Silk Road forums

Discussion => Security => Topic started by: momiji on December 29, 2011, 06:35 pm

Title: GPG keychain auto added an address?
Post by: momiji on December 29, 2011, 06:35 pm
I'm kind of freaking out right now. In my GPG Keychain Access program, there is an email address and a key of someone I know IRL.

I thought keys are only manually added. Is there a way keys automatically get added? I don't believe I've seen an email from him in over a year and the GPG Keychain Access program was only recently installed.


Please, someone explain this to me!  :-\
Title: Re: GPG keychain auto added an address?
Post by: SierraRS on December 29, 2011, 11:54 pm
You got some public key that is signed by another user. You verified signature and PGP downloaded the public key for that unknown signature. That's my theory.
Title: Re: GPG keychain auto added an address?
Post by: momiji on December 30, 2011, 12:15 am
^ Yes but can this be automated? Like if he sends an email with his key signed, or however it works, and then my email client picks it up and auto adds it to the key chain? Either way, this is insecure. What if my key somehow got added back to him? This nick name is supposed to be 100% anonymous only to SR. I've never used it on another site.
Title: Re: GPG keychain auto added an address?
Post by: SierraRS on December 30, 2011, 12:40 am
Depends on software. I recommend using using only Open source software to avoid unintended behavior. If You are under Windows, use WinPT.
Title: Re: GPG keychain auto added an address?
Post by: momiji on December 30, 2011, 12:44 am
Nah, I'm on OSX.

Apple has a habit of automagically doing shit. It always seems to freak me out. Like when I first got my macbook pro years ago I was driving around in my car, then when I stopped in a parking lot I looked over at it and it had auto connected to some wifi hotspot and was auto online without me having to do anything. I was like O.o