How exactly is PGP safe?

So I kind of understand the basics of key exchanging, vendors have their key on their profile and when they send you a message you would use that key to decrypt their encrypted message.

And if you want to send them a message like with your address you encrypt it with one of your keys and you would give them the key to decrypt it.

But how is this safe? If a site were to be raided wouldn't the keys also be raided with the messages meaning they would be able to be decoded instantly?


Comments


[10 Points] None:

You got this the wrong way round. Public keys are for encryption only.

The public key allows anyone to encrypt a message that can only be decrypted by the private key. If a vendor sends you an encrypted message (they will have used your public key) then you use your private key to decrypt.

Since the websites only store the public key they cannot be used to decrypt a message. All decryption is done off-site.


[4 Points] Jay-__:

You got it wrong.

The key vendors provide is their public key. You encrypt your address with their public key and send it to them.

If you encrypt your address using your own key, only you would also be able to decrypt it again.

If they want to answer you, they will encrypt the message using your public key. If they'd encrypt it with their own key, you couldn't decrypt it.

Also, there is a private and a public key. You never give out your private key, because with this people could decrypt messages encrypted to you(r public key).


[3 Points] dunnowhotopick:

PGP encryption is based on the factorization of prime numbers. It's unbreakable, REGARDLESS of what any faggot that disagrees with everything on reddit says.


[2 Points] Rolling_Stonedd:

No the private key the vendor uses is stored securely (hopefully) somewhere on their hard drive or a separate usb drive


[2 Points] pinkman69:

And in order to unlock that encrypted message, you need to enter in your very strong password you set up when generating your keys. So without that password there is no way to access said message. Unless of course someone decides to pull out your fingernails one by one until you give them the password.


[1 Points] damnmachine:

Crypto101


[1 Points] None:

Private keys are used to decrypt. You should NEVER be giving out your private key.


[1 Points] Jobless_Junkie:

You don't encrypt your message with your key, you encrypt it with their public key. Don't ever give anyone your private key.


[1 Points] erthbd:

You don't quite have it right. There are two types of PGP keys: public and private. Public keys are used to encrypt messages and private keys are used to decrypt them. Your public key can be given out freely to allow people to send encrypted messages to you. Your private key should never be given out under any circumstances. It should be stored locally and only accessible by you. Your private key is also password protected and you should use a very strong password when you generate the key.

The PGP key you see listed on a vendor's profile on any market is their public key. If that market were seized by LE all they would obtain are a bunch of public keys. Without the private key and password associated with that public key they would still be unable to decrypt any PGP messages obtained.