Silk Road forums

Discussion => Security => Topic started by: indignado on March 16, 2012, 09:55 am

Title: Newbie here with a few questions
Post by: indignado on March 16, 2012, 09:55 am
Hey, I'm new to Silk Road (well, I've been using it on my friend's computer for a couple weeks, but he's a bit of an idiot when it comes to security, so I've decided to just do it myself). I've made a couple of orders and they've came through fine, on time, no door getting battered down etc.

I'm just really confused about the whole encryption concept. Is everything you send on SR, including your address, and messages you send to vendors, supposed to be encrypted? If you have more than one item in your shopping cart, does that not mean only one vendor can decrypt the address? If so, should I use seperate shopping carts for each order?

Also I'm kind of confused as to how I'm supposed to encrypt a piece of text. To access SR I'm using Tails on a USB drive, and I can't seem to find any program with it that allows the type of encryption required. Does anyone have any tips, or a link to a quick tutorial? I've done a fair bit of searching online to figure this thing out, but I'm getting nowhere.

Any help would be greatly appreciated. Thanks :)
Title: Re: Newbie here with a few questions
Post by: nicehs2 on March 16, 2012, 10:45 am
I think when you send your address in the addressfield after placing order, the vendor will see it in plain-text, but is supposed to delete it immediately after use.
Theres a topic stickied in top of this forum with some tutorials on how to use GPG to encrypt messages so that it can only be read by you and the recipient with matching encryption keys: http://dkn255hz262ypmii.onion/index.php?topic=131.0
Title: Re: Newbie here with a few questions
Post by: Horizons on March 16, 2012, 11:45 am
And to answer another of your questions, yes - you should use different shopping carts for different vendors and encrypt your shipping address with that vendor's public key, so that only they can read it.
Title: Re: Newbie here with a few questions
Post by: indignado on March 16, 2012, 12:15 pm
Great, thanks guys, think I have it figured out. I have an encrypted message for you Horizons, would you be able to decrypt and read it just to check that I'm doing it right? Also are there any more precautions that need taken? Is this "signature" thing important?

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQEMA7azcgjRnEAqAQgAihtrmmJnRj2Jlkzawi1CUs4W+sClGn9A1Wdm2M139Yo/
wuY74kmKpk6pgbiupxGYLklwVcvx9bktYnAzj35NgAx5JO6dgo0gBGOZPL/4f7/p
rjGDv2KWuaMiPypVCNG40hHZwPQ7CINj1l5LXfM2AbSghpqC5Gwd1J6/tqM7VM6a
MCY9hDPS9RSmgw+UsuYEtkuoJjwTEs6pGLNzmRkYatMBFaVsOi5PJZf0Af9tjcee
LWfjGj/R+kzWzROq36cVhX/Tqq4DnbEuB31Witcq5zvpb4H+rxnE1IVwLI3H8mNM
rqAIrY6xYXNTcPfh5ZMFMHa0eJqn3FKVqD0CByrJL9JRAR2youAPGidB+2niLKO4
XqFCm/wM+K/U8nZQbRLFrTgEWdbnK+b+BDt+gBvR8GvcGX8xMTvzzXTPkNvH5x4C
MSFqbz1NyaVlEwkHhF87UL3K
=6ZSF
-----END PGP MESSAGE-----
Title: Re: Newbie here with a few questions
Post by: Horizons on March 16, 2012, 12:22 pm
Quote
I hope this works!
Then rejoice, because it did!

Signing a message is a way to assure your recipient (if they already have your public key and know that it's reliable) that you're the one who sent it. It's not really necessary for your everyday SR use.

You managed to import my public key and encrypt a message for me using that key. Regarding encryption, this is pretty much everything you need to know. If you're going to generate a key pair for your own use, try to come up with a very good and very long password (I mean at least thirty characters here - go crazy) and don't actually input your real e-mail address.

If there's anything else we can help you with, feel free to ask. :)

Cheers,
Horizons.
Title: Re: Newbie here with a few questions
Post by: indignado on March 16, 2012, 12:35 pm
Brilliant! Thanks for the help :)