Silk Road forums
Discussion => Security => Topic started by: ins3 on March 18, 2012, 11:21 am
-
Whenever I want to E-mail somebody I take their PGP key, I write my stuff and encrypt it with THEIR PGP keys. I must also give them my PGP key so they can respond with encrypting MY PGP key, right?
I have a backup of it, do I give them the key fingerprint?
How do I know I am not getting scammed when I buy stuff from people with bitcoins? Is there any way to make sure I do not get scammed?
Regards,
ins3
-
Whenever I want to E-mail somebody I take their PGP key, I write my stuff and encrypt it with THEIR PGP keys. I must also give them my PGP key so they can respond with encrypting MY PGP key, right?
I have a backup of it, do I give them the key fingerprint?
In GPA/Kleopatra/whatever PGP software you're using, export your PGP key to a text file. If you open that file, you'll find your public key block there. That's what you share with other people.
How do I know I am not getting scammed when I buy stuff from people with bitcoins? Is there any way to make sure I do not get scammed?
Due diligence is all that can save you from being scammed. Sadly, there's no magical honesty-enforcing software and bitcoin transfers are irreversible.
-
The most important thing you can do to keep from getting scammed is to only buy using escrow. Do not finalize early.
-
Whenever I want to E-mail somebody I take their PGP key, I write my stuff and encrypt it with THEIR PGP keys. I must also give them my PGP key so they can respond with encrypting MY PGP key, right?
I have a backup of it, do I give them the key fingerprint?
Yes, PGP/GPG/OpenGPG use two related keys: One is a public key (which you'll see vendors posting in their profile) and the other is a private key, which is usually stored somewhere on your computer and you'll likely never actually see it or need to see it.
Encrypting communications requires that you use the vendor's public key to encrypt your message (see the GPG tutorial on the commands for importing and using a vendor's key). This does some fancy math using very large prime number transformations and results in a bunch of gibberish text that only the vendor (ideally) can decrypt using their private key (which is mathematically related to their public key). So yes, you do need to send the vendor your public key somehow, IF you want them to be able to send you encrypted messages back.
You could include your public key (in plain text) at the end of your encrypted note to the vendor or you could just PM it to them. I'm not a vendor and I'm not sure which they'd prefer.
How do I know I am not getting scammed when I buy stuff from people with bitcoins? Is there any way to make sure I do not get scammed?
Regards,
ins3
Like others have said: Don't finalize early unless you have reason to trust a vendor. I've done a number of transactions on SR and I've finalized early with vendors who have a lot of very positive feedback and I've held off on finalizing early with new, upstart vendors. Never had an issue with any of them. It might be a good idea to experiment with some small purchases first, if you are worried
-
Thanks for the explanations.
Another question: When I exchange bitcoins, I guess I have to go first; how do I avoid getting scammed here?
Also, what is finalizing? What happens if I don't finalize? Is there some kind of guide how it all goes or can somebody explain?
-
Finalizing is when you send the money from escrow to your vendor. If you don't finalize, it'll happen automatically after some time but that means your vendor will have floated you drugs without compensation for three weeks (which will probably rightfully annoy them).
-
Thanks for the answer QTC.
Does anybody know a good site where I can buy bitcoins? I am from Sweden.