Silk Road forums
Discussion => Newbie discussion => Topic started by: Psychedelic Oatmeal on February 02, 2013, 02:51 am
-
Is it safe to use seahorse on Ubuntu to create and use PGP keys? Created using a fake name (my forum username) and a tormail email address. I can't for the life of me figure out how to download GPG programs because I'm not really used to this OS.
-
I apologize to reply and know nothing about either program you mention, but I'll tell you what I use. www.igolder.com/pgp
It's an online tool, nothing to download.
It's free, there's not even registration required.
They have a key generator, a decrypter, and an encrypter.
It's super simpler and that's said by a person who really had a hard time with any pgp software.
-
⇧this.
It's what I use too. A very simple solution to the draaaaamaaaaaaa of PGP.
-
You guys are idiots (not OP). Using GPG from web based services is insecure. There have been two big busts of online drug forums that resulted from people using such services, both relating to Hushmail which allegedly managed encryption for you, Operation Raw Deal as well as Operation Atom Bomb.
Ubuntu, like most Linux distros, comes with GPG already installed. You can use whatever GUI it comes with to control it most likely it will be fine so long as it doesn't limit your key sizes to something absurdly small (1,024 or under should be avoided).
If you want you can just control it form the command line though. To generate a key use the following command:
gpg --gen-key
it will ask you a bunch of questions, select for RSA and RSA for key type, 4096 for key strength, 0 for key never expires, yes it is all good, fake name, anonymous E-mail or bullshit one, okay, enter password that you will use twice (it should actually be a passphrase, and quite long and random).
to get the public key that you give the vendor
gpg --export -a the_name_you_used
to import the vendors public key that they give you
gpg --import
paste the key
ctrl-d
to encrypt a message to the vendor
gpg --list-keys
this gives a list of all public keys that you have
gpg -e -a
now copy the vendors user ID from the output list of keys, it looks like this : 4096R/00E5A93C (everything past the /)
hit enter
type message
ctrl-d
copy paste the ciphertext
to decrypt the ciphertexts sent to you:
gpg -d
paste ciphertext
you are prompted for your password, enter it in and then it should print out the plaintext.
It is really simple.
-
Seahorse is fine; it's actually just a front-end program. GnuPG does the actual work, and Seahorse gives you the graphical user interface.
-
Do not use IGolder
1) It uses the BCPG implementation of OpenPGP which is written in Java and may be vulnerable to Java exploits or attacks on the JVM on IGolder's servers
2) It uses weak 1024-bit key pairs using the old-style (1990s) combined signing and encrypting keys with no subkeys.
3) Any successful Man-in-the-Middle attack on the SSL connection to IGolder will reveal all data
4) IGolder is able to retain copies of all secret keys and passphrases generated or used on their system.
5) There is no guarantee that IGolder don't do this already and cooperate with law enforcement.
copy pasted from one of guru's post
-
hmmm... thanks to kmfkewm & summer.
I shall re-think.