Silk Road forums

Discussion => Newbie discussion => Topic started by: William Wallace on July 06, 2013, 04:58 pm

Title: PGP Question
Post by: William Wallace on July 06, 2013, 04:58 pm
I've seen the "newbie PGP" thread but couldn't seem to find the info I was looking for.

My question is:

When you're ready to order and want to send the vendor an address to ship to, do you first copy and paste their public key into the (shopping cart) message box and then add your address at the end?

Sorry if this question seems dumb or is redundant.
Thanks in advance for any help.
Title: Re: PGP Question
Post by: youcantouchthis on July 06, 2013, 07:52 pm
Vendor doesn't need your public key.
You need to import his public and encrypt the message with it.

Thank you
YCTT
Title: Re: PGP Question
Post by: William Wallace on July 07, 2013, 02:28 am
Thanks for the response YCTT. I don't have a public key yet.

So, just so I am clear on this, I take THEIR public key, copy and paste it into the shopping cart message box, and then add the shipping address at the end?

Is this the correct way?

Thanks again. I would +1 you but I guess n00bs aren't allowed to do that.....;)
Title: Re: PGP Question
Post by: kronik42088 on July 07, 2013, 02:35 am
i cant figure out how to use PGP

so i dont bother...
Title: Re: PGP Question
Post by: William Wallace on July 07, 2013, 02:46 am
Yeah, I hear..err....read you.  I don't plan on doing a ton of business on here but as the old saying goes:
"Better a live chicken than a dead duck."

IDK if anything is foolproof, but I guess it would make me feel better to at least have a basic understanding of PGP before I start pulling the trigger on sales.

To anyone reading, any pointers or help would be much appreciated.
Title: Re: PGP Question
Post by: ChemCat on July 07, 2013, 02:56 am
the Newbie PGP Club

should see it at the top of the Newbie section  :)
Title: Re: PGP Question
Post by: ChemCat on July 07, 2013, 02:57 am
http://dkn255hz262ypmii.onion/index.php?topic=107219.0
Title: Re: PGP Question
Post by: ChemCat on July 07, 2013, 03:00 am
This is a tutorial by astor  :)

http://32yehzkk7jflf6r2.onion/gpg4usb/
Title: Re: PGP Question
Post by: Lorimer on July 07, 2013, 03:07 am
You're entirely right - not being able to figure out encryption is a pretty good sign you're not yet ready to order. If all you do is paste the vendor's key and your address into the message box, all you're doing is sending them their key and your unencrypted address - which I suppose the vendor might get a good laugh out of? :)

To encrypt your address, you need some sort of PGP software (GnuPG.org has a list - just go to their "Frontend" section and look at options for your OS). Download the software, and use it to create your own public & private PGP keys.  Then import the vendor's public PGP key to your keychain, and use the software to encrypt your address using the vendor's public PGP key. Copy the encrypted address (it will look like a block of gibberish) and paste it into the SR message system. The vendor will then use his private key to decrypt it.

I hope that was detailed enough! Any more and I'd need to know what encryption program you were using. If you don't have one, start there. Also, after you've created your public and private keys it's a good idea to practice encrypting (and decrypting) messages on the PGP thread so you know you've been successful at it before trying it out on a vendor.

It only sounds complicated in the beginning, and most of the programs make it pretty much a matter of copying and pasting and clicking the right buttons. You'll get the hang of it soon.
Title: Re: PGP Question
Post by: kronik42088 on July 07, 2013, 03:12 am
is PGP necessary?

i mean if i just type in my address and send it to the vendor, they will still send me my order yea?

already made a couple orders so...
Title: Re: PGP Question
Post by: William Wallace on July 07, 2013, 03:25 am
THANKS ChemCat and Lorimer!

I saw the "PGP club" sticky at the top and read through a little of it. It just looked like people were messaging each other to try out their encryption. I admit I got a little bored around page 3. (It's like looking at tax code or watching paint dry)

Thanks for the tutorials and the in depth responses. I really appreciate getting a starting point.

(and yes, I could see where a vendor would get a "good laugh" at me copy and pasting like I described...lol)

Hey, if I can't be productive I might as well be entertaining..

Thanks again..
Title: Re: PGP Question
Post by: ChemCat on July 07, 2013, 03:33 am
if ya have any problems just go in there and post your question   :)

someone will be along to assist you pretty quick usually  :)

Awesome people in that thread 

Peace,

  ChemCat 
                  O0
Title: Re: PGP Question
Post by: ChemCat on July 07, 2013, 03:34 am
+1 Karma  for ya to get ya started  :)
Title: Re: PGP Question
Post by: William Wallace on July 07, 2013, 04:14 am
Wow! Thanks CC! I feel so undeserving. That was nice of you.

BTW, I checked out your vendor page. I happen to be looking for some DMT. It was one of the reasons I joined the SR. After seeing Joe Rogan try to explain his trip, I decided I had to try some. (kind of a bucket list thing)

I unfortunately purchased and put about 20 BTC's in my account right before they dropped about 30%. I don't know if I should just go for it and spend them, or wait and see if/when they go back up. It kind of sucks. Oh well, I knew there was risk involved. Anyway, pleased to make your acquaintance.

Thanks again.
Peace.
Title: Re: PGP Question
Post by: ChemCat on July 07, 2013, 04:34 am
Hiya William and pleased to make your acquaintance as well  :)

Some would say spend those coins others would say to hold on to them....


i think people should just do what they want to do  LOL

yeah ya seen my page?

no frills there huh?  LOL


DMT is some amazing stuff  :)
Title: Re: PGP Question
Post by: HurtsOnHeroin on July 07, 2013, 07:56 am
is PGP necessary?

i mean if i just type in my address and send it to the vendor, they will still send me my order yea?

already made a couple orders so...

Sending your address unencrypted, or using a third party service like Privnote, exposes you to several attacks. If the SR server is compromised by LE or hackers before your order is marked in transit, then the plaintext address will be available to that adversary. Further, you don't know if the operators of third party sites like Privnote are malicious, or if they will become malicious in the future and change their JavaScript so it sends your unencrypted address to their server.

Beyond that, vendors have been phished. Someone who gains access to a vendor's account will be able to see all unencrypted addresses for orders that are still processing, but PGP encrypted addresses will be unreadable because only the vendor has the private key to decrypt them. A phisher or hacker who gets this info could try to blackmail the customers... or spam their info all over the forum.
Title: Re: PGP Question
Post by: HenryC0833 on July 07, 2013, 05:35 pm
You encrypt the message on your computer, resulting in a note full of what looks like random characters.  You copy/paste this from your computer into the web page. 

You've made encrypted notes before, haven't you?  Ever have a secret code?  If you did, you encrypted and decrypted notes using a key.  Here's a simple key:  a=1, b=2, c=3, etc.  Using this key, you would encrypt "cat" to 3-1-20.  Your recipient would use the same key to decrypt the message. 

PGP is a lot more sophisticated and robust.  And it uses not one, but two keys.  The first key encrypts the message; the second decrypts it.

The encryption key is public.  Anybody can use it.  Meaning anybody is allowed to ENCRYPT a message.  But there is a separate, secret key that only the recipient has, that decrypts the message.    So not everybody is allowed to DECRYPT the message.

All PGP programs have a couple of things in common:
1.  A place to import and store public keys.  These are indexed by the recipient's name (or nom de plume) and an email address
2.  A program to encrypt messages using any key you want, including your own.  (Can you think of when you would want to send an encrypted message to yourself?  How bout all those fan letters to Justin Bieber you keep on your thumb drive?  I thought so.)

Some of these programs have a bulit-in text editor.  Some work with what's in the clipboard (so you could copy-encrypt-paste).  Some work from the file explorer.  Some integrate into your email program.   Just depends on the platform and what seems to meet your needs. 

But it will all boil down to a simple instruction you give the computer:  "Encrypt THIS file using THAT public key and save it as ANOTHER filename.  Thank you!"  (You should always praise your computer when it follows instructions.) 

You just have to rummage around and see what sort of PGP utilities work for your platform.  I use Ubuntu, and there really aren't any great options, it's easier to just do it from the command line.  Maybe Windows and Mac are better in this regard.

Basically you will
1.  Download and install the software.
2.  Set it up.  Make sure it outputs to "ASCII" (normal letters and numbers) and not "Binary", which is the language Cylon warriors use*.   Make sure you can find the output files.  That kind of stuff. 
3.  Make yourself a public and private key so people can send you encrypted messages.
4.   Download and import public keys from people you want to send messages to.  For Silk Road, you will copy the public key off the web page, paste it into Notepad or TextEdit, save the file, and then direct your PGP to import public key from the file you just made.
5. Figure out how to make your computer do the ecryption.  With luck your computer will support some sort of graphical, point-and-shoot interface.  Mine doesn't, and if yours doesn't either, you have to figure out how to use the command line in Terminal. 

If you haven't seen it already, check out "Tails Linux."  Google it.  KISS simple security, including the easiest durn PGP solution out there.  And you will feel like such a bad-ass geek for using Linux.  Seriously.  It rocks. 


*Just kidding!  But the blonde... is she hot, or what?