Silk Road forums
Discussion => Security => Topic started by: Altered Dimensions on September 12, 2013, 11:34 pm
-
hey guys so basically i am trying to find a decent PGP messaging app for the iphone, from what i can gather i should only use open source PGP programs right? Also i am not trying to find an app to send all my SR messages over, i simply love the idea of PGP encyption and want to be able to send a message to a friend about narcotics or a message with my bank details in over iphones that cannot be read by anyone except the sender and the recipent.
Does anyone know of any good trusted ones?
I have found this app:
(CLEARNET WARNING)
https://itunes.apple.com/us/app/opengp/id414003727?mt=8
Here in the description it claims:
OpenPGP/MIME renderer (RFC 2045 Plain UTF-8 message bodies, RFC 2046 Attached files), for reading mail with attached files sent with GPGMail (open source plugin for Apple Mail).
I assume this means it is open source? or is it just the GPGMail that is open source? sorry i'm a bit confused
If it's just the GPGMail should i just use the GPGMail part of this app to send and recieve private info, text/photo?
Just want to message someone completely private info over mobiles can anyone help me out?
I also found this:
(CLEARNET WARNING)
https://chatsecure.org/
And this:
(CLEARNET WARNING)
https://itunes.apple.com/us/app/ipgmail/id430780873?mt=8
^ This one seems promising but can we be assured there is no backdoor ?
Anyone had experience with any of these or a good PGP program i can use with my iphone?
Also whats the deal with non open source programs? should we not trust them?
As far as i knew PGP is safe because you need the persons PGP key to read any of the messages regardless if the program is open source or not right?
-
Opengp works fine, you can just use the clipboard to do everything. To import a key, copy to clipboard and import.
To encrypt a message, select encrypt, type message and select key to encrypt to and then choose encrypt to clipboard.
To decrypt copy message to clipboard and select decrypt. Enter your pass phrase and read message. (I believe you can copy it to cliobiard, but if you close apo without doing this clear text will be gone.
It seems like a fairly decent GUI.
If you want to be totally sure, jailbreak your device, install Mobile Terminal and use command line GPG. (It included as part of Cydia as I think repos use it to sign packages. Or something. Don't know really.) I wrote a brief tutorials which I will dig out if I can.
-
OK here it is. It is always cringy to go back through your newbie posts so I hope you appreciate my suffering.
I am not responsible for the consequences of following my advice. If your phone dies, turns into a remote monitoring device for the NSA, or emits a sedative gas and when you wake up you are on a mysterious island in a village full of extravagant architecture and men in blazers riding penny farthings who all call you Number Six, and thwart your escape attempts by means of an amorphous white orb, and the last episode is frankly confusing, then it is not my fault, and this preamble effectively waives all your rights and any others not specifically mentioned by name. That being said:
Ok, so a while ago i was looking for a GPG app for the iPhone. Since I already have a Tor browser for it (Onion Browser) I thought it would be useful. I am away from my computer most days and only can use GPG at night. This means if I need to communicate with a vendor it takes a day for each message/reply cycle, causing me potentially to have to wait longer for my drugs. Not ideal I think you will agree.
I found two, one a official Symnatec PGP which requires you to already own PGP official software. The other was a low budget job that couldnt import the keys I wanted so no good.
However in the course of my research I discovered that my jailbroken phone already has a command line GnuPG installed as part of the Cydia software. At the time I left it alone but now I have got my head round it.
PLEASE NOTE: if perfect security is important to you its probably best to stick to established methods. I am happy to use this as I am only a small time personal buyer.
First to check you have this package: Open Cydia>Manage>packages and switch to 'expert' setting. It should show up under the g's. I assumed it came with Cydia but it may have installed as a dependency for some other package I installed.
To use it you will need Mobile Terminal (install latest version from xsellize repo) and iFile. Also a SSH program on your PC will be handy. I use iFunbox; it has a stupid name but is the most useful.
Open Mobile Terminal. You do not need root privileges to use this. Type:
gpg
This will set up your pub and sec keyrings and a .conf file. These are in /var/mobile. in a folder .GnuPG which is invisible to iFile for some reason but will show up in iFunbox.
From now on any file will be put in /var/mobile. I dont know if this is vital but it seems to make sense to me.
To import your secret key, export it as a .asc file from your current GPG program. Put the .asc file in /var/mobile. You will probably want to shorten its name to something more managable: seckey.asc
Open Mobile Terminal and type
gpg --allow-secret-key-import --import seckey.asc
this will add your public and private keys to your keyring.
To import a public key:
gpg --import pubkey.asc (where pubkey is the name of the file)
If you want you can create a file in /var/mobile using iFile called "pubkey.asc" and just copy/paste the public key block into it.
So now you have your private keys and whoevers public keys you want, to see them type
gpg --list-keys
gpg --list-secret-keys
This will show a list of keys with User Names.
Ok, now to encrypt a message.
Create a file in /var/mobile. Call it msg.asc
Copy/paste or type your message in this file.
then in MT type
gpg -e -a -r "recipients user name" msg.asc
the -a tells it to encrypt the text within the file and output another .asc file. If you dont use this it will treat the file as data and encrypt it to a .gpg file which is no good to us. (it is fairly easygoing about user names; it will recognise a small portion, like for me "hungry" would do)
Return to /var/mobile in iFile. There will be a file called msg.asc.asc which will contain encrypted text which you can copy/paste to wherever you want it.
To decrypt a message:
Again, create msg.asc file in /var/mobile. Copy/paste encrypted text to it.
Open MT. type:
gpg -d -a msg.asc
you will be prompted for passphrase, then it will output in MT.
If you want it to output to a file:
gpg -o output.asc -d -a msg.asc
this will output to a file called output.asc
Obviously you can use whatever filenames suit you.
I think this also works with .txt files but since it outputs to .asc I thought keep it simple.
There is obviously a lot more to command line GPG but this is a quick and dirty start up.
I am fed up typing now, will add more perhaps later. If anyone else would like to contribute who has more expertise in command line GPG I would welcome advice and help.
I have already found this very useful. It might be an idea to delete public keys when not in use....
gpg --delete-key "User name"
...nothing worse than being caught with drugs in your letterbox and a SR vendors PGP key in your iPhone, i
imagine.
Edit: I have found it useful to leave two files in var/mobile
One called msg.asc for messages
One called key.asc for keys
You can then create shortcuts in mobile terminal for many basic functions using these files to copy paste messages or keys to. This saves a lot of typing.
I don't think that having GPG set up for use on your phone is in itself suspicious as long as you don't leave vendors keys on key rings. A casual examination of the phone by your average policeman isn't even going to show it. You'd have to assume phone being seized and examined by experts. Which I hope won't happen at my level of small personal transactions.
forgot to mention:
you can also generate a keypair:
gpg --gen-key
it will walk you through process.
Also, to export a public key to a file called "key.asc"
gpg --export -a "user name">key.asc
You can then copy/paste it for example to the bottom of your message. I keep a copy of my public key for this purpose.
-
Other than the above if you search for a list of gpg commands they will mostly all work. Also you can edit your .conf file to do useful stuff. A user called Louis Cyphere posted some useful stuff about that, you will have to find that yourself my friend as I am going to bed