Silk Road forums

Discussion => Newbie discussion => Topic started by: trellis017 on July 16, 2013, 11:41 pm

Title: Gauging interest: An offer to make a steeled, more comprehensive PGP tutorial...
Post by: trellis017 on July 16, 2013, 11:41 pm
Howdy, SR.  ;)

--------------------------- tl;dr at bottom ---------------------------

I'm a relative noob.  I figured out how to do PGP encryption using GNU Privacy Assistant.  Once I downloaded the program and add-ons from

http://www.gpg4win.org/,

I used (and I'm on a windows machine, by the way) GPA to make my own key, import the public keys from vendors on Silk Road, and successfully completed a couple transactions.  It must of worked because I sent PGP Private Messages and I got packages with my correct address on them so it must have worked.

I mainly used the following tutorial.  When the tutorial wasn't clear, I sort of stuck with my gut feeling about how to set it up, and it turned out to be fine.

http://p3lr4cdm3pv4plyj.onion/guides/shepj.html

There are a few things it doesn't explain so in the meantime feel free to PM me if you have questions, regardless of how trivial.  For example, the pictorial guide says to enter a "Secure or fake email".  This may sound like a dumb thing to get tied up over, but I really didn't know if it mattered if it was connected to a real email/if I needed to like confirm the key (and therefore need a real email) or that the vendors/recipients of my encrypted messages would have access to this name and email or not (they do), if that mattered, etc.

I also came to the conclusion that this guide sort of tells you how to do all the things you need to do, admittedly, but it doesn't tell you in what order or why you do which, or when.  I just felt (and I think most people do when trying PGP for the first time) like it's this daunting protocol that everyone keeps saying is really easy and if you're anything like me you worry that somehow you're doing it incorrectly because I happen to be particularly neurotic.

Like, I didn't know what it meant to have a private key, a public key, and a pass-phrase.  Which of these is important? Which do you share? How do you get your public key (to give to other vendors or forum members), after you have "created" a key with GPA?

And lastly, the thing I learned today is that when you create your encryption key with GPA (at least GPA version 0.9.4, which I downloaded today (16 July 2013)) you can't choose the bit size -- it chooses 2048 bits no matter what.  What does this mean? Is it good enough?  I discovered that by using Kleopatra (an add-on that comes with the GNU Privacy Assistant) it will allow up to 3072 bits.  But when I posted in the sticky-ed thread to "practice" with encryption, a senior member encouraged me to recreate it with 4096 bits.  But, GPA and Kleopatra won't allow that.  You *have* to create it through the command line to have the ability to make a 4096-bit key (as far as I know).  I figured out how to do it with this link:

http://www.glump.net/howto/cryptography/practical-introduction-to-gnu-privacy-guard-in-windows

Despite being very computer savvy (I work in a related field), I am not familiar with using the command line and am always intimidated by how to navigate around, so this too was stressful.

Quick aside: if you use the glump.net link above, in step 3.3 you want to choose  <1> DSA and RSA (default), NOT the DSA and Elgamal that the guide says.  Otherwise, it's accurate.

My point with all of my rant is this: I admit and acknowledge that there are a LOT of tutorials out there on PGP encryption, and if you use little pieces from all of them and a little trial on error (make assumptions about how to set it up as you go) you will most likely be able to figure it out.  However, I think that, despite the stickey-ed threads having a good start that will be suitable for most, most actual "noobs" (and especially those either lacking in computer savvy-ness or general IQ points) might benefit from having access to a tutorial that will leave no questions unanswered.  I'm willing to write it.  But I'm curious if those of you who made it this far reading my post think this is overkill/unnecessary or whether it would be beneficial.

Also, I am, as I said, a relative noob.  But I do know how to explain what I know in a concise and user-friendly fashion, and that should be enough to get anyone to the point where they can functionally be equipped with PGP encryption.  Anyone looking to be an advanced user will want more knowledge than I have.  I'm more than happy to have help, if anyone wants to add on after I write it.  I am gauging interest from both members who know what they're doing but also especially those specifically trying to figure out PGP at this very moment - whether the tutorials the silk road forums and your google searchings are sufficient or if it'd be nice to have something comprehensive.

--------------------------- tl;dr ---------------------------

I think the tutorials on silk road and through google searches for PGP encryption all together explain what you need to know, but there is no single tutorial that covers everything in very basic terms to make it easy for a new SR user to understand, and quickly.  I want to know if anyone agrees with me or if my writing it would be a waste of time.

Cheers.   8)
trellis017

PS
I tried using BBC formatting to bold and/or italicize some things in this thread using this link (which I would bold if I could) but it didn't work:

http://wiki.simplemachines.org/smf/Bulletin_board_code

I can only assume BBC formatting isn't allowed on the SR forums? 

I've learned a lot of things these last couple of weeks. But they say I'm a quick study so it's all good.  ;D