Silk Road forums
Discussion => Security => Topic started by: RunningLion on March 02, 2012, 08:14 pm
-
I am using gpgtools for my encryption through the SR messaging system. Should I be encrypting my gpg client somehow (with truecrypt)? If so, how? Although anyone can use tor for a variety of different reasons so I don't see much reason to encrypt it but it seems like a direct link between myself and SR with vendors public keys. Would anyone say that encrypting my tor is also smart? I could figure that one out myself.
Thanks community :)
-
Yes, if law enforcement were to search your computer, having sellers' public keys on your keychain could be corroborating evidence. As could the bookmarks and browser history. The actual applications (Tor, Bitcoin, GPGTools) have enough legitimate uses that I don't worry about them - TrueCrypt is probably just as incriminating.
Not being a Mac user, I can't speak as how to move the keyring and bookmarks files to an encrypted volume, but a non-encryption solution would be: a) don't bookmark SR, b) make sure your browser isn't keeping any history, and c) delete vendors' keys from GPGTools after each use.
-
Could I just put all of the gpg files in a volume when I download it and make sure the volume is open when I want to use gpg?
-
Would it still be able to interact with the computer?
-
Could I just put all of the gpg files in a volume when I download it and make sure the volume is open when I want to use gpg?
On my Linux box, the public keys are stored in ~/.gnupg/pubring.gpg or an alternate location specified using the --keyring argument. So if I had an encrypted volume mounted on ~/sekirt, I could type something like:
gpg -esa -r somevendor@tormail.net --keyring ~/sekrit/silkroad-keys.gpg
I don't use a Mac or GPG Tools so I don't know if there's an equivalent option, but hopefully this helps as a starting point.