Silk Road forums

Discussion => Security => Topic started by: Yoshitoshi on April 25, 2012, 12:35 pm

Title: PGP, Mac, Cannot Decrypt...
Post by: Yoshitoshi on April 25, 2012, 12:35 pm
Hey everybody, I've hacked through loads of PGP posts already, but still cannot find a solution.

I set up PortablePGP & GPGTools (same keys in each) on my mac just in time for 420. [GPG Services seemed a bit flaky, so I followed advice to try PortablePGP and it seemed easier and more reliable...]

Encrypted mailing info and already received mail, so that part working at least. Also passed the "TorID" test: http://p3lr4cdm3pv4plyj.onion/test.php

Have now received my *first* encrypted message from a vendor, and cannot decrypt by any means. PortablePGP says "cannot find suitable private key" and GPGTools says either "decryption failed" or "no valid encrypted data found".

The message begins like this:

Quote
-----BEGIN PGP MESSAGE-----
Version: BCPG v1.39

hQI

and ends like this:

Quote
=k4XT
-----END PGP MESSAGE-----

So formatting is OK I think. For what it's worth, the message also failed verification (no valid signature). Only thing I can think is does BCPG play nice with GPG?

Any ideas? Really don't want to appear a total noob by going back to my vendor and asking for cleartext...

Here's my public key:


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

mQGiBE+QIjcRBADd2W0O0VhaCCri08ZK08i+/BlesCmCk16zdSa1FD6BKD/tXxYR
Ia3QY3CnIFyoB178gry0nzvUwF148Kx4o3ZzmDhh/3OINvOPX+Wp0PX2nbRh6Xxb
sQk6RGjsmIHwGHDDPOMcViRPqnzs61widvBYnxF3thQCs0AeU0PhPi/B2QCg78cc
HiRlVrRjy3kdt8Ssv3FefPcD/2RdEhXvgDBUFuEkuFwU3kCv6tELikS4VxRbFzDA
BQ5EQIkWvsQ3dob5G9M5YR0c+gslQQBsTEtZgKiQrHStm3DaWIcUMF+BuevbGaGT
784eXLqyfaTB2J3u1MUXfykY0RDX3XdYKA6DIwXaOaVvC3gPrYH9IFnc/cH6L47p
jD/KBADOCdV+EH+BFQ0waBF9Nh6jtn6XRG66SS+CfT5tJdKVSMUTtRqe9UWm9hg/
DO7bfOxrzY/eFp+vqHqA6tzk17OdxGh0tdu3petezt15rIalktziLNHytXAy3UQq
/0/24pMf0HQmk1zP5CqZs8xcN5FTPI5H52h7Tz/QN+YcQ8DS1LQbdmlyYWdvX0sg
KE5vbmUpIDx2QGlyYWcub2s+iEYEExECAAYFAk+QIjcACgkQNXkczQRl3L5HfACg
phD57j+sXrSYVNwsyQ3zmhsMViIAoJ/Rr3FeU4IihKBZUAgKzarBgMrhuQGMBE+Q
IjcQBAD45+Uxme55eo1bOt5z6PmJb4PATzMluBklubMaC01uAlguliKe5UxzZMoO
BZmrCUDwurVv8AHbDLqOg4pyKLfEgPEIZkoQpQjtFIKnet3KWJA7mjhMlUYAXb1+
mUbM09J6ZjOXhO7tDsHLDHEUAvQ1zjuEHaWpDOXd3pKPDmQvjwP+JA6UxxyLlUVb
QQXhgF3dqrc8jT171nQ7HxBPJw5PytuxUszuyM94uOhDWaT831x1tZUiaWoFQhFg
GlmocDok3myD33jq6ivlO2dGBc+yPHPeLrHEEawXYBwMSl3S//OtrmU0BZtYNiPH
nK4iITTQu7Wxw+PdnBE65apUyhNe6ewD/A2AhNHNSUUMor0w+piZg419dps5d1ao
CzO8WXAMdXZjfueoiQkvbGuvtlRpcOawBWvHkRqVYaaNSNDCsBLO6ivBHMDwoutI
JO2PqqbkVjvNhOmBzisQ99rR0F67xpnuuX+X9ug4FICjzH8+rEnxFVw9SZ2Al16F
CML6ck2D0VeViEYEGBECAAYFAk+QIjcACgkQNXkczQRl3L6DDACePopuqcGQoag/
ZRapLbZbiK5tP1cAoKrhJ3bVTOMTRwRXNECSQKFvb5pe
=Z1mY
-----END PGP PUBLIC KEY BLOCK-----
Title: Re: PGP, Mac, Cannot Decrypt...
Post by: 77Tjm on April 25, 2012, 12:50 pm
Did you import the Vendor's Public Key? Will edit to add instructions momentarily...

What works best for me is opening up textedit, switching to plain text (command+shift+T), going to Firefox, highlighting and copying the entire key on the vendor's profile (command+C), switching back to Textedit (command+TAB), paste (command+v) -> Save (I name it key and save to my truecrypt drive or desktop).

After you have saved the file, open up PortablePGP.jar and click the black down arrow button next to Public Keys' and selecting the file I named 'key' and saved to my truecrypt drive (or desktop). After I get the confirmation that the key has imported, I delete the 'key' text file.
Title: Re: PGP, Mac, Cannot Decrypt...
Post by: Yoshitoshi on April 25, 2012, 03:26 pm
Thanks for info, but I already have his Public Key successfully imported.

Happy enough using keys, just stuck when they don't appear to work...
Title: Re: PGP, Mac, Cannot Decrypt...
Post by: Diamond on April 25, 2012, 06:32 pm
So if I understand correctly, the vendor is encrypting to your PUBLIC key, and you cannot decrypt the message with your PRIVATE key, using either Portable GPG or GPG Tools, on your Mac.

As far as "playing nice," I use GPG in various iterations on Wndows, Mac, and Linux, without issue, so I'd be shocked if there was a compatibility issue.

Question 1: You mentioned you have the "same keys in each" instance. How did you get the private key you generated from one instance to the other? Which instance was used to generate the private key initially?

Question 2: You're using GPG tools to decrypt a message, how? Are you saving the message as a file and decrypting to a cleartext file? Or are you pasting the cyphertext into TextEdit and utilizing the GPG services to decrypt the the message?
Title: Re: PGP, Mac, Cannot Decrypt...
Post by: facebang on April 25, 2012, 10:12 pm
I am having this exact same issue, I tried decrypting using PortablePGP, and through the Terminal.  I get the same errors in PortPGP.  I'm even able to change the passphrase, but then it tells me a suitable key cannot be extracted.

I'm saving the message as plain text and decrypting the file. 

Good luck, OP.  What OS version are you on?  Some features don't seem available to me in PGPTools.  Im on 10.5.8
Title: Re: PGP, Mac, Cannot Decrypt...
Post by: Yoshitoshi on April 27, 2012, 10:25 am
Thanks for the replies guys, they gave me some clues.

I generated my first key in PortablePGP and then exported both parts (private & public) and imported them into GPGKeychainAccess, but clearly the two versions of the public key are not identical, and have different headers, so each program must use it's own format.

I'll try and stick with just one program, and see how that goes, although each seems only to work about 80% here. On 10.7.3 here.

On another note, listened to this podcast with Andrew Lewman (Tor director) the other day, [CLEARNET]:
http://www.guardian.co.uk/technology/audio/2012/apr/24/tech-weekly-podcast-tor-anonymity

The interviewer comes across as a bit of a Facefuck shill: "Whyyyyy does anybody need so much privacy???" but there are some interesting insights mixed in, especially towards the end. No news there for the geeks, but maybe some stuff for noobs.