Silk Road forums
Discussion => Newbie discussion => Topic started by: rustbucket41 on March 02, 2013, 08:29 pm
-
So obviously I'm going to encrypt my message to the vendor since it includes private information, but is there any need for me to include my public PGP key for a vendor to reply with an encrypted message?
-
I know I could easily find the answer, but since I need posts I might as well start some discussion. So, explain PGP key to me! You get posts too :P
-
I'm not the best person to ask, but I'll try to explain what I know.
PGP is an algorithm (or something?) that encrypts messages such that only the intended recipient can read its unencrypted contents. A user creates a private key, from which a public key is generated. A vender will announce their public key on the forums/vendor page. A buyer such as you or I will add that public key to our keyring in gpg (gpg is the free program that can encrypt/decrypt PGP messages) so that we don't need to keep track of the keys ourselves. We then write a message, use gpg to encrypt it based on the vendor's public key. It is also advisable to have gpg include your public key as well so that you can read your own outbound messages. Once the vendor receives your pgp encrypted message, they use their private key (which only they know) to decrypt the message. This makes it so that SR (or anyone watching ST, etc.) can't view any information that you intend solely for the vendor.
-
rustbucket41: It depends. You will need to give your public key to the vendor if you anticipate the vendor replying with sensitive info intended for your eyes only. That way she can use your public key to encrypt those messages sent to you. By encrypting the messages with your public key, only you can see that message (by decrypting it with your private key).
Hope that makes sense.
-
he usually won't need it i guess - unless there are any questions about your personal details, and even then that could be kept in a general tone without revealing anything
you are probably save though either way, as all silkroad communication is encrypted anyway, so additional encryption (for matters like shipping address)
is just a personal security measure, and according to silkroad wiki not imperative - though i also do it myself
otherwise this might come in useful, if you're buying other things like passwords or credit card data - so that if your account got hacked nobody could read those messages
-
If you're sending your address oviously encrypt, if not it's not usually needed... Check the vendors page... they will usually say if EVERYTHING must be encrypted or not.