Silk Road forums

Discussion => Security => Topic started by: TheComedown on August 07, 2011, 03:19 am

Title: Encryption on SR
Post by: TheComedown on August 07, 2011, 03:19 am
So I am a pretty computer literate person but I am having a hell of a time figuring out how to use pgp or gnupg(?)
Can someone point me in the right direction so I can start using these features.
I would really appreciate it!
Title: Re: Encryption on SR
Post by: captainjojo on August 07, 2011, 04:57 am
Hi,

If you really want to keep it simple, you can use Hushmail.  It is a standard web site so just use www and com with hushmail in the middle and your browser will take you right there.

Basically hushmail is a free email service, in the same vein as gmail or hotmail, except they offer built-in PGP security.

First, go to the site and register for an email account.  When you register it will ask you for your choice of email address, which could be 'thecomedown@hushmail.com'.  Then you will need to enter a pass phrase.  Pick something long, but easy to remember.

Something like: allthew0rldis@stagethepeoplemerelyplayers!

Something you can remember easily, but nobody else could ever guess.  Like I said, the longer the better the encryption.

Once your account is created, go ahead and log in to the service.

When you registered with them, you probably noticed the banner saying that you aren't supposed to use the service for illegal activity, that they will co-operate with LE.  Don't worry, you don't actually have to use the email account to send and receive if you are afraid, you can just use the tools.

It is the tools, or 'hushtools', that make the service easy to use.

Hushtools will allow you to encrypt any text message with the public PGP key of the person you wish to send to, by simple cut and paste routines.  Gather the public PGP keys from the profiles of the sellers you wish to communicate with and save them to file on your computer (preferably a Truecrypt encrypted drive). 

Then, when you want to send an encrypted email to the seller, log in to hushmail, load the Hushtools, and use the 'Encrypt' function.  You simply type in your message, paste the sellers public key into the box provided for that purpose and click 'Encrypt'.  Your text message will now turn into an encrypted PGP message using the sellers PGP key. 

You can then copy that encrypted message and paste it anywhere.  You could paste it into the SR user to user email or anywhere else you can send a message to your seller.

Now, to get your PGP public key, which you will need to insert into the bottom of the text you are encrypting for the seller (Before you encrypt it), in Hushtools go to 'Key Management'.  Put in your hushmail email address and press retrieve public key.  Your PGP public key will be show and you can copy it and paste it into your message so that the seller can encrypt a message to you using your PGP key.

When you get the message back from the seller, encrypted, load Hushtools, go to Encryption, choose Decrypt Text, paste the encrypted message into the box and click Decrypt.

If you want to try something a little more advanced, something that runs on your computer, you can try one of these free programs:

Gpg4win - this is a windows interface for the GNUPG software project, just google 'gnupg' and the first one listed should be 'The GNU Privacy Guard'.  You can find documentation and links to download the software, including the Gpg4win and GPG Tools for OSX.

Both of those programs will allow you to generate your own PGP key as well as decrypt and encrypt messages.

But they will take a little more time to learn.

Also, do a search on the SR forums and you should easily be able to find a couple of threads with complete how-tos.

Hope this helps.

If you need to test with someone, just PM me and I will be happy to help.


Title: Re: Encryption on SR
Post by: pcpwme5o on August 13, 2011, 12:51 am
that was actually really helpful to me. would you recommend using the GNUPG over the hushmail?
Title: Re: Encryption on SR
Post by: Fred Flintstone on August 13, 2011, 06:30 am
Hushmail isn't as safe as people think. They willingly gave up emails of hushmail users as evidence in court against them brought by the DEA.

Here: http://news.cnet.com/8301-10784_3-9741357-7.html

There is a good guide for setting up GPG somewhere on the SR forum. Download here: http://www.gpg4win.org/

Another good program is TrueCrypt. It is very easy to use and allows you to encrypt files.
Title: Re: Encryption on SR
Post by: captainjojo on August 13, 2011, 08:36 am
@Fred Flintstone

Yes, I read that they will co-operate with LE.  I don't actually send anything through hushmail or their servers if it is important (Actually, except for a few tests, I have not sent anything through).

I just find using their hushtools to encrypt and decrypt messages much easier than the tools that come with PGP Desktop and GnuGPG.

I just encrypt the message then paste it into whatever site I am posting to, whether it be SR or a PM to someone on the forums who wants the message encrypted.

I setup PGP desktop and GPG on a machine but I couldn't find in either program a simple tool that lets you paste in someones public key and then encrypt something, or do the reverse, decrypting something to me using my private key.

Title: Re: Encryption on SR
Post by: Gall Anonim on August 13, 2011, 03:22 pm
@Fred Flintstone

Yes, I read that they will co-operate with LE.  I don't actually send anything through hushmail or their servers if it is important (Actually, except for a few tests, I have not sent anything through).

I just find using their hushtools to encrypt and decrypt messages much easier than the tools that come with PGP Desktop and GnuGPG.

I just encrypt the message then paste it into whatever site I am posting to, whether it be SR or a PM to someone on the forums who wants the message encrypted.

I setup PGP desktop and GPG on a machine but I couldn't find in either program a simple tool that lets you paste in someones public key and then encrypt something, or do the reverse, decrypting something to me using my private key.

Importing public keys in GnuPG using GPA is super easy. You just have to save it to a file first. OR you can use Kleopatra that puts a small icon in system tray. Right click that Icon and select CLipboard->Import Certificate :)

Open GPA, click Clipboard button, this will give you a text window where you can copy and past to and encrypt/decrypt using your imported keys :)

Good luck!