Silk Road forums
Discussion => Security => Topic started by: 0h1n2h3o4j on February 04, 2012, 07:09 pm
-
I understand SR encrypts for you but to be safe I would like to use PGP or GPG, I have seen tutorials on how to use these but I dont get how the seller will decrypt the info. I know there is a key but if I send the key with the message what good is this? I noticed sellers post their "pgp key" but the same question remains, how is this safe? It seems to defeat the purpose if the key is public or if the key is in the same message! Obviously I am missing something here so please help me out. Links to an instructional would be greatly appreciated. Thanks, -Careful SRer
-
Here's how PGP encryption works, in a nutshell. When you generate a PGP key, you're actually generating a key PAIR. There's a private key and a public key. As the name ssuggest, the private key is supposed to be kept private, and the public key isn't.
Now, say I want to send you an encrypted message. To do that, I'll need your public key. I will use your public key to encrypt my message when I'm done writing it, and I'll send you the encrypted message. In order to decrypt a message encrypted with your Public Key, you need your Private Key. That means, since your private key is private, that ONLY YOU can decrypt it!
On the other hand, say you want to reply to my message and you want me to be sure that you're the one who sent it. You can type your message and sign it with your private key, and I can use your public key to verify the signature. Since only you have your own private key, I can be sure that only you could have created a valid signature.
Understand? Vendors on SR list their public keys on their vendor pages. You need to import that public key and use it to encrypt your address. That way, only the vendor will be able to decrypt and read it.
-
I know there is a key but if I send the key with the message what good is this? I noticed sellers post their "pgp key" but the same question remains, how is this safe?
Good questions.
Answer:
Everyone has a private key and a public key "pair".
Your message is encryted with [ a ] your public key, and [ b ] the vendor's public key....
...now that message can *only* be decrypted by someone who has the priavte key which matches [ a ], or [ b ] ( <--- the 2 public keys).
So as you can see, it doesn't matter that all the world can see your public key, because if they don't own the matching private key, they can't decrypt the message.
[edit] beaten too it.. horizen said it correctomondo.
-
I know there is a key but if I send the key with the message what good is this? I noticed sellers post their "pgp key" but the same question remains, how is this safe?
This is why there is not one key, but two. One is a public key, which you can share with anyone (public). The other is the private key, which you keep yourself and NEVER share with anyone.
The way this key pair system works is as follows. Anything encrypted with the public key can ONLY be decrypted by the private key, and vice versa.
So, any communication with the vendor, you encrypt by their public key, and ONLY they can decrypt it with their private key (which they have). You can include your public key in this communication at no risk.
Now they can encrypt communication to you with your public key, that ONLY you can decrypt by your private key (which you have).
Not only does this system allow you to conduct encrypted communication, it allow makes sure that ONLY the user who owns the key pair can decrypt the communication.
-
I love it that three of us chimed in with the correct answer within an hour of the original post, and nobody showed up to tell 0h1n2h3o4j off for not doing his own research. This place used to be a lot less newbie-friendly than it is now. Progress, progress. :)
-
Thanks!!!
I expected some negative responses as well but wow was that helpful. It makes so much more sense to me now. This information should be more easily accessible. I searched for it but could not find any help on how it worked. It is important that buyers understand this because it is an excellent protection to us. I was getting frustrated to the point I was about to just send my address unencrypted and I like to consider myself a safe person. THANKS!!!
-
erm, There's a sticky at the top of this very subforum with a step by step guide on how to do it, How much more accessible can you get?
Fair play to the people who helped you though. they are much patient men or woman than I.
-
I love it that three of us chimed in with the correct answer within an hour of the original post, and nobody showed up to tell 0h1n2h3o4j off for not doing his own research. This place used to be a lot less newbie-friendly than it is now. Progress, progress. :)
Haha same. To be honest though it reminds me when I started. None of the guides really gave a proper overview of why & how its safe to share keys.
I'm guessing you had similar sentiment 8)
-
I love it that three of us chimed in with the correct answer within an hour of the original post, and nobody showed up to tell 0h1n2h3o4j off for not doing his own research. This place used to be a lot less newbie-friendly than it is now. Progress, progress. :)
Haha same. To be honest though it reminds me when I started. None of the guides really gave a proper overview of why & how its safe to share keys.
I'm guessing you had similar sentiment 8)
Yep. 8)
-
Can someone step-by-step explain how to encrypt an address?
And also how do I find my public key?
-
Can someone step-by-step explain how to encrypt an address?
And also how do I find my public key?
A guide I wrote up for all things SR:
http://dkn255hz262ypmii.onion/index.php?topic=9067.0