Asked to resend address?

I was asked by a highly rated vendor to resend my address because the "pgp wasn't right" after he returned from a few consecutive days of being offline. Is this safe or is he compromised? His PGP key didn't change but I still think it's kinda sketchy.


Comments


[2 Points] yos0:

pgp wasn't right sounds like BS. He probably lost the address (I've done that). I'd resend the same address with the same PGP key.


[1 Points] s0urpatch:

Not sketchy at all. Vendors have lives outside of this. Just like regular drug dealers. So them being offline for a few consecutive days is nothing. As far as the address... are you sure you typed it right?


[1 Points] OrdinaryToaster:

There would be no reason to ask someone to send the same message with the same PGP key unless there was actually a problem with the PGP encrypted message. It is possible that you might have clicked on the wrong PGP key when encrypting it or a number of other reasons.


\OT

/r/Panacea mod


[1 Points] Theeconomist1:

If you still have the original cleartext that you sent the vendor (before encrypted), you could try to encrypt it again and then compare the output with what you actually sent the vendor. Just make sure that the clear text is the exact same one, no extra space, exact. If the outputs are the same, then you know the PGP message you sent was okay. If its different, then you might have used the wrong key to encrypt (another vendor's key for instance). Also, compare the key you had for this vendor with the key on the vendor profile to see if it changed.

Hard to tell, but I'd feel a little more comfortable if the outputs were different b/c that would mean it was my problems and I screwed up. If the outputs are the same, then who knows. The vendor could have messed up and deleted it but isn't admitting to that. Or it could be something worse. And of course verify the vendor's key hasn't changed. If it has and he didn't say that upfront, I'd be nervous and probably cancel.