Is storing PGP keys an opsec risk?

Could vendor public keys or your own private key (that you use on DNMs) be used as evidence against you?


Comments


[7 Points] organichewn:

I think it could. I just delete the key after I've placed my order, it feels safer that way.


[3 Points] None:

I have also wondered this, a lot of big time vendors don't keep a key ring. They tell you to send your public key in every message


[3 Points] mraquari:

If you put some crypto on it and don't tell the pass to anybody, i don't think so.


[3 Points] I5uEQKrv4u5KR3fb7yyC:

no theres nothing incriminating about having someone elses pgp key on your computer, they could possibly use it to open up an investigation on you but chances are if they know you have someone elses pgp key you're already being investigated. If they have your private key, consider yourself fucked, if they find any messages sent to you via pgp they can read it, they'll use what they find with your private key as evidence.


[3 Points] whatisopsec:

Yes. Encrypt your public keys with a non-darknet linked PGP key and save that. Delete them when you are not using it. Encrypt your private keys if you do not need to decrypt a message. Or use TAILS persistent volume to store your keys.


[3 Points] entrippy11:

Note that you only need pgp keys for 2fa and/or receiving encrypted messages. Buyers don't typically need to receive encrypted messages. If you don't keep money on the market you could forgo 2fa and use a strong password.


[2 Points] wombat2combat:

Could vendor public keys or your own private key (that you use on DNMs) be used as evidence against you?

yes, that is why you should use tails.


[1 Points] IfWhenISayIMightFade:

I use true crypt https://www.grc.com/misc/truecrypt/truecrypt.htm on a flash drive to store any data I'd like to keep such as vendor/buyer keys and more.

You can make two passwords on a volume that open up different parts of the drive. make a password that has normal stuff you'd like to hide like clearnet passwords, maybe some financial records, taxes, etc. then make a second password that opens you up into your DNM data.

It's been proven that they can't tell whether you have one or two passwords, so if you're forced to give up a password give them the "normal" one.

You can make the encrypted drive as big or small as you want, within the limitations of the flash drive itself

Steve Gibson is an expert at encryption, and he uses it. good enough for him, good enough for me.