Silk Road forums
Discussion => Security => Topic started by: budpuck3t on April 24, 2012, 07:19 am
-
Ok so I made a TAILS usb, figuring out how to use encryption.
i figured out that i need to grab the vendor's public key, and import it so i can send them encrypted messages......but where the hell do I make my own public key so that they can respond with encrypted messages?
also where do i find my private key?
and finally, how would i go about importing both after i restard TAILS and it removes all the data?
i used the search function and read the gpg tutorial and everything and couldn't find an answer, nor on google.
thanks
-
Because Tails wipes disk and memory when shutting down, you will need to put the keypair on a USB stick. Here's a quick tutorial for you:
Step 0: plug in a USB stick and wait for it to mount (or mount it yourself, if it doesn't happen automatically)
Step 1: open a terminal window
Step 3: assuming the USB stick is mounted on /media/usb, type the following to generate your keypair: gpg --homedir /media/usb/ --gen-key
Step 4: answer the questions, choose 4096 for key strength, let the key expire if you want to, set your SR nick as the name, leave the rest blank, set a long passphrase
Step 5: to import a key, save the key in a file (e.g. vendorname.asc) and run gpg --homedir /media/usb/ --import vendor.asc
Step 6: to export your public key, run gpg --homedir /media/usb/ --export -a "Name you entered in 4" > mypubkey.asc
Things to keep in mind:
7. You will need to have the USB stick mounted whenever you want to encrypt/decrypt messages
8. You will need to specify the path to the USB stick whenever running gpg (i.e. --homedir /media/usb/)
9. Your private and public key will be located in /media/usb/.gnupg
-
Didn't know Tails wipes disk and memory when shutting down, kind of ruined the plan I had. I like to keep all of my SR/Tor info in one single notepad file, what would be the best option for carrying this around? Having a secondary encrypted USB with this file in it?
-
+1 on keeping everything you need to know on a seperate encrypted USB also if you are feeling really paraniod you can encrypt each file but that is not nessacary as in the US you are not required to give "THE MAN" your passphrase
-
Didn't know Tails wipes disk and memory when shutting down, kind of ruined the plan I had. I like to keep all of my SR/Tor info in one single notepad file, what would be the best option for carrying this around? Having a secondary encrypted USB with this file in it?
You could keep a copy of your Notepad file on a stick, and encrypt/decrypt it using facilities built-in to Tails. Tails has an excellent editor called Gedit; Gedit is supplied with a plugin that allows you to encrypt/decrypt/sign/verify GPG files from within the editor itself.
That is, if you look at the Gedit menu, i.e. File, Edit, View, Search, Tools, Document, etc. Under Edit you will see Decrypt/Verify and Encrypt entries. These will invoke GPG and allow you to use a public key to encrypt or decrypt a file that has been opened with Gedit.
Just use one of your own PGP keys to encrypt the file, and you should be good to go. (That said, try it on some practice files first, until you get the hang of it.)
Guru
i remember reading that you can a persistant partition on the TAILS usb but it's fairly in depth. if you use the usb exclusively for SR might be a good idea to keep everything on one easily concealable/destroyable drive
-
Because Tails wipes disk and memory when shutting down, you will need to put the keypair on a USB stick. Here's a quick tutorial for you:
Step 0: plug in a USB stick and wait for it to mount (or mount it yourself, if it doesn't happen automatically)
Step 1: open a terminal window
Step 3: assuming the USB stick is mounted on /media/usb, type the following to generate your keypair: gpg --homedir /media/usb/ --gen-key
Step 4: answer the questions, choose 4096 for key strength, let the key expire if you want to, set your SR nick as the name, leave the rest blank, set a long passphrase
Step 5: to import a key, save the key in a file (e.g. vendorname.asc) and run gpg --homedir /media/usb/ --import vendor.asc
Step 6: to export your public key, run gpg --homedir /media/usb/ --export -a "Name you entered in 4" > mypubkey.asc
Things to keep in mind:
7. You will need to have the USB stick mounted whenever you want to encrypt/decrypt messages
8. You will need to specify the path to the USB stick whenever running gpg (i.e. --homedir /media/usb/)
9. Your private and public key will be located in /media/usb/.gnupg
thanks!!! i will try this
-
non-command line method of generating new key:
system->preferences->password and encryption keys
file->new follow above settings to generate key
after making it, to export complete key go to properties->details->export complete key
to export public key go to file->export
-
non-command line method of generating new key:
system->preferences->password and encryption keys
file->new follow above settings to generate key
after making it, to export complete key go to properties->details->export complete key
to export public key go to file->export
i think i did it wrong?
it only exporred the private key:
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
************************************************
-----END PGP PRIVATE KEY BLOCK-----
(thats just a test key, ill make a new one)
-
nvm figured it out
so you would go to details and export the PRIVATE key and save it to the encrypted drive, then every time you restart tails just open that in gedit then verify it to import the key
also export the public key, then when you want to send a vendor a message, just open up the file with your public key, type in the message above the public key, then highlight it all and encrypt it with their public key.....and send via pm
they get a pgp block only they can open, and then once they do it contains your message and your public key
right?
-
that's right
although you should probably make a new key, because you just posted your private key above ;D
no one could use it without your password, but it would definitely be more secure to use a private key that wasn't published
-
Didn't know Tails wipes disk and memory when shutting down, kind of ruined the plan I had. I like to keep all of my SR/Tor info in one single notepad file, what would be the best option for carrying this around? Having a secondary encrypted USB with this file in it?
use partion wizard to split the pendrive in half. Load tails on the first half. Used the pendrive to boot into tails. then use disk utility in tails to encrypt second partiton in the pendrive.
-
that's right
although you should probably make a new key, because you just posted your private key above ;D
no one could use it without your password, but it would definitely be more secure to use a private key that wasn't published
no worries it was just a throwaway key for testing purposes, i removed it from the thread though because i noticed keys generated on the same machine (or in the same session? not sure) tend to have the same first few letters......i wonder why that is. probably nothing to worry about but im paranoid.