Silk Road forums
Discussion => Security => Topic started by: Hungry ghost on June 19, 2012, 11:35 pm
-
Ok, so a while ago i was looking for a GPG app for the iPhone. Since I already have a Tor browser for it (Onion Browser) I thought it would be useful. I am away from my computer most days and only can use GPG at night. This means if I need to communicate with a vendor it takes a day for each message/reply cycle, causing me potentially to have to wait longer for my drugs. Not ideal I think you will agree.
I found two, one a official Symnatec PGP which requires you to already own PGP official software. The other was a low budget job that couldnt import the keys I wanted so no good.
However in the course of my research I discovered that my jailbroken phone already has a command line GnuPG installed as part of the Cydia software. At the time I left it alone but now I have got my head round it.
PLEASE NOTE: if perfect security is important to you its probably best to stick to established methods. I am happy to use this as I am only a small time personal buyer.
First to check you have this package: Open Cydia>Manage>packages and switch to 'expert' setting. It should show up under the g's. I assumed it came with Cydia but it may have installed as a dependency for some other package I installed.
To use it you will need Mobile Terminal (install latest version from xsellize repo) and iFile. Also a SSH program on your PC will be handy. I use iFunbox; it has a stupid name but is the most useful.
Open Mobile Terminal. You do not need root privileges to use this. Type:
gpg
This will set up your pub and sec keyrings and a .conf file. These are in /var/mobile. in a folder .GnuPG which is invisible to iFile for some reason but will show up in iFunbox.
From now on any file will be put in /var/mobile. I dont know if this is vital but it seems to make sense to me.
To import your secret key, export it as a .asc file from your current GPG program. Put the .asc file in /var/mobile. You will probably want to shorten its name to something more managable: seckey.asc
Open Mobile Terminal and type
gpg --allow-secret-key-import --import seckey.asc
this will add your public and private keys to your keyring.
To import a public key:
gpg --import pubkey.asc (where pubkey is the name of the file)
If you want you can create a file in /var/mobile using iFile called "pubkey.asc" and just copy/paste the public key block into it.
So now you have your private keys and whoevers public keys you want, to see them type
gpg --list-keys
gpg --list-secret-keys
This will show a list of keys with User Names.
Ok, now to encrypt a message.
Create a file in /var/mobile. Call it msg.asc
Copy/paste or type your message in this file.
then in MT type
gpg -e -a -r "recipients user name" msg.asc
the -a tells it to encrypt the text within the file and output another .asc file. If you dont use this it will treat the file as data and encrypt it to a .gpg file which is no good to us. (it is fairly easygoing about user names; it will recognise a small portion, like for me "hungry" would do)
Return to /var/mobile in iFile. There will be a file called msg.asc.asc which will contain encrypted text which you can copy/paste to wherever you want it.
To decrypt a message:
Again, create msg.asc file in /var/mobile. Copy/paste encrypted text to it.
Open MT. type:
gpg -d -a msg.asc
you will be prompted for passphrase, then it will output in MT.
If you want it to output to a file:
gpg -o output.asc -d -a msg.asc
this will output to a file called output.asc
Obviously you can use whatever filenames suit you.
I think this also works with .txt files but since it outputs to .asc I thought keep it simple.
There is obviously a lot more to command line GPG but this is a quick and dirty start up.
I am fed up typing now, will add more perhaps later. If anyone else would like to contribute who has more expertise in command line GPG I would welcome advice and help.
I have already found this very useful. It might be an idea to delete public keys when not in use....
gpg --delete-key "User name"
...nothing worse than being caught with drugs in your letterbox and a SR vendors PGP key in your iPhone, i
imagine.
Edit: I have found it useful to leave two files in var/mobile
One called msg.asc for messages
One called key.asc for keys
You can then create shortcuts in mobile terminal for many basic functions using these files to copy paste messages or keys to. This saves a lot of typing.
I don't think that having GPG set up for use on your phone is in itself suspicious as long as you don't leave vendors keys on key rings. A casual examination of the phone by your average policeman isn't even going to show it. You'd have to assume phone being seized and examined by experts. Which I hope won't happen at my level of small personal transactions.
-
forgot to mention:
you can also generate a keypair:
gpg --gen-key
it will walk you through process.
Also, to export a public key to a file called "key.asc"
gpg --export -a "user name">key.asc
You can then copy/paste it for example to the bottom of your message. I keep a copy of my public key for this purpose.
-
Dear HG
I'm a ipad user and i'm having problem with using pgp, I'm trying to work out how to use oPenGP. i still don't know how to pgp msg other ppls.and because i don't understand the procedure with mobile terminal set up. I don't even know what is mobile terminal. I'm all good with other requirement and already have bitcoing myself. right now i can't figure out how to use oPenGP on my ipad correctly. could u help me out. i'll be very appreciate it soo much