Silk Road forums
Discussion => Security => Topic started by: Waddley on March 09, 2012, 09:24 pm
-
I've read through many threads here and I really can't wrap my head around them, seeing as I am not that tech savvy. I am just an occasional buyer- I'm not looking for nuclear holocaust bunker-type security, just something simple that I can use to reduce my chances of a problem. The problem is, I need my hand held very closely, so a simple step-by-step would be great! Anyone? Thanks in advance, SR.
-
Same cant seem to find a good walk through for encryption
-
I was in the same boat as you guys. Not really comp savy at all. What systems are you guys using? I found a guide that was perfect and easy. And thats saying a lot bc i pretty much know jack shit about comps. Let me see if I can find the guide. Will update
Keeponsmiling.
-
I just figured this out a few minutes ago on Linux.. I can help you with that if that's what you're using.
Here's my question on how to use it on SR -- If I purchase from a buyer for the first time, would I only give him my public key on SR, in the box where we're supposed to type in our address? Then use the Seller's public key to email him my address in an encrypted message, outside of SR?? I don't want to paste my public key and encrypted message in the same email, do I?
-
I just figured this out a few minutes ago on Linux.. I can help you with that if that's what you're using.
Here's my question on how to use it on SR -- If I purchase from a buyer for the first time, would I only give him my public key on SR, in the box where we're supposed to type in our address? Then use the Seller's public key to email him my address in an encrypted message, outside of SR?? I don't want to paste my public key and encrypted message in the same email, do I?
You send your public PGP key in a seperate PM to the vendor, which is what I always do, and send your encrypted address in the address box.
And to the OP, PGP is soooooooo easy to use. The tutorials can make it look harder than it looks. Let me break it down to you in very simple terms.
1. Download GPG4win.
2. Install.
3. Open GPA and create your own personal, anonymous key. This is simply done by putting a random e-mail int the e-mail line, and using your SR username, create the key, and use a password difficult to guess, but easy enough for you to remember! I use a misspelled word in Spanish, as well as a few numbers. Simple.
4. Now you have your own public PGP key. The key will be wherever you saved it, and should be in .asc format. Simply open with notepad, and copy paste the characters. ***When creating your key, you may have to hit a checkbox that says something along the lines of "ASCII Armor", which will be the key format you want to use.
5. Assuming you have given the vendor your PGP key, you can now begin encrypting!
6. Now, open Kleopatra, a program that came with GPG4win, and hit "Import Key".
7. Create a text document, paste the vendors key in the text document, and save. After you have done this hit "Import Key", forget step 6 aside from opening Kleopatra. At the bottom right, change the little drop down menu so that it reads ANY file. Select your text document wherever you have it saved, and voila! You've imported your first key.
8. Now you may encrypt your messages. Type all of your messages as a notepad document for Windows users, and save.
9. Now go back into Kleopatra, hit 'File' and then hit 'Sign/Encrypt Documents', and select your saved text document wherever you have it saved. Simply hit 'Encrypt Document', no need for signing. Check a few boxes when the popup comes up, the most important one being 'Output as ASCII Armor', so that it is in proper format. Then add your key, and your vendors key when prompted, so that both of you may unencrypt the messages when received. You obviously know what it is. Accept and the file will be created in wherever you have chosen them to. I have mine saving to my desktop for convenience. You are done!
10. Open the .asc file, it should open in a text document. Copy paste the message into the Address box once you have ordered, or to send an encrypted message to a vendor via PM.
That's it! It's really easy to get the hang of it, don't let these long explanations fool you. Whenever you get a new vendor, simply start from step 7. You can also certify and select to trust vendor keys, which you'll see if you play around a bit with Kleopatra. I'm uncertain on the importance of this, but I certify all trusted vendor keys.
-
Thanks, bro..
-
You send your public PGP key in a seperate PM to the vendor, which is what I always do, and send your encrypted address in the address box.
Can't you just copy/paste your public PGP in the same email after the encrypted message?
I thought I read that somewhere else, I just wanna confirm.
-
@Jmoney Does it make a difference if you put it in the same message. At the point where you put your address I put both my message and my key in the same box. Is this a big deal.
Keeponsmiling
-
http://dkn255hz262ypmii.onion/index.php?topic=8962.msg139381#msg139381
This is the guide I used and it was really easy to follow. I hope this helps guys. Feel free to ask any questions if you need
Keeponsmiling
-
You send your public PGP key in a seperate PM to the vendor, which is what I always do, and send your encrypted address in the address box.
Can't you just copy/paste your public PGP in the same email after the encrypted message?
It seems like if you do that, anyone who intercepted your message would have both your Public Key and Encrypted Message all in one. Wouldn't that make your message as good as decrypted? Or am I wrong about that?
-
Yes follow the guide, make sure to click the box for the 'GPA' option when it asks/prompts you to select the components you would like to download. For some reason it was not checked on default and I had to reinstall it a couple times to figure it out.
-
You send your public PGP key in a seperate PM to the vendor, which is what I always do, and send your encrypted address in the address box.
Can't you just copy/paste your public PGP in the same email after the encrypted message?
It seems like if you do that, anyone who intercepted your message would have both your Public Key and Encrypted Message all in one. Wouldn't that make your message as good as decrypted? Or am I wrong about that?
There are TWO keys, private and public.
-
'Export' ; a public key and give that to other people so they can add your public key and encrypt text to send to you. Click 'Export' and your defaulted key or 'main' public key will be extracted. Open with notepad, .txt.
'Import' ; copy the whole public key someone else gives you and paste it into a new, blank notepad document. Save document. Open GPA. Click the import button at the top and select the document you previously saved. The program will then extract the public key of the other person. Now you are able to type text into the 'clipboard' and 'Encrypt' it using the key that was extracted (when you hit encrypt it gives you a list of your publis keys, select the correct person).
Now your text has been encrypted into what basically looks like a key, same designed text. Send this text through your normal email and the person whose key you used will be able to decrypt the message using their 'private' version of the public key you used.
This works vise-versa.
It also helps to 'sign' the message as an extra layer of security. This will require a password to send and read, whereas without signing only when a message is read will a password be needed. The person reading the message is aware if it is signed, confirming you had to type in your key password to be able to send it, meaning the message was (most likely, don't like to say always) sent by the legitimate key owner.
I hope I have helped. Feel free to ask anything else.
Edit: Man I'm tired, I see this was already explained, oh well here it is from a different view.
-
I always include my public key in the encrypted message along with my address when ordering from a vendor. With PGP, you have two keys, your private key and your public key. Your public key is used to encrypt messages, while your private key is used to decrypt messages. The public key can not be used to decrypt messages, only to encrypt them. By including your public key when communicating with a vendor, you're giving them the information needed to send encrypted messages back to you in the future, just in case they need to talk with you. You do not give up any security by sending a vendor your public key, and there is no reason to send it separately from your address.
-
Use PortablePGP to start don't be scared to use massive length passwords the longer the better.