Silk Road forums

Discussion => Newbie discussion => Topic started by: jacksbigmusicshow on August 26, 2013, 10:33 am

Title: hey from a full newb, please excuse my retarded questions
Post by: jacksbigmusicshow on August 26, 2013, 10:33 am
full newb here

been lurking for a couple of days just trying to get myself sorted around the system. Still have no idea which way is up so please excuse any stupid questions.

WTF is with PGP? is it just for encrypting messaging between 2 parties?

is it safe to message on the SR site or do I need to PGP?

do I have to set up an email to use for PGP messaging?

I'm sure these have been covered a billion times before, and I can see a PGP sticky at the top of this newbie thread but can't understand it?

dont even get me started on bitcoins lol

thanks for your tolerance
Title: Re: hey from a full newb, please excuse my retarded questions
Post by: ace02 on August 26, 2013, 10:02 pm
PGP/GPG is a way of encrypting sensitive information. The most important thing to encrypt is your address and any specific discussion of packaging. For general questions about the product or whatever, you do not need to use PGP.

The easiest and most intuitive program I've found for this is gpg4usb. You run it off of a USB flash drive so that the information isn't on your actual computer. It works on Windows and Linux. Here's a link to download it but it's a clearnet ('normal' internet) link so *do not open it in the Tor Browser.* Copy and paste it into your normal browser (firefox, chrome, whatever). Link: http://gpg4usb.cpunk.de/

1) The first thing you want to do is create your own private key. If you're using gpg4usb, just click on 'Keys' then 'Manage Keys'. This will open a new window. In this window click on 'Key' and then select 'Generate Key.' For the name, put your SR username and for the email address DO NOT use a real email. Just put something like [username]@me.onion or whatever.

2) Now, to send a message to a vendor, you need to import their public key. (Still assuming you're using gpg4usb) All you do is go to the vendor's page and copy their public key all the way from -----BEGIN PGP PUBLIC KEY BLOCK-----

to -----END PGP PUBLIC KEY BLOCK-----

Make sure you copy all of the dashes or else it will not work.

3) In gpg4usb, click on 'Keys' then 'Import Keys From...' and then choose 'Clipboard'. The key you just copied from the vendor's page will now be imported.

4) In the tab called "untitled1.txt" type out the message that you want to encrypt. In the tab to the right of the text area it will say 'Encrypt For:' and it will show your own key as well as any keys that you have imported. Check the boxes next to your own name and the name of the person to whom you want to send the message. Click the big button with a lock on it that says 'Encrypt' and now you have encrypted your information and can send it to the vendor (or whoever). It will look something like this:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (MingW32)

hQEMA/ZvEEljMSU/AQf9EvP5goViBwCuC57XCjMd+EvL34YRjZWHG1M5mW0l+863
NJ1NA6KDlUyxVFJND1M3cZQ+Fpg9vpK/DbtKOfAHKVYxTDPLrnIuPGCjxdnYhIeE
iqOWTpoCby5SMdlQT8czLfU2n9XlGTZPVq0g1PAum+mVHcojyMtD34uOXDbyH2QE
fzqhgGiU/0O+aByMD2wPLhpNYegV3aEOg+JzJ0QmGU69qCV5RKHQAIc6wB/i818K
pfG0JBeEjGY8KoWARqnF9+rwAJczLUMJt182T9Il+hb4If6fB+e9CmPA17DvutMV
gEOcC7Y52nT4emCRBmJHGc6o4dAuPbjknN5qna6sJtI/Af2VWgLwatfJf2QTZIhg
kU28Vqd1J1bkDTPWBwGC6IX9scGYi0Yg+dRtkLwtA9YVjwiibAUptN3CXENvoY4m
=B87k
-----END PGP MESSAGE-----


USING PGP ON SR:

When you go to place an order on SR, there will be a box for your address. DO NOT JUST TYPE YOUR ADDRESS THERE. Encrypt it using the steps listed above and then copy and paste the whole encrypted message into the address box.

If a vendor does not use PGP, you should be wary. You are the one who is at risk by sending your real name and address in clear (non-encrypted) text. It's also a sign (in my opinion) that the vendor may be careless about their own security and (by extension) yours.

TL;DR: It's safe to send most things in clear text but you REALLY should encrypt your address or any other sensitive/identifying information. No, you do not need an email to use PGP.

I hope this was helpful. If anything is unclear or if you have any other questions, please feel free to ask! I can also help you out with explaining the whole bitcoin thing if you would like.
Title: Re: hey from a full newb, please excuse my retarded questions
Post by: Lufkin on August 27, 2013, 02:47 am
Nice summary, ACE02. Nice to see a great answer instead of a directive to read another thread.
Title: Re: hey from a full newb, please excuse my retarded questions
Post by: jacksbigmusicshow on August 28, 2013, 10:17 am
hey mate

thanks heaps for taking the time to explain that, i'm still fucking confused but I will have a play around with it and see if I can get it sorted

thanks again
Title: Re: hey from a full newb, please excuse my retarded questions
Post by: sinister-breaks on August 28, 2013, 10:33 am
PGP confuses everyone first time man. LEARN IT THOUGH, its a crucial part of shopping on here.

Yes you can just send an address without PGP, vendors will still send it, but you run the risk of having your address out there...

were security conscious types on here
Title: Re: hey from a full newb, please excuse my retarded questions
Post by: jerry47 on August 28, 2013, 12:44 pm
Thanks as well, thorough explanation!
Title: Re: hey from a full newb, please excuse my retarded questions
Post by: 8447948 on August 28, 2013, 12:50 pm
Are you running mac? If so i posted detailed instruction here:
http://dkn255hz262ypmii.onion/index.php?topic=208110.msg1498252#msg1498252

you may also find them useful if your a windows user...