Silk Road forums
Discussion => Newbie discussion => Topic started by: dram on June 20, 2013, 09:50 am
-
Hi , I am totally new to this by only a couple of days and Im blown away and trying to digest a hell of alot of new info. So far I have got tails worked out (Basically) and will be installing that tonight hopefully. I understand the how and why of that, Ive got the basic Jist of The PGP. I can see why its needed . The things Im not getting is when to use it?? I thought there would be more stikys on this forum.
So say I place an order , am I supposed to use the PGP when putting in my details,(if so how?) or is it just when one is messaging a Vendor? I suppose I am after a very basic how to regarding the security protocols.
Cheers in advance for any replys
-
Use pgp to encrypt your shipping address, and copy/paste the pgp message into the address box on the checkout screen. Make sure to use the vendors public key when you encrypt. You could also include a copy/paste of your public key if you think the vendor will want to send you an encrypted message, but my experience is that communication from vendors does not come encrypted. I've never bothered to encrypt anything other than my address, any other messages I just send plain text, but I'm also not the type to bother vendors with piles of questions.
-
encrypt every, and only, personal sensitive information.
for simply questions etc just plain text, I think vendors receive a lot of messages.
-
Right, it's for sensitive information such as the delivery address. Since that info is stored in SR's database at least long enough for the vendor to retrieve it, by keeping your sensitive info encrypted, then even if SR is hacked or otherwise compromised, your sensitive info is safe because you would need the vendor's private key to decrypt it into a readable form. Is it absolutely necessary? Probably not, but I would say it is 'industry best practice'. Some vendors say they require it on their vendor pages.
Also correct, for simple questions or comments like 'great job' or 'do you have northern lights in a QP?' you can usually forgo the encryption. It obviously takes vendors more time to process an encrypted message, because then you have to copy the message out and run it through your decryption software.