Silk Road forums
Discussion => Security => Topic started by: bxs2nnwtfaid on August 14, 2012, 08:48 pm
-
hey im a first time user of silkroad and have just kinda gotten acquainted to how to do things the "right way" i am trying to learn PGP and ive been following the guide in this post....
First, install GPGTools: http://www.gpgtools.org/installer/index.html
Next, create a key for Silk Road and/or Silk Road Forums:
- open GPG Keychain Access from your Applications directory
- click New
- in Full name, enter your Silk Road username and your Forum username so people can find you in their key list. if they are different names and you don't mind people associating your two accounts, put both separated by a space (or for advanced users who have two different names, make two keys, one for each)
- in E-mail address, enter a fake email (or a secure email like your tormail or countermail address if you'd like)
- you can leave everything else as-is
- click Generate key
- in the passphrase prompt, enter something that would be very, very hard to guess. adding numbers, capitol letters, punctuation, and using many characters helps. the program warns you if it thinks your passphrase is too weak. you hopefully know the passphrase drill by now. when it tells you to, move your mouse cursor around to help the computer make the keys more random (as you, a human being, are far more random than a CPU chip 8))
Now, lets enable OS X-wide access to some of GPGTools' features from within other applications to make it easier to do common GPGTools tasks, such as importing others' public keys and encrypting messages right from within your browser:
- open OS X's System Preferences (from the Apple menu or the Dock, for example)
- open Keyboard preferences
- click the Keyboard Shortcuts tab
- in the left column, click Services
- in the right column, scroll down to Text
- in the Text section (these are the indented entries beneath the line that says "Text") check the boxes next to OpenPGP: Decrypt, OpenPGP: Encrypt, OpenPGP: Import key, and OpenPGP: Insert my key
NOTE: For the below tips, "application menu" refers to the menu for the current program you are using such as "Aurora" or "Firefox" or "TextEdit". It is in the top menu bar next to the Apple menu and is bold. (Extra credit: For Apple applications such as TextEdit, you can also get to some of the same "OpenPGP: <command name>" commands by right-clicking on selected text, but not in Aurora or Firefox, unfortunately... not sure why.)
When you find somebody's public key you'd like to import (such as on a Silk Road seller's profile page):
- select the key text (from the first --- through all the lines of gobbledegook to the last ---)
- in the application menu, in the Services sub-menu, select OpenPGP: Import key
and viola! you have their public key ;D
The other options work similarly, but only in editable text areas where you can type, such as when you are writing a forum post, personal message, or entering your address for an order. This is because these commands are altering the text in-place.
For example, to encrypt your address for an order (after you have the sellers public key imported as per the above instructions):
- in the text area for your address (where it says "Please enter your name and address as it would be written on a letter") type your address (then double-check your address, then triple check)
- select your address
- in the application menu, in the Services sub-menu, select OpenPGP: Encrypt
- in the dialog that pops up you will see a list of keys you've imported - check the box for the seller's key
- uncheck the box near the bottom that says "Add to Recipients" (this refers to yourself, so you are saying to only encrypt it for the above-checked recipient and not also for yourself) (this step is optional, but why not do it and save your computer the extra effort :P)
- click OK
viola! your address is PGP encrypted and only the seller can decrypt it! ;D
To encrypt a personal message to another user or seller (after you have imported their public key as per the above instructions):
- in the text area for your message, type your message
- if this is your first message to this user and you want to give them your public key so they can send you an encrypted reply:
+ at the end of your message, type something like "Here is my key:" and then enter to the beginning of a new line
+ in the application menu, in the Services sub-menu, select OpenPGP: Insert my key
+ if you have multiple, select the appropriate key for the site you are on (e.g. your SR name if you are writing an SR message) (i would advise against using a key with your real name/email)
+ click "Choose Private-Key" (don't worry, it inserts the associated public key)
- select your entire message (including your own key if you included it)
- in the application menu, in the Services sub-menu, select OpenPGP: Encrypt
- in the dialog that pops up you will see a list of keys you've previously imported - check the box for the intended recipient's key
- underneath where it says "Secret Key", make sure the key (*your* key) you want to use for SR (or forum) communication is selected, and make sure the box next to "Add to Recipients" (which might be better titled "Add myself as a recipient") is checked (this is so that you can decrypt your own message later if you wish)
- click OK
viola! your message is PGP encrypted and only you and your intended recipient can decrypt it! ;D
To decrypt a message someone sent to you which was encrypted using your public key:
- select the encrypted message text (from the first --- through all the lines of gobbledegook to the last ---)
- right-click and copy the text
- open TextEdit from your Applications directory
- paste the text
- re-select the same exact text
- in the application menu, in the Services sub-menu, select OpenPGP: Decrypt (OR right-click the selected text and click OpenPGP: Decrypt, since we are in an Apple program)
- in the prompt, enter your password and press enter (I would advise *against* checking the box to store the passphrase in your keychain - otherwise anyone can decrypt your messages if they gain access to your computer and are logged in)
and viola! you have an unencrypted message. ;D
---------------------------------------------------------------------------------------------------
If you thought this was helpful and you want to give me a lil donation you can send it to:
SR user 'harrybradford' :D
but my problem is when i get to the part that tells me to go into system preferences > keyboard preferences > keyboard shortcuts > CLICK SERVICES IN THE LEFT COLUMN .... i cant go any further, because this does not exist on my MAC. since i cant do this, i cant figure out how to import keys or even find my own public key. has anybody had this problem before?
i'm thinking maybe my version (10.5.8) is too old and thats the problem?
any help is appreciated