Silk Road forums

Discussion => Security => Topic started by: g01d3n on January 13, 2013, 01:56 am

Title: Just to be perfectly clear....
Post by: g01d3n on January 13, 2013, 01:56 am
This Pgp encryption stuff is complicated, but I finally think I've gotten how to do it. I don't plan to pass encrypted messages back and forth, I just plan to send an encrypted message with my name, address; you know, sensitive information. From what I got from all the tutorials, first I send ---

When I make my order, I message --

Key ID - 587C61C6
Fingerprint - 9B6C BFC1 4C8E 6186 5786  C07C 9E04 1084 587C 61C6

then the encrypted message --

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.17 (MingW32)

hQEMA0gDbhCYZD3lAQf9GhB4kzZhIzmdaHBnmw6oxPO0RR0PmXnYUXlTyW3GLj7g
6URnTYNsBbb0EPBu/z0ZuWq6K4saED0Wu0hgVbWigePsKAfg0l9nDd6EglgIXLFz
j9sRcFRT/5ajjRQx4B03e+rFLxzjqJ1Fnvcf+cE40WGevVXWR6BSdz0DzOOxoyAz
dXC2Si1zQQHs5xbD8jAH3FCV/Ezj+v8zlNEhL7jtb72ppQSzdMNzCVF/cSzWlTbD
jtbRw0F1H9tyJYDuuieaujw/bz7z86Nse7eadZ1n5UCnNgeMPbmMcTOpKPzX6qF1
LdS/ttLt78YcusTWgUgSxLZ2PyKvjKTOCrlG0JHVRNJnAcvIacQ70HfvNo794pxa
YM+WBX4mM4Oq9vmtgPasDPW9ylMC7biSNBzWzqBfGWw4W+YW7nb3WehhciWIvE0O
03KfH1O0NyNJio9PHfX9ctwbZ8HJh3km1Ay+q51t4h6MmX6TA6S08w==
=TXi3
-----END PGP MESSAGE-----

I think I followed the directions correctly, would anyone be kind enough to test this?

Thank you so much for your time.

-g01d3n
Title: Re: Just to be perfectly clear....
Post by: strangemagic on January 13, 2013, 03:10 am
would anyone be kind enough to test this?

That's not something that just anyone can do. The message can only be decrypted by the person for whom you encrypted it.

Who would that be, in this case?
Whose public key did you use to encrypt this message?
And where did you get that public key from?

PGP reports that this message is encrypted for a recipient with key ID 98643DE5. Is that your own key, or a specific vendor's key? If the latter, then only that vendor can decrypt the message (and if the former then only you can decrypt it).

As for sending your own key ID and fingerprint, I can't see why that would be necessary if you plan to only SEND encrypted messages and do not need to receive them. In any case that information would be useless if you haven't also posted your key on a public key server. It would be more useful instead to send a link to your public key itself (but again, only if you intend to RECEIVE encrypted messages, which you said you don't).

But tbh your best bet is to go talk to Astor and others in the PGP Club forum thread, at:
   http://dkn255hz262ypmii.onion/index.php?topic=30938
rather than starting any more new forum threads on the subject.

Or alternatively, re-read the advice that SelfSovereignty and Wadozo gave you in your other thread, until you feel you have grasped the concepts of key-pairs and of using the RECIPIENT's public key to encrypt a message to that recipient (and then practice in the PGP Club thread).

If it helps you feel better about your security, I confirm that I cannot decrypt this message, because I am not the one for whom it was encrypted. But that's all I can confirm, and all any of us can confirm, except the person for whom this message was encrypted. Only he/she can confirm the other part of what you want, i.e. that your vendor/recipient/whomever can decrypt your message (while nobody else can).

Also, if you want to practice sending encrypted messages to me, that's fine but don't send any sensitive information! Just pretend I'm your vendor, import my public key (from the link in my forum signature below), encrypt a message to me using my public key, post it on here or in a PM to me, and I'll let you know if I was able to decrypt it. Also, if your software gives an option to sign your message as well as encrypting it, don't do it. Un-check the signing option if applicable, and only encrypt.

Good luck.
Title: Re: Just to be perfectly clear....
Post by: pestlepete on January 13, 2013, 03:12 am
EDIT: It seems the above poster said the exact same thing while I was typing the below, except with more info. I will leave this here in case you want to use the key I included.

I can't tell you much without knowing the pubkey of your recipient. However, I can tell you that all 3 messages you posted as a test (one in this thread, two in the other thread) were encrypted for the same person. Whether that person is your intended recipient, I can't say.

If you want to run a test that someone can check for you, try it with this key (do not send any sensitive info, because I own the private key):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.17 (MingW32)

mI0EUOzStQEEAK2Tx6N21SSTyJFxJ9h6/o1WSj/7LxtlwKpc7s/uNAyoCr92n1it
7gFYbQ9aBJykTueVTLzmvAiLhFJTxHrKetedlEaypYD1W+vMuQ1w9DCpLLrlTChs
ke+JHI+C1ht4/1Nx3UtFgqpQo+Rmuwh09Xx2SFRc4Il+xkaJjNLBp6HJABEBAAG0
GlRlc3R5IFRlc3RlIDx0ZXN0ZUB0ZXMudHk+iLgEEwECACIFAlDs0rUCGwMGCwkI
BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBv7J+jY7+5evtcEAIBdl7dIPMWdhvTk
4b/IakLAkT7hwh72Cbd/YOx6c7ETjm7teO/NpComZfTX4W5Y0r0g6wJ1OPUjmjIV
/hl4om2yyAM1H0y0QUocx64K/MAComblqb/DU0IkUd9dofeKRxv3mylpLjDSvB2n
skaEHDC30petlfA7NGvLyztwyGztuI0EUOzStQEEAKusa3Q2C1OcAVN7M+NQ6POY
aNPMoWCRb0qrRnihEL0yajImwKD2BOpd8Vmb3YE3+w4AOsKE6IH620qukX2HAiQl
HSNOQbELWX4xDiNT8YiAvMpELjyz4Y2JZmwtiyOBigJzynQlWrZYzK9UiOGUIpS/
FHtmqFmA2Y9qfpr3vhPHABEBAAGInwQYAQIACQUCUOzStQIbDAAKCRAb+yfo2O/u
Xmx6A/9ZDaIeByl2kkK10PhGGw2eUOlokobu3iEx8kjxJbx+Ib5LRcVkf8FaFCE/
raQr/QTxuf4RP80SOS5A9DZuQbSrCTUoei77VDKX2m3wq4x3TrjvXrm7JCOsaA6T
xa9rg66c0YuFcPx+tx7GNZb3eOs3M92OYX8y1L0VsIWwUdSjKw==
=iAq5
-----END PGP PUBLIC KEY BLOCK-----

Try encrypting the word "Test-icle", or something else (not sensitive) for me, and I will tell you if you got it right.
SELF-CHECK: If you do correctly encrypt it the key I just posted, the first 18 characters of the cipher will be "hIwDfNaI6o1RN6sBA" (after all the dashes and the version). This way, if I don't respond quickly, at least you'll know whether you got the recipient right. (this self-check only applies to the key for teste@tes.ty, not to your vendor's key - the first 18 characters are unique to the public key in RSA)

Peace
Title: Re: Just to be perfectly clear....
Post by: nanpa2001 on January 13, 2013, 08:59 am
Watch this tutorial.

http://www.youtube.com/watch?v=SywCI91kfq0

That is all you need to understand how to use it.