Silk Road forums
Discussion => Security => Topic started by: newbottles on October 11, 2013, 07:30 pm
-
I got a message from a brand new registered forum member with no posts.
He just asked if I have a PGP key because he wanted to communicate.
Is there any risk to providing my public key and going from there?
Obviously I would evaluate the content of the communication with extreme caution.
Just want to make sure I am not missing something obvious here. Could be legit. Could be LE fishing (which is fine they won't get anything from me). I just want to know if it is risky to give my public key to some brand new guy without context.
Thanks and apologies if this question makes me look foolish.
-
no such thing as a foolish/paranoid question, foolish would be to abstain from asking it
regarding your question, hopefully you'll get some technical advice from someone who knows more about security than i do. im not that big of an expert to dare comment. have you asked them who they are or what they want? could help provide some insight regarding intentions.
-
I got a message from a brand new registered forum member with no posts.
He just asked if I have a PGP key because he wanted to communicate.
Is there any risk to providing my public key and going from there?
Now that you mention it, the same thing has happened to me... wonder if it's the same guy.
I don't see how it could be any more risky than sending an unencrypted PM to you. If you really don't trust them, and dont' feel comfortable giving them your regular PGP key, there is no reason you should, you could just generate a throw-away key for communicating with this particular individual. The key could be discarded when you're through with it.
Obviously I would evaluate the content of the communication with extreme caution.
Just want to make sure I am not missing something obvious here. Could be legit. Could be LE fishing (which is fine they won't get anything from me). I just want to know if it is risky to give my public key to some brand new guy without context.
As I said there is nothing stopping you from generating a new key to use for this this session, and throwing it away afterward. There is no rule that says you nave to have one, and only one, PGP key.
Thanks and apologies if this question makes me look foolish.
Not asking would be foolish.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433B
-
The above is exactly what I did. New key for this exchange.
Thanks for the input.
-
I got a message from a brand new registered forum member with no posts.
He just asked if I have a PGP key because he wanted to communicate.
There's no risk in giving him your public key. That's what a public key is for ... so you can post it on your profile or somewhere public where anyone can have it. But only you can decrypt any message encrypted with a public key with your secret key.
Sounds like a noob that's paranoid about using TOR with recent events and all.