[OPSEC Question] Communication Efficiency

I am a buyer who tends to communicate regularly on the markets using the built in PGP tool in TAILS. I have always been frustrated with fact that when each sent message is encrypted with the recipients public key, that I was forced to save my plain text message to my buyer on a persistent copy of tails (USB stick). Without doing this, I can never remember my exact responses to the seller.

I always thought this was silly, because if LE somehow gained access to my tails USB stick, they would have automatic access to my plaintext messages to the vendors I have worked with. I just thought of a (slightly) better method:

When you send a message to a vendor, why not send a message with 2 separate PGP messages. As in encrypt your plaintext message with BOTH the VENDOR'S public key AND your OWN public key. So when you review a message thread, you can simply reference the 2nd PGP message in every message sent message, which is encrypted with your public key, and use your private key to reveal your exact message.

Come to think of it, this would be even more valuable to vendors managing hundreds of transactions!

PS- Please have mercy on me if there is already an easier way of dealing with this... I have only been using the DNMs on-and-off for the last 10 months. I am by no means a veteran! I'm just stoned and had a bit of a revelation =P


Comments


[7 Points] aboutthednm:

Do it like alphabay and simply ask for the other guys private PGP key. Problem solved lmao.


[1 Points] None:

This is a great idea!! I have been having the same issues where I will momentarily freak out while waiting for a delivery, about whether I gave the right address. Will be using this method, thanks!


[1 Points] sapiophile:

encrypt your plaintext message with BOTH the VENDOR'S public key AND your OWN public key.

This is the default configuration for many OpenPGP tools, and is easily achieved. In ~/.gnupg/gpg.conf , you may see a section like the following:

# Use --encrypt-to to add the specified key as a recipient to all
# messages.  This is useful, for example, when sending mail through a
# mail client that does not automatically encrypt mail to your key.
# In the example, this option allows you to read your local copy of
# encrypted mail that you've sent to others.

#encrypt-to some-key-id

You can uncomment that encrypt-to line (remove the #) and add your own KeyID in the place of some-key-id.

There is no need for a second encryption operation or message; OpenPGP has no problems encrypting to multiple recipients in one operation.


[0 Points] None:

None