Silk Road forums
Discussion => Newbie discussion => Topic started by: BucketBot90 on August 18, 2013, 05:20 pm
-
Hello all on the road, after many days of security research I've finally decided to take the jump and join. I've had no issues with getting ToR and SR set up and secure to the best of my knowledge, but PGP on the other hand has been quite a fucking pain in the ass lol. I'm(regretfully) running Windows 7 right now, so just finding a working up to date copy was the hardest part. I'm looking into running a more secure OS through USB with the help of a good friend, but for now I'd like to at least get the ball rolling with what I have set up so far. I've posted my public key below, my main question is regarding the actual encryption of a message. I can't find a single guide to using PGP for the version I'm using(PGP destop 10). When going to place an order through a vendor, how to I write/encrypt the message with my name and address to send with my order? Sorry if this sounds like a stupid question to most of the more experienced, or if the information is located somewhere and I just can't see to find it, but I take my security as well as my FREEDOM extremely serious. Thanks,
-Bucket
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Desktop 10.1.0 (Build 860)
mQENBFIQQ+YBCAC/I2pB4YigT451I1Iyo4Pcaw33tJatO4nYBYEpWP/1iKCD7R+a
oiiNlJvJpihk2peSjjAmeDIa3rHlOHPATUNQKcufbnDiVIOm6s04mHzj4DmyOpkh
qvy8c9lvAcnphj/4vshsyrW7oDuEfiZxHy/aJSF+uflHXb8J/RDLzac7MmZBXPzX
zHsqLGIyGqAzvLlZCg3eGdWOCr2tOezJzTmCixiWKXLm7Eb9f87Eoo5niuG53xXM
NNb3Wn0S2nD3PJJm6Bb7GPkZMR23AB6OSr3p4mCrHhY8FZhAfJ5ameBwSt0iXZKl
JW/FQioIGq6ue62ssERaZOhow3CY9/IX70CpABEBAAG0J0J1Y2tldCBCb3QgPFh4
VGhlU2hhcGV4WEBTYWZlLW1haWwubmV0PokBjAQQAQIAdgUCUhBMdDAUgAAAAAAg
AAdwcmVmZXJyZWQtZW1haWwtZW5jb2RpbmdAcGdwLmNvbXBncG1pbWUICwkIBwMC
AQoCGQEZGGxkYXA6Ly9rZXlzZXJ2ZXIucGdwLmNvbQUbAwAAAAUWAAMCAQUeAQAA
AAYVCAkKAwIACgkQhoFbPgxk76EFEQgApEkZdk2t6htsQLW4FZI0sLXS+V8CPIya
20mDmw+AAAStoIghtUS3TDgYyt1mObw5nrqhd6NmW7WtCHVsyng+tEDxHVrXrSQc
NU9ChY3rUnZKSKta23N/fGADqNMvbQ2Y24LE53rfvC9GAH4dsQNOIchwXMJtFYhX
5VHS4mrYPPCGB7Td2K0yHZiCJZWHVw2PkTZ68bxCY8hMKD7rzx8g5Kt1e6fj7YlX
KUcHsGxAcCk6jAOo3nBDMjnzoxuHYHKXxiQTE4MRE2E09w6Tocw6C7B6a0qY7loU
iXromIHl2E9Qu/4xbvj7a3j+HeGPGrgUCjiJxwzsRQddh97aP93QobkBDQRSEEPn
AQgAr8Cy+kFZu6HF/E80H57TonTI3XSvrwv9tbhBBDw22EHt0+KF/cBRkfFNSSZw
GHnfXHaln6UNvP5RNML+2gE/NEMmLN067xv53jS5EElj3k7CElVpl6xVB6R9AvMP
d+/JMaAv9sqeL02KKRzw1APSn0+5Kg6voGmsupNyPzN1Hcmmr7LakWEnceaY4SVm
KLTfCPkN7mfWMjkxGttWayFOxuSJw4Kl/FxFW83L23fX6BxaoV9m2nnEP0NAL9cA
NN3M/Hy1ZIeYY+yi+RjuCbX5FAMRfrDvn50S7irMcFRWToOVLleFUHppoCT59JeE
lq8nrmgMe33DLwK/1GvIkDoqfQARAQABiQJBBBgBAgErBQJSEEPoBRsMAAAAwF0g
BBkBCAAGBQJSEEPnAAoJEL4dMXulL//2EzcIAJ6SYsclmdiE5HM/Wx0tykjwcHFi
VABq5ZEL9t24czArosdEq3ZIXEJ41uNhpjuCIn53JB2b7Z/LOABOpCZjhbVC5WQs
AV/YLtPpRafkJL3pfSfhErHYN8wZhm1cpynqMTOCkUASUgoKc5MkA9ozNIGLkgBz
O3Nr5ohZ3pP5Q5W1tJpwtKqb8Oghwx96GfpuqW/0GFXnK/s93KnhCeNuRGLsfZx3
RbZCyEoCxsO0fqB/6NfFoN/xuS6CJO9VxM+wfgtWj6LvmryZFM3sCZLQFNUQJGb6
8apSH7Jp9sfhJvHChdlL5F9qw3fTxv/m4j4P0GhXuMLptdTPrV69qYYigIkACgkQ
hoFbPgxk76EhzQf/R0JeEzWdZzOiK++n25LwaGujA9RpI//pCqLNCTBtviqNTeFh
ID9FjWAKfs+Wix40bN2lKEo0v5RrUtxwcL0sTgfaJc015G9RBCXbgIjeWfSJFB82
9ab7jB8Zq8nhrtWfUeRuFTdqcy7dEM+zs/Ce96EbbJl/4CryCr1uHJVv9Pkj5W0Z
AcAuN7dUIo1/2bu0g2JPhl5YZ70Dc713V1Mptq1sWMEU9ipkYxA4SHErkKtzRH8r
jhkKdiMBpIhZz+q85nEOZPhAQmJnjWEWyW8P27vzX8bUCbRqF3BGHPNW3itDHoTF
DkBzlVhVeCYHfUPlmZQ7D0Pzx5tCr7g6VqdP1Q==
=j0DE
-----END PGP PUBLIC KEY BLOCK-----
-
you wont nessisarily need to pgp delivery info in the ordering process but obviously a false name and indirect address is preferable. as i understand it the pgp is more for more detailed coms etc. that said im only interested in making small personal purchases.
-
I disagree with suffix. Big or small, if you are handing out ANY shipping info you should limit the number of parties who can see this, to as few as possible.
In this case you only want the Vendor to be able to see this (this avoids any issues that may occur if SR were to become compromised at some point during the process of your transaction)
I don't know your software, but it will be some variation of the following:
Copy and paste the whole of the vendors key into a text document (to find the simple text editor search for 'notepad')
This includes the header and the footer
-----BEGIN PGP PUBLIC KEY BLOCK-----
and everything in between
-----END PGP PUBLIC KEY BLOCK-----
Save the file as 'filename'
Then you you need to write your message/address to the vendor in a notepad file and save as 'filename2'
You will then need to go into your software and click on what you want to encrypt (filename2), and with which key (filename).
It should hopefully give you some output options and you need to select armour/ascii.
Sorry I can't be more specific!
Let us know if that works - also, if you want to test out decrypting,here is a message for you:
-----BEGIN PGP MESSAGE-----
hQEMA74dMXulL//2AQf+OLJQYeC7i90PX2bEwpTV7yfLxRmndn5kTIbz0q+1T+iJ
YSFfeomU2vHB3k25SK4aEKuQpg2gVsCNsEKYolB5l2+eddXEPNYzbnASZMBNzBbI
3/JFHgdtfuLbPp/2ivbfjbq4R/IyExzHcYjGb0C86o2+D+gxcsE69CP7spvpCALE
XPdI5K5bBvtRZzWI8VOU3IZO6alHpqOD6tXJHwCkSeJE27aWYou5lrpMDiMFeeDE
Xhs+6nDYwchnT2JPDO7uCXMr7w9Y1ohumIi4zrLW6OT3r9BJd76zkI6qCNahfJst
2W6sMmB4Ru02LkSqe8asM39G95fE9cG6LXD7h7BCfdJhAZzyNKHVAjkZhe/hXbIm
Zgsxo+o8G3J7J4f7QQ27IxOhqfaNuV2lLpMOMy0/KcDWrlAgzbfhtCK9I40VnH7L
E5KG6YLjANFvncwlicqKSy+thDySi6Jjsux9GfUk4cqBTg==
=xW6d
-----END PGP MESSAGE-----
Go check out the newbie GPG section if you want more practice....
rww
-
Just download Tails or Whonix and look at the tutorials in the SR security forum. There's also a GPG4USB guide somewhere in that forum, which you can use on Windows and Linux.
-
Let us know if that works - also, if you want to test out decrypting,here is a message for you:
-----BEGIN PGP MESSAGE-----
hQEMA74dMXulL//2AQf+OLJQYeC7i90PX2bEwpTV7yfLxRmndn5kTIbz0q+1T+iJ
YSFfeomU2vHB3k25SK4aEKuQpg2gVsCNsEKYolB5l2+eddXEPNYzbnASZMBNzBbI
3/JFHgdtfuLbPp/2ivbfjbq4R/IyExzHcYjGb0C86o2+D+gxcsE69CP7spvpCALE
XPdI5K5bBvtRZzWI8VOU3IZO6alHpqOD6tXJHwCkSeJE27aWYou5lrpMDiMFeeDE
Xhs+6nDYwchnT2JPDO7uCXMr7w9Y1ohumIi4zrLW6OT3r9BJd76zkI6qCNahfJst
2W6sMmB4Ru02LkSqe8asM39G95fE9cG6LXD7h7BCfdJhAZzyNKHVAjkZhe/hXbIm
Zgsxo+o8G3J7J4f7QQ27IxOhqfaNuV2lLpMOMy0/KcDWrlAgzbfhtCK9I40VnH7L
E5KG6YLjANFvncwlicqKSy+thDySi6Jjsux9GfUk4cqBTg==
=xW6d
-----END PGP MESSAGE-----
Go check out the newbie GPG section if you want more practice....
rww
I was able to successfully read the message you sent, and will test out the message encrypting next and let you know how it goes. Tremendous help, thanks!
-
Just download Tails or Whonix and look at the tutorials in the SR security forum. There's also a GPG4USB guide somewhere in that forum, which you can use on Windows and Linux.
I did stumble on the tutorial for Whonix, seems pretty complicated but I'm sure if I study it enough I can get it down. Is Whonix currently the most secure usb OS you can set up?
-
The most important thing to you is the vendords public key, it's pretty rare that yours will ever be needed . I have an older version of windows too and I trhink the simplest pgp software is gpf4win . It's very easy and I figured it out just fucking around with it four a while, no tutorials , no nothing. And, I'm in no way any kind of computer wiz, far from it.
With gpg4win, there is a button that opens what they call their "clipboard", which is just like notepad except you can encrypt/decrypt anything on it. gpg4win stores all the public keys for anyone you communicate with, it's all pretty easy. Once you do it the 1st time, you will be amazed how easy it really is.
Good luck
-
On reflection rockwaterwind is right, you cant be to careful and finally after 3 days and about 7 download/deletions i have finally got my settings right. the first time i have found using a mac put me on the back foot, im not smart enough to own this computer. onwards and upwards. =)
-
On reflection rockwaterwind is right, you cant be to careful and finally after 3 days and about 7 download/deletions i have finally got my settings right. the first time i have found using a mac put me on the back foot, im not smart enough to own this computer. onwards and upwards. =)
It's a bit overwhelming at first to get everything working properly, but after the initial stumbles it becomes surprisingly straightforward.
-
On reflection rockwaterwind is right, you cant be to careful and finally after 3 days and about 7 download/deletions i have finally got my settings right. the first time i have found using a mac put me on the back foot, im not smart enough to own this computer. onwards and upwards. =)
It's a bit overwhelming at first to get everything working properly, but after the initial stumbles it becomes surprisingly straightforward.
That's what I'm starting to realize now, after I got over the hump it all starts to seem pretty simple. When it comes to something such as SR, there is absolutely no such thing as "too careful".
-
Yes, once you have learnt how to use GPG the last challenge is to find vendors who seem to know what they are doing :)
Once you have that, you are about as secure as you can manage to be whilst ordering drugs through the mail :)