Silk Road forums

Discussion => Newbie discussion => Topic started by: icecreamman13 on July 12, 2013, 02:51 pm

Title: Just Making Sure I Am Doing PGP Correctly When Placing An Order
Post by: icecreamman13 on July 12, 2013, 02:51 pm
Hey everyone...I just need confirmation that I am doing this correctly when I am using PGP to send shipping information.
*I am using TAILS and the built in PGP. Also, I am not using a persistent state for security reasons, so keys aren't "Saved".

1. Go to vendor page and get public key
2. Open gedit and paste the public key. Highlight it all, and choose FILE>Decrypt
3. Click Save
4. Click the Clipboard on the top bar and choose "Manage Keys"
5. File > Import the key I just saved
6. Now shows in "Other Keys"
7. Go back to gedit
8. Open a blank document and enter shipping infomation
9. Highlight all text
10. Go to Edit > Encrypt
11. Choose the vendor I am ordering from
12. Now the document is the PGP Message
13. Copy that, paste it in the comments section of the order and vendor decrypts?

Is that it?

As far as decrypting or having my OWN PGP key, is that necessary if I am only ordering? I am guessing that if a vendor is going to message me back for any reason (hasn't happened yet and I am guessing vendors want at little back and forth messaging as possible) then I would just use their key again from their page and decrypt it (assuming they sent it encrypted)?

This whole PGP is confusing to me so I appreciate your pateince. :)
Title: Re: Just Making Sure I Am Doing PGP Correctly When Placing An Order
Post by: SelfSovereignty on July 12, 2013, 02:54 pm
Yeah, you've got it right.  But good lord, what a hassle man... just set up a persistent volume.  If you're only buying stuff, nobody's gonna care enough to rip apart your drive**.

** That's only my opinion.  Others may disagree.


No, you'd need your own private-public keypair to decrypt a message they sent to you (that's IF it were encrypted, but if you don't give them a public key, there's no way they even can encrypt a message for you).  They're pairs.  What's encrypted with a public key can only be decrypted by the paired private key (which you don't give out, that's only for you, naturally).  So you'd need persistent storage of *some* kind to store your private key, and then you'd give the vendor your public one.
Title: Re: Just Making Sure I Am Doing PGP Correctly When Placing An Order
Post by: icecreamman13 on July 12, 2013, 03:24 pm
SS thank you for your help!

I do realize that I may had been making it too difficult on myself and that when I decrypt the original PGP key, it's auto-saved and I don't have to go to the Manage Keys and import it, so that axes about 1/2 of the steps that I wrote above.

Call me paranoid but I prefer not to use a persistent volume. I don't want anything that remotely may show that I may be "hiding something" in a worst-case scenerio ever comes down. But I do want to make sure that I am using PGP for an order.

I have been playing around trying to use the PGP club keys and messages to see if I can decrypt them, but whenever I am trying to open a message it states that I don't have the proper key. But again that's just for reading messages right now, so i have to figure that out. If I can get comfortable enough with all of this I may eventually move to a persistent state drive.

Thanks so much for your help! The search function here on the forums isn't the greatest.
Title: Re: Just Making Sure I Am Doing PGP Correctly When Placing An Order
Post by: Intraterrestrial on July 12, 2013, 03:47 pm
yeah you're using it correctly.

also keep on doing so. it only takes a couple of minutes and gives you some excellent additional security.

pgp every time for sensitive info

+1 to you for sussing it out and being security conscious