages to you.
That's why if you want the vendor to encrypt his answer back to you, you include your own public key in your message to them :)
-
iGolder is very simple
-
iGolder is very simple
iGolder should not be used by anyone on here who values their safety. iGolder is a broken Java-based implementation of PGP that does not conform to current standards re: key-sizes or key-formats. Just because something is easy to use doesn't always make it better (not to mention safe).
Use GPG4USB instead: http://gpg4usb.cpunk.de/index.html