Silk Road forums
Discussion => Newbie discussion => Topic started by: headshort on August 22, 2013, 05:51 pm
-
Some vendors give you their public PGP keys. When you checkout, do they want you to use your key instead of the shipping address and then send them the shipping info via email? It seems that way but I'm not sure. The vendor in question is JustSmuggledN. But this applies to other vendors as well. Should we do it via email or just use the form?
Thanks.
-
Before you oreder you should copy and import your vendors key into your pgp software
then using your pgp software write down your address and encrypt it with your vendors key.
Copy the resulting PGP message over to the checkout form and past it in the box where you post your address.
Your vendor can then unlock with his key and get your address in plaintext.
I use PGP4USB, it's the easiest one I've found and it works with both linux and windows. (Dev team working on Mac interface)
-
Thank you so much. But when I open the encrypted message with notebook, it really is a mess. It doesn't look like the public key, it's gibberish. Is that what I paste into the checkout window?
-
yeh dude past the gibber gabber its sposd to luck like dat cus its encrypted. they got ya pubic key so they can read it
-
Thank you so much. But when I open the encrypted message with notebook, it really is a mess. It doesn't look like the public key, it's gibberish. Is that what I paste into the checkout window?
You may need to turn on ascii armoring. By default gpg will do a binary encryption of the file. Alternatively you can pass the -a or --armor option on command line and it will create what's called "ascii armored output" which is suitable for pasting in that order box. Since it's so common you can add a new line to your gpg.conf file with just the word "armor" (no quotes or anything). It will then default to ascii armor which is what you'll be using far more than the binary encryption.
To put it another way, I use gpg on command line and I would type something like `gpg -se -r SomeSRKeyIImported address.txt`. After asking for the password for my private key it will sign and encrypt (that's the -se part) for the specified recipient (the -r). The resulting file will have the filename address.txt.asc. Viewing that file you'll see the first line "-----BEGIN PGP MESSAGE-----" followed by a bunch of random characters. It will look very similar to the public key of the seller you imported. That chunk of text between (and including) "BEGIN PGP MESSAGE" and "END PGP MESSAGE" is what you would paste in where it asks to enter your address.
To get an encrypted response from seller they will need your public key. I usually just post the same links you see in my signature and if they can't find it to just reply back "no key" or something along those lines and I'll just reply back with the key. So far none of the merchants I've delt with has had any issues with finding it though.
There are several options in gpg.conf worth turning on for your SR pgp store (if not obvious already, you shouldn't use the same pgp key for both SR and your "regular internet life"). See http://dkn255hz262ypmii.onion/index.php?topic=137510.0 and in particular the 2nd reply by Astor. Those options coupled with the hidden-encrypt-to option will make life much easier and safer for you. By all means look up those config options to learn what they do. Pine has done a couple excellent posts on pgp that are worth a read.