Silk Road forums

Discussion => Newbie discussion => Topic started by: mynameis_420 on August 09, 2013, 03:15 am

Title: YES, Another Newb (PGP)
Post by: mynameis_420 on August 09, 2013, 03:15 am
Yes, another newb needs help with PGP! any good step by step websites out there? Help a brotha out :)
Title: Re: YES, Another Newb (PGP)
Post by: HubertCumberdale on August 09, 2013, 03:23 am
It's easier than you think, once you get the hang of it.

Kleopatra works on Linux as well.

I copied this from another website:

    This tutorial uses GnuPGP4Win.

    GnuPGP Beta Download
    http://www.mediafire.com/?7nd4apb4vt1jdb2

    GnuPGP Download
    http://www.mediafire.com/?ex5zhuud5d7b1r1


    GnuPGP Setup for Windows

    GnuPG PGP encryption key setup

    First! an explanation....

    Encryption is always a nice benefit to have because, while everything on tor is usually contained in entirely encrypted flow, if ever for any reason the server
    does get compromised the messages on the server seized are still encrypted and are difficult or unable to be read by any entity without the keys to the encryption.

    This is where PGP encryption keys are nice. You have a public and a private key that correlate to one another. You hand out the public side of the key, and anyone
    who wants to send you an encrypted message, can do so using your key. You will then use the private key to decrypt that message, and you can enjoy a little more privacy
    in your conversation that would be had without it.

    -------------------------------------------


    1) Create your master certificate

    a) Open Kleopatra and then Click File => New Certificate
    b) Create a Personal OpenPGP Pair
    c) Name: use your username for the site
    email: use anonymous email, or fake@email.addy
    d) Click Advanced
    Select DSA
    Check Elgamal
    Use highest bits available for encryption

    e) Click OK
    f) Click Next

    g) Use a passphrase you can remember (80+ characters is not unheard of the longer the passphrase the more secure your message will be)
    This will take a bit of time....

    h) You can make a backup of your keypair if you want to, so you can import later....

    2) Export your public key

    a) Under 'My certificates' you should now see a listed name (should be your username, if you followed example)
    b) Hilight your certificate, and click export cert at the top, and save this file somewhere (it'll be a .asc file)
    (This file is your public certificate, open it up in notepad or something,
    and you can copy/paste this to your profile, or to your customers in a public message.)

    3) Adding Other Peoples Keys:

    a) People will post their public keys so that you can copy/import them into your key manager (kleopatra in this case)
    keys start with: -----BEGIN PGP PUBLIC KEY BLOCK-----
    keys end with: -----END PGP PUBLIC KEY BLOCK-----

    b) To get these keys into kleopatra, select the entire key (including the begin and end line), and copy them to your clipboard (crtl+c or edit=>copy)
    c) Right click your red kleopatra icon in your task bar
    d) select Clipboard and then certificate import

    4) Decrypt a message sent from someone

    a) Again, like the public keys, people will post encrypted messages to you that you'll need to decrypt
    messages start with: -----BEGIN PGP MESSAGE-----
    messages end with: -----END PGP MESSAGE-----
    b) Again, hilight and copy the entire message block, with the begin and end line
    c) Right Click the red Kleopatra icon
    d) Select Clipboard, then click decrypt
    e) Enter the passphrase you used to create your key
    The decrypted data is now in your clipboard
    f) Open notepad or another text editor, and paste the contents of your clipboard (crtl+v , edit=>paste)

    5) Encrypt a message to someone else

    a) First you need to make sure you have the public key saved for the person you want to communicate with, in section 3
    b) Open notepad, or a text editor, and type the message you want encrypted
    c) hilight the entire message, and copy it to your clipboard
    d) Right Click Kleopatra , Goto Clipboard , Click on Encrypt
    e) Click Add Recipient
    f) Goto Other Certificates, and add the individual you would like.
    g) Click Okay/next and it'll tell you its complete
    h) The encrypted message is now in your clipboard
    You can now paste that encrypted content into a private message to the person with crtl+v/edit=>paste.

Title: Re: YES, Another Newb (PGP)
Post by: Hargenflargen on August 09, 2013, 03:25 am
What computer do you have?
Title: Re: YES, Another Newb (PGP)
Post by: nosajorolok on August 09, 2013, 03:27 am
Try PortablePgp. Much more user-friendly than PGP4win or Kleopatra. Not that these aren't great PGP softwares, I just find PortablePgp the easiest to use/understand.

The above tutorial still basically applies.

Make sure to give us your public key so we can send you messages, that's the best way to make sure it's working.

Title: Re: YES, Another Newb (PGP)
Post by: Totalpay on August 09, 2013, 03:31 am
Thanks HubertCumberdale that was helpful :)
Title: Re: YES, Another Newb (PGP)
Post by: HubertCumberdale on August 09, 2013, 04:08 am
Not a problem :)

The biggest issue I had using that tutorial is -
AFTER you've opened the program:
In windows, right click on the icon that's in the bottom right corner of "open programs" -
Or in linux use the icon at the top right of the screen.

I kept trying to use the desktop icon and stuff that was in the open Window and getting very confused :p
Title: Re: YES, Another Newb (PGP)
Post by: idgafos on August 09, 2013, 04:25 am
Whats a good PGP for mac?
Title: Re: YES, Another Newb (PGP)
Post by: Hargenflargen on August 10, 2013, 12:46 am
I have a mac osx 10.7.5 , and the one that worked best for me was: https://gpgtools.org

-click on the "download GPG suite"

And this is the instructions that helped me fantastically (with an edit of my own):

download GPG Keychain Access.
Install.
Open.

Whenever you find a vendor you want to use, copy their Public Key.
Create a text document ( I use TextEdit, but any word processor will work)
Paste their public key into the word processor.
Save.
Go to GPG Key Chain Access.
Select "Import"
Choose the file you just saved with the vendors public key.

Now the vendors public key is in your keychain access.

Now, whenever you want to send them an encrypted message, open you email client on your mac, select the compose button. (you will not be sending an email, bare with me.)

Type your address, or whatever message into the compose email window.
Highlight the text and double finger click or right click (whatever your configuration)
At the bottom you will see "services"  click "OpenPGP: Encrypt selection to new window"

(****EDIT, OPEN TEXT EDIT, HIGHLIGHT THE SELECTION, GO TO SERVICES-> ENCRYPT THEN USE THE REST OF THIS...***)

Next, you will see a window pop up and you should see the vendor you selected in the window, check the box next to their name.  At the bottom you will see a drop down box that says "secret Key" select your account. (If you dont have one you can create one by selecting "New"  from GPG KeyChain access and create a new key)
 then click ok, and then, boom!! Encrypted message. Copy and paste into the vendors address box when you order your product.

Thats how i do it. Very easy once you do it once correctly.


***You'll want to untick the 'add to recipients' box, I believe this means the recipient won't be able to decrypt the message unless they have your key saved...Which vendors won't.***
Title: Re: YES, Another Newb (PGP)
Post by: Hargenflargen on August 10, 2013, 12:49 am
What my EDIT section means, is instead of opening your email to do it, you can just go to textedit and type in your address, highlight it, go to "services" and encrypt and then take up on his instructions from there. (starting with check the vendors name).
Title: Re: YES, Another Newb (PGP)
Post by: SOCIAUX on August 10, 2013, 12:52 am
PGP is ridiculously easy once you get the hang of it, literally takes all of 30 seconds after you mess around with it for a few minutes. I use Kleopatra, but I'll spare posting another guide since several have done that already. It's too easy to encrypt your address NOT to, especially with how much protection it provides if things go south.
Title: Re: YES, Another Newb (PGP)
Post by: R90 on August 10, 2013, 01:15 am
I use pgptools but reading a well written tutorial on gpg4usb really helped me figure it out - the principles are the same mostly. You start by generating your own key (new, passphrase, mash the keyboard while it's generating etc etc).

The basic principle - for me to send you an encrypted message, I need to encrypt it using your public key (hence the vendors post them on their profiles). Then you are able to decrypt it using your own key.

If I want you to reply to me, encrypted, then I must also give you my public key. You then encrypt the message for me using my public key, so I can decrypt it later.

Experiment with it a bit, it soon becomes clearer having appeared horrendously confusing to begin with.

Re Textedit, the PGP commands did not automatically appear in my right click / services menu to begin with. I had to manually enter them via system preferences / keyboard. 

Visit the PGP Club thread and import some addresses, play around with it. Also look out for signatures - slightly different, they are used to verify messages eg DPR usually signs his. Not many others use this function - it confused me a bit at first.

When you copy and paste a PGP key or message, make sure you take the whole thing including the ---- at the start and end of the message.

Also you don't have to attach an e-mail to your PGP, it's optional.

That's the stuff I found helpful starting out. I'm still learning though and I'm tired and error prone so if any of that is wrong please correct me.

The only thing that confused me initially was finding my own public key. But if I follow the instructions, save it to an ASCII file then open that using textedit it appears. I'm not entirely sure that is the simplest or only way to bring it up - perhaps someone more knowledgable could advise.

Also, silly question but I guess you can encrypt a key? So if I send a message and include my public key, I can encrypt the whole thing with someone elses key and send it to them? I struggle to wrap my head round that, like back to the future or the concept of infinity. My head hurts just thinking about it.

Title: Re: YES, Another Newb (PGP)
Post by: mynameis_420 on August 10, 2013, 01:49 am
Thank you ALL, this way great help!!
Title: Re: YES, Another Newb (PGP)
Post by: R90 on August 10, 2013, 01:53 am
you're very welcome :) hope you got it cracked.