Silk Road forums

Discussion => Newbie discussion => Topic started by: sante on April 24, 2013, 04:01 am

Title: PGP? How is it safe?
Post by: sante on April 24, 2013, 04:01 am
I understand its encryption but when you post the key, doesn't that defeat the purpose? Can't the law just grab your public key and then can read your messages? Plus if they are a seller how is it going to save you as you just give them your pgp key and they can read your message?

Is it just incase someone breaks into your account  or intercepts your messages? But then if they are that smart surely they are smart enough to go looking on here for your pgp? Or check your public profile where you have your pgp published...

i'm obviously missing something, someone please give me teh smarts

thanks :)
Title: Re: PGP? How is it safe?
Post by: TR0N on April 24, 2013, 04:36 am
The public part of a PGP key is only used for encryption. You cannot decrypt anything with the public key alone. When you create a PGP address you create a password, and the private part of your key is stored in a file on your computer. Even if someone got access to the private half of your key they would still need your password, so it's pretty secure, but I guess if you were ever in a seriously compromised situation you could be forced to give up your password if your computer was seized and your PGP key discovered. If you delete your PGP key off of your hard drive and send it to your own TorMail account for safekeeping, it's pretty much Fort Knox status.

Of course, when you make a PGP key for SR, it should only be used for SR, and do not use any real info which could identify you. Use a TorMail email and different username than other sites.

The idea behind PGP is that it is used to protect us when sensitive, personally identifiable information is exchanged. The Tor browser keeps us all anonymous, but when we make a purchase, we need to give the vendor our real names and addresses, or at best, the names and addresses of people who are connected to us in real life. If the law was able to compromise SR, they would no doubt be interested in all of our shipping addresses. This is why we use PGP.  SR could become totally compromised, and LEO still would not be able to retrieve anyone's address.
Title: Re: PGP? How is it safe?
Post by: wicked420 on April 24, 2013, 05:20 am
PGP Encryption allows you to post a key publicly, which allows people to send you messages encrypted.  Your Private Key allows you to decrypt that message.  This way you can post encrypted content into a public forum, and only the person with the private key can read it.  This keeps the service provider, law enforcement, and any other prying eyes out of the conversation completely.  This way you can use a public forum like this, and have a private conversation with an individual completely in the open. 

I've created an onion, now linked to by several of the directories and wiki's in the onion patch, that has been well received and supported. It is several links to guides for encryption and a tool to test your encryption methods to make sure you're doing it correctly:   http://p3lr4cdm3pv4plyj.onion/

Use the PGP encryption test on that onion linked above, and you can see how it works.

I hope you do start encrypting any and all private information, so that you can protect both yourself, and the person you're communicating with!

If you need any help , or have any further questions, please let me know.

-wicked
Title: Re: PGP? How is it safe?
Post by: sante on April 24, 2013, 06:07 am
thanks mate, still getting my head around it as i think its all for naught as you ultimately have to give up the key to the person you are communicating with.. so if they get busted by the cops they can easily give this key and so whats the point... so messages to/from buyers i see as being moot as far as pgp.
Title: Re: PGP? How is it safe?
Post by: wicked420 on April 24, 2013, 06:24 am
I feel like you're just trolling:

If you dont encrypt the information then:  Anyone who forces their way into silk road, whether it be a hacker or law enforcement, as well as the silk road admins can read all of your personal information.  If you encrypt it, only the person you encrypt the message to can read it.... and if his computer gets seized by law enforcement, they still need his private key's password in order to read your message.  Its INFINITELY more secure than if you dont encrypt it.  The only key related to you , that you hand out , is a public key that allows people to send you messages encrypted, thats it.  It wont allow anyone to read messages sent to you.  The key you give people ONLY lets them encrypt messages to you.   

Essentially you're saying :  Since we're going to die anyway, lets just act foolish, eat like shit and commit suicide.  , and in this analogy, Encryption is being healthy, and intelligent allowing you to live a long enjoyable life.   
Title: Re: PGP? How is it safe?
Post by: TR0N on April 24, 2013, 06:54 am
thanks mate, still getting my head around it as i think its all for naught as you ultimately have to give up the key to the person you are communicating with.. so if they get busted by the cops they can easily give this key and so whats the point... so messages to/from buyers i see as being moot as far as pgp.

Lol XD
Title: Re: PGP? How is it safe?
Post by: sante on April 25, 2013, 11:19 pm
may sound like i'm trolling only coz my ignorance on pgp is massive and i dont understand it.

just need it explained to me or something so I can understand :)

Title: Re: PGP? How is it safe?
Post by: G00D2G0 on April 25, 2013, 11:53 pm
You have a public key and a private key.
The public key encrypts the messages.
The private key decrypts them.
Only you have the private key, so only you can decrypt and read the messages.

It doesn't matter if the cops can see your public key. It's impossible for them to decrypt and read the messages people send you because they would need your private key to do that, and only you know what that is.

Look at it like email. You can give anyone your email address and they can send you an email. But only you have the password to access your account and read your mail right? 
So imagine the public key is like your email address and your private key is like your password.
Does that make sense?
Title: Re: PGP? How is it safe?
Post by: Delta9ine on April 26, 2013, 12:04 am
PGP will stop a man in the middle intercepting communication between a buyer and a vendor.  Public key encryption overcomes the age old weakness of having to transfer a decrypting key to the recipient, this was always typically the weakest point in any encryption system.

there is a complex mathematical relationship between the private key and the public key that makes it impossible to derive the private key from the public.  This means you can send your public key far and wide, anyone can use it to send you messages but only you possess the private key that can unlock those messages.

I take your point that a message recipient could get busted, then potentially your prior comms to them could be decrypted by LE.  However, the private key is encrypted and requires a passphrase to use it, so the recipient would have to hand over is passphrase for this to happen.  Also, most vendors make a commitment to delete messages with private info directly after they are read which would leave no trail.

Finally, if you've setup your GPG keys carefully, with zero personal info and only use them within TOR world, it shouldn't matter too much if a vendor gets busted.  The is a fractional chance that a vendor gets busted, has kept messages containing your private info and then gives up his keys to LE.  This is the risk we take, fortunately it's fairly minimal.
Title: Re: PGP? How is it safe?
Post by: sante on April 29, 2013, 02:08 am
I think i understand now guys.


So whenever you are writing to someone and u want to encrypt with PGP you just use their public shared key as its the private key that they have that allows them to read it in plain text. For which is secured by a password.

The public key just converts it from plaintext into garbage (encryption code). Which once paired up with the right key unlocks it back to plain text.

Also correct me if I'm wrong but if I encrypt a message with someone elses public shared key, i can't decrypt it to see the message (see what I wrote)? Or does it allow the sender to decrypt it with their private key as well as it being decrypted by the private key assigned to the public shared key?

Let me know if I got it wrong.
Title: Re: PGP? How is it safe?
Post by: Delta9ine on April 30, 2013, 09:51 am
Sante, you are correct on all counts there.

There is a way you can configure GPG that will let you decrypt your messages (Thanks Pine).  You have to find the fingerprint of your public key, then add the following line to gpg.conf:

hidden-encrypt-to <your fingerprint>

This forces you public key to be used as well as whoever the recipient is.  It's very handy for going back and making changes, or reusing message text.

For more information on PGP, check out Pine's howto here:

http://dkn255hz262ypmii.onion/index.php?topic=137510.0

D9