Silk Road forums
Discussion => Security => Topic started by: momiji on December 29, 2011, 06:35 pm
-
I'm kind of freaking out right now. In my GPG Keychain Access program, there is an email address and a key of someone I know IRL.
I thought keys are only manually added. Is there a way keys automatically get added? I don't believe I've seen an email from him in over a year and the GPG Keychain Access program was only recently installed.
Please, someone explain this to me! :-\
-
You got some public key that is signed by another user. You verified signature and PGP downloaded the public key for that unknown signature. That's my theory.
-
^ Yes but can this be automated? Like if he sends an email with his key signed, or however it works, and then my email client picks it up and auto adds it to the key chain? Either way, this is insecure. What if my key somehow got added back to him? This nick name is supposed to be 100% anonymous only to SR. I've never used it on another site.
-
Depends on software. I recommend using using only Open source software to avoid unintended behavior. If You are under Windows, use WinPT.
-
Nah, I'm on OSX.
Apple has a habit of automagically doing shit. It always seems to freak me out. Like when I first got my macbook pro years ago I was driving around in my car, then when I stopped in a parking lot I looked over at it and it had auto connected to some wifi hotspot and was auto online without me having to do anything. I was like O.o