Silk Road forums

Discussion => Newbie discussion => Topic started by: esoteric69 on July 24, 2013, 09:25 pm

Title: PGP / gpg.conf help needed
Post by: esoteric69 on July 24, 2013, 09:25 pm
Hey, complete noob to SR and PGP etc and need a little help.

I'm using Tails and about to set up my new PGP and it's asking for my full name/email address. Obviously not going to use any real info but should I just put fake details in? Is it better to say use a name the can be identifiable to future vendors etc and should I include say my Tormail address?

Second little thing, I'm just looking into making my gpg.conf as secure as possible, I've copied this info from another thread, at the bottom it mentions that I need a HTTP proxy? Is that the part where it shows the keyserver-options? Do I need to change anything else? thanks


no-greeting                 
no-emit-version           
no-comments               
utf8-strings               
armor                       
expert                     
trust-model always         
no-mdc-warning             

personal-cipher-preferences AES256 TWOFISH CAMELLIA256 AES192 CAMELLIA192 AES CAMELLIA128 CAST5 3DES BLOWFISH
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1
personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
cert-digest-algo SHA512

throw-keyid               
hidden-encrypt-to         


## Use the IndyMedia key server hidden service. This prevents accidentally connecting over clearnet.
## You need an HTTP proxy like Privoxy listening on port 8118, or adjust the lines below accordingly.
## The HTTP proxy forwards to Tor's SockPort. Here's a Privoxy config for that:
## https://trac.torproject.org/projects/tor/wiki/doc/PrivoxyConfig

keyserver hkp://2eghzlv2wwcq7u7y.onion
keyserver-options http-proxy=http://127.0.0.1:8118,debug,verbose
Title: Re: PGP / gpg.conf help needed
Post by: ShApEsHiFtInGsHaPeS on July 24, 2013, 09:33 pm
just put in fake email or leave it blank. it it is useful to put in a name that is recognizable for the people you want to exchange messages with.
you can create as much keys as you want so you can use different keys for different identities. make yourself a testkey and try it out at the newbie pgp thread http://dkn255hz262ypmii.onion/index.php?topic=107219.0   

cheers
Title: Re: PGP / gpg.conf help needed
Post by: Wernher on August 24, 2013, 05:24 am
Note: Compression before encryption can prevent some kinds of cryptanalysis and attacks, and the s2k settings make dictionary attacks more difficult; the the maximum s2k-count is 65011712.

Some of the things listed below can break compatibility, and I do NOT know if AES256 is better than TWOFISH and CAMELLIA256. Also, 'cipher-algo AES256' can override the preferences others have set on their public keys.


force-mdc
utf8-strings
charset utf-8
throw-keyids
no-auto-key-locate
no-emit-version
no-comments
no-greeting
no-allow-non-selfsigned-uid
ask-cert-expire
armor
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 TWOFISH AES CAST5 BZIP2 ZLIB ZIP Uncompressed
personal-cipher-preferences AES256 AES192 TWOFISH AES CAST5
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
cipher-algo AES256
digest-algo SHA512
cert-digest-algo SHA512
compress-algo BZIP2
bzip2-compress-level 9
compress-level 9
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-count 65011712
s2k-mode 3

You can check to see how a file was encrypted. Here is an example:

wernher@debian:~$ gpg --list-packets --show-session-key TestMessage.txt.asc
:symkey enc packet: version 4, cipher 9, s2k 3, hash 10
   salt 3ae52f293ec7042b, count 65011712 (255)
gpg: AES256 encrypted data
:encrypted data packet:
   length: unknown
   mdc_method: 2
gpg: encrypted with 1 passphrase
:compressed packet: algo=3
:literal data packet:
   mode b (62), created 1377313290, name="TestMessage.txt",
   raw data: 4800 bytes
gpg: session key: `9:30C7B45852E39514E9C02A1721FDC740B4489F1A0ECC97BB356183FB65BEB907'