Silk Road forums
Discussion => Security => Topic started by: UnartisticInc on September 05, 2012, 12:43 am
-
I've attempted to make a few purchases but I am having PGP problems. I am using GPGTools for Mac, including GPG Keychain Access. I can import vendors' public keys into GPG Keychain Access, and I have GPGTools installed. When I want to encrypt text, I can highlight it in a text editor and select OpenPGP:Encrypt Selection from Services in the File menu. I am presented with what I have imported into GPG Keychain Access. I select a vendor's public key and my secret key and hit 'OK'. I copy the resulting text into the Silk Road order. The vendors then cannot decrypt.
Any suggestions???
-
Before you click 'OK' make sure you tick the 'Sign' box. Had this same problem and that sorted me out :)
-
Before you click 'OK' make sure you tick the 'Sign' box. Had this same problem and that sorted me out :)
NO, NO, NO, A THOUSAND TIMES NO! SIGNING VENDOR COMMUNICATION IS THE WORST POSSIBLE THING YOU CAN DO!
Let me explain. When you check the SIGN box, you are telling GPG to digitally-sign the message with your private key. That means that anyone with your public key can verify the signature. Digital signatures have a property -- non-repudiability -- that is both valuable and dangerous at the very same time. What I mean by non-repudiability, is that once a signature verifies, you simply _cannot_ disavow it -- you cannot claim that the message was forged.
If you sign an order to a vendor, and the vendor gets busted, as has happened recently with Trojan in Calgary, the police will essentially come into possession of a digitally-signed confession on the part of the person making the order. As I've stated, digital signatures, once they verify, cannot be disavowed as forgeries.
Guru
Agreed. Keep "sign" UNCHECKED, bet that will solve your problem also!
-
Well, I've sent Guru what certainly appears to be an encrypted message (that he can hopefully decrypt).
-
Hmm, thought I sent it... Nevertheless, here it is. Will PM as well [edit: I now realize that I hit the 'envelope' button instead of the 'word bubble' button, so you would actually receive an email instead of a PM if you are using a valid email. Apparently, still learning basic nav skills.].
-----BEGIN PGP MESSAGE-----
hQEMAz4HNl+bNtViAQf+PmBYn1j12lhEVhL3LaVyKYlm0clhPxGZWT4qKnh0BXti
Y/80v37Ld6q4pZ7qw3xhgpQ/olPRoFODQhZDr4zv9g65sMC2gx4T1Bx0GSbiQ7H9
6eDbeFv5icKi9TjBr/v8jVfWat9FiP/RrntAqJU+O/KSlrqTRRxFC6lOcTk7FfXf
XSoKKeEO+a9mxyBbzLA7V7mMcSFuoV3kE6YCwjZg94FndHSMbt0QZmHGcx10azC3
H6z/JQ9k8eiAagcbllmkl9hL7iwBa4P3jY0MeQkW7r5KzLkZXKGXhaEFGoji5nID
queAEKq47SsgzI5w30OjaONDg3M71vNkVpaF2x2xU4UCDAP/lU+jBI+zDQEQAIHp
0O9SENBmYzlKELJ0h1zzVOcBJwESl11xgeX9F0mlqDhwOlLWOkvsXesTNBzqIuJE
/ayiKdyxNZ0f6GPoivZ3/bLtlUH2iraGsQZp1e+1FZxojz8AKSNeF5L6SsGY4mtk
w1B/eIPG5Vaz65AWWhUNb3nzr31eRXACAcB0Sw3Shph3s2mxOuVnbVLIozUdspJo
leV9OK0W3HxcSWOIYqXgp0ym3CIaon8AEIktXFZPJ5Nljpyu251NaZ4qZbfxWNpE
t+jFit/7t98DZkuoBBMLN2v4541WCPbb4jep0UeJX34HlPG/z66hWDGgITySGe+E
xqRjrKiLg3d+R8+Hlx+zYbfC1/DD1pmg/mcyHrzEVdGBXL4m6czSMhbxbrKtInmN
HVvaxojm8Hsiqk8UWO+3KMIGojMfHsmwrNw9PLQw5QcPNxxvmdVGDM5KDKNXpAGt
yGCNM+yxHSTqJjCJSC0HqYVsgZ1ETGymB/Q8TTt7CNbjCZoNcbvbD9VhRgd5QnTS
mF19tBDTdvm3B0BpNztwV/yr79GiFTHxee679Dx26J/cxK10rAQk9mu7DqAFV2c5
/BZLUrNIyOugul6jh5Im9U/YclX2k6afrcAQ6PnL+zSNK1vHdEXteSsHM3/J0E64
+BL/1HnboqoC/wmh0Vv2kuXCIJT90mH/TLz5iSTz0sA7ARn8axmDZ62vRk93QGD4
tlyvtaI7LwdC/SAEmJEAPAsuHSbwREJ+yv4J7tq+KoO6BSbkAm2bjcHS/WbJ9SPw
4SfM+ndeW+hoz4X6NBFQGO8XCISL3vZ2n2tTdsnFdU9wvf3hRbYuul6kVdyxBnfj
K8c2YWkvh8CADVlbdUBxdsRcPiFAdbq9Ygq/Ue83GaJaDrpBlrzhy4xGVcxHqmPS
5RPYqCbwGTlck8/L3igyWkqQUPjh6Yhi9ylIbAi0+324mUl6bEojM2VjNf5hc3aU
HyFsIczEHS4aa8slWKV4iJ/BsrI7Ew0LsHvdiHDWFiLpcH8nUEtrUbyBTb4=
=wVZM
-----END PGP MESSAGE-----
-
Finally! It works... Had a bit of trouble decrypting messages until I noticed that the only PGP box not checked in my system preferences was for "Decrypt PGP". Fun times.