Silk Road forums

Discussion => Security => Topic started by: jesakai on July 09, 2011, 02:56 pm

Title: pgp clarification
Post by: jesakai on July 09, 2011, 02:56 pm
Hello,
just trying to get my head around pgp keys and encryption.
I dloaded gnu4win and successfully created a key with an anonymous email.
As I read through the silkroad forum I found a nice text doc that provides step by step instructions and a test address.
I followed the directions and it had me working through kleopatra.

1. What is the difference between the two programs?

2. Why does it need an email address?
a. Is a fake email ok?

3.  When I send someone an encrypted message is it TRUE that they will need my public key to decrypt it?

4. How would having my public key allow another person to contact me, or would it?

Thanks for the HELP People!
"no traffic jams on the EXTRA mile"
Title: Re: pgp clarification
Post by: wicked420 on July 09, 2011, 03:17 pm
hey jesakai,

1) gnu4win is an application suite that holds several components to make PGP encryption work.  You have the encryption mechanism itself, and then a couple of different options for a keymanager.

2) Kleopatra is a key manager, this stores your private and public keys.  You give people your public key and that will allow them to encrypt a message to you, and then you use your private key to decrypt that message.  ( this is all handled completely in the key manager ) GnuPG/PGP/gnu4win are the  encryption mechanism -  kleopatra and GPA are the key managers to store all your GPG contacts.

a list of public keys is here:  http://dkn255hz262ypmii.onion/index.php?topic=174.0  ( you can select/copy them all at once, then import them into kleopatra )

2a) PGP encryption is a way to encrypt a message for a specific person, and email addresses are not required, and I suggest leaving it blank, using a fake one, or a completely anonymous email.  The key manager will display all the keys you have stored, and the email address is just another way to identify who you are encrypting your message to.

3)  You have this process reversed:  You will need their public key to send them an encrypted message.  They will need your public key to encrypt a message to you.  Private keys are just used for decrypting, and the private keys you should never give to anyone.  Make a backup of it, but never hand it out.  You make your public key public, and then we can send you a message. 

4) This should be answered above =)  Your public key is something for you to post to the world, so we can import your public key into your key manager, and then we can send you an encrypted message.


Feel free to ask away, and I'll do my best to clarify any misunderstandings !

Good Luck!
-wicked420
Title: Re: pgp clarification
Post by: bp on July 09, 2011, 09:47 pm
I've been wondering about setting trust levels and signing of other's keys.
I haven't done either for any of my imported keys (I do sign messages).
Is there ever a condition where you would want or need to do either?
Title: Re: pgp clarification
Post by: jesakai on July 30, 2011, 11:13 pm
Thanks wicked420!
That is just what I needed--clarification!
peace yo