Silk Road forums

Discussion => Security => Topic started by: themrhaircut on November 15, 2012, 11:39 pm

Title: PGP confusion, not sure what to do with vendor.
Post by: themrhaircut on November 15, 2012, 11:39 pm
I placed an order a week ago from a vendor, it's in my order queue as processing.

Messaged vendor to ask when it'd be shipped as I didn't want it sitting in my mailbox, and he replied with "I need your PGP key, send it to me". I didn't encrypt my address with MY key, I used his. I asked him if he needed my address again, and he said "No, I need your PGP key to decrypt your message." I can't get on SR because I got booted from the site right after I replied with "You don't need my key, I used your key" etc.. Now, I'm logged in but it won't load anything but the Welcome! page.

I've used PGP before, I get what I need to do. Is there any reason I should NOT send him my public key?

Thanks folks,
mrhaircut
Title: Re: PGP confusion, not sure what to do with vendor.
Post by: CoolGrey on November 15, 2012, 11:50 pm
There is no reason not to send your public key to the vendor. Your public key is not secret information, you can share it with everybody.

There are two possible reasons why somebody would want your public key:

- to send you an encrypted message
- to verify a PGP signature from you
Title: Re: PGP confusion, not sure what to do with vendor.
Post by: themrhaircut on November 15, 2012, 11:54 pm
Okay, thank you. I was just concerned and wanted immediate clarification.

regards,
mrhaircut
Title: Re: PGP confusion, not sure what to do with vendor.
Post by: CoolGrey on November 15, 2012, 11:57 pm
You're welcome. That's what the forums are for ;)