Silk Road forums

Discussion => Security => Topic started by: dabdiego on June 03, 2013, 07:51 am

Title: GPG Keychain Help
Post by: dabdiego on June 03, 2013, 07:51 am
Hey guys,

I'm sorry if this question has been answered a hundred times, but I've looked through a bunch of material and also consulted many guides... none of them seem to answer the question in a way I am able to understand, if at all. I have installed GPG Keychain for Mac and have went through the whole generating a key bit. I have three different keys up on my screen, two of which are RSA and one of which is DSA. I am confused as to how I am able to view my public and private keys associated with these. I am trying to get this down before opening my vending profile to the public tomorrow. Obviously I need to be able to post my public key, but also would like to know that I understand how to decrypt them with my private key. Again I am very, very new to the receiving end of PGP messages, any help you can provide will be very much appreciated. +1's to anyone who helps  ;)

Thanks!

Dabdiego
Title: Re: GPG Keychain Help
Post by: randomOVDB#2 on June 03, 2013, 10:37 am
Check this
http://dkn255hz262ypmii.onion/index.php?topic=145690.msg1006935#msg1006935
Title: Re: GPG Keychain Help
Post by: DoctorFate on June 03, 2013, 11:16 am
I understand what your saying, even reading everything, it can be hard to wrap your head around it. So you have GPG Keychain, I'm not sure that is the same as GPG Tools, its on the same site but the downloads look different.

Go to this clearnet link and download GPG Tools:
https://gpgtools.org/installer/index.html

Okay a little about encryption, you do not need your own key.  Down the road you may need a key if you ever want a seller or someone to send you something encrypted but for the most part what you will need is a sellers public key.  You take the key of a seller you want to use, you import the key into your gpg tools then you type out the information you want to encrypt, encrypt that information using the sellers public key, then send the encrypted information to your seller.

Here is a clearnet link to a video showing you the process.  The video shows how to encrypt inside a text editor with a few clicks, its about 2 min in.
https://gpgtools.org/screencast.html

In the event that you do make your own key with gpg tools, then that key will consist of 2 parts, a public and private part.  When you copy your key, your copying your public key, someone can use it to encrypt messages for you.  Your private key part will stay on your computer and is only used to decrypt messages that are encrypted using your public key.   

Hope this helps, please note that none of this is from me, I got all this information from the SR Wiki, even the links were there. So be sure to read up remember everything you need to know is here on the wiki:
http://dkn255hz262ypmii.onion/wiki/index.php?title=Main_Page
Title: Re: GPG Keychain Help
Post by: DoctorFate on June 03, 2013, 11:24 am
Check this
http://dkn255hz262ypmii.onion/index.php?topic=145690.msg1006935#msg1006935

This is a great post but do mac users really have to go through all that to use gpg tools?

I use GNU Privacy assistant on linux but it looks very similar to windows and mac programs I've seen in youtube videos.   Basically all I do is copy a public key (ctrl c), paste it into GNU (ctrl v), open a text document with my info, click file encrypt, keyring window pops up I choose the right public key, click okay and its encrypted.  I copy and paste the encrypted block whereever. 

Most of the guides I read involve saving text files of the keys, importing them, I dunno just seems like a lot of work.  Don't the newer versions allow for easier use? 
Title: Re: GPG Keychain Help
Post by: abitpeckish on June 03, 2013, 12:26 pm
Check this
http://dkn255hz262ypmii.onion/index.php?topic=145690.msg1006935#msg1006935

This is a great post but do mac users really have to go through all that to use gpg tools?

I use GNU Privacy assistant on linux but it looks very similar to windows and mac programs I've seen in youtube videos.   Basically all I do is copy a public key (ctrl c), paste it into GNU (ctrl v), open a text document with my info, click file encrypt, keyring window pops up I choose the right public key, click okay and its encrypted.  I copy and paste the encrypted block whereever. 

Most of the guides I read involve saving text files of the keys, importing them, I dunno just seems like a lot of work.  Don't the newer versions allow for easier use? 

If you really must do your PGP on your personal Mac, which I think is a bad idea, you should install the Dev Tools (XCode, etc) and install gnupg via Homebrew[1]. Then you should learn the basics of using it at the command line. You have to know what you're doing at least a LITTLE bit.

[1] (Clearnet) http://mxcl.github.io/homebrew/
Title: Re: GPG Keychain Help
Post by: randomOVDB#2 on June 03, 2013, 04:59 pm
Check this
http://dkn255hz262ypmii.onion/index.php?topic=145690.msg1006935#msg1006935

This is a great post but do mac users really have to go through all that to use gpg tools?

It's been established that mac sucks regarding GPG.
Title: Re: GPG Keychain Help
Post by: DoctorFate on June 03, 2013, 09:47 pm
Check this
http://dkn255hz262ypmii.onion/index.php?topic=145690.msg1006935#msg1006935

This is a great post but do mac users really have to go through all that to use gpg tools?

I use GNU Privacy assistant on linux but it looks very similar to windows and mac programs I've seen in youtube videos.   Basically all I do is copy a public key (ctrl c), paste it into GNU (ctrl v), open a text document with my info, click file encrypt, keyring window pops up I choose the right public key, click okay and its encrypted.  I copy and paste the encrypted block whereever. 

Most of the guides I read involve saving text files of the keys, importing them, I dunno just seems like a lot of work.  Don't the newer versions allow for easier use? 

If you really must do your PGP on your personal Mac, which I think is a bad idea, you should install the Dev Tools (XCode, etc) and install gnupg via Homebrew[1]. Then you should learn the basics of using it at the command line. You have to know what you're doing at least a LITTLE bit.

[1] (Clearnet) http://mxcl.github.io/homebrew/

This made me laugh because it seems sad for mac users to have something as simple as pgp be easier at the command line.  I really hate macs, they are alright now but I had to use them back when error restart bomb would pop up every 12 minutes.  Oh mac os how I hate you.  I don't mind using the command line but I rather a gui do it for me.
Title: Re: GPG Keychain Help
Post by: abitpeckish on June 03, 2013, 11:41 pm
Quote
This made me laugh because it seems sad for mac users to have something as simple as pgp be easier at the command line.  I really hate macs, they are alright now but I had to use them back when error restart bomb would pop up every 12 minutes.  Oh mac os how I hate you.  I don't mind using the command line but I rather a gui do it for me.

I love my Macs, and I refuse to use anything but for personal and IRL work use. I think doing your PGP and/or SR-related stuff on your personal machine is pretty stupid, though. Also, I don't really see how a GUI for PGP can possibly be any easier to use than the command line without sacrificing the "knowing what the fuck you're even doing" factor. Once you even marginally understand PGP, the gnupg command line is dead simple.
Title: Re: GPG Keychain Help
Post by: DoctorFate on June 04, 2013, 02:20 am
Quote
This made me laugh because it seems sad for mac users to have something as simple as pgp be easier at the command line.  I really hate macs, they are alright now but I had to use them back when error restart bomb would pop up every 12 minutes.  Oh mac os how I hate you.  I don't mind using the command line but I rather a gui do it for me.

I love my Macs, and I refuse to use anything but for personal and IRL work use. I think doing your PGP and/or SR-related stuff on your personal machine is pretty stupid, though. Also, I don't really see how a GUI for PGP can possibly be any easier to use than the command line without sacrificing the "knowing what the fuck you're even doing" factor. Once you even marginally understand PGP, the gnupg command line is dead simple.

@ abitpeckish   I can see the reasoning behind your choice, the command line can make some things much quicker and simpler for many tasks.    However, some of your post was a little uncalled for, isn't everyone is entitled to their own preferences? Judging someone for not doing the same as you seems wrong. If your way truly is the best way, then shouldn't you guide people there by providing a helping hand, instead of judging them as wrong?  I really hope you re-read what we've posted here today and think about what your response says about you, as a person.   Then think about how much more you could accomplish if you convey your opinions in a constructive way.  This world reflects the people on it, we create the world we live in with our words, actions and our lives, why can't we all just get along and create the wonderful world our society seems to want?  I wish I knew the answer...live long and prosper brother
Title: Re: GPG Keychain Help
Post by: abitpeckish on June 04, 2013, 03:38 am
I only mean to say that if you're doing illicit things in which your communications need to be secure/private, you should probably know a little bit about the methods you're using to make them so. If I come across as heavy-handed or not constructive, I apologize. It's not my intent. Perhaps I was reacting a bit to your "mac users" comment ;) Cheers, mate!
Title: Re: GPG Keychain Help
Post by: dabdiego on June 04, 2013, 07:58 am
Sorry, but I really am attempting to learn this stuff. I understand that I need to know how to use it, that's why I've posted asking for help. Unfortunately I don't think I am explaining myself well enough. I have my key generated, I am able to view all of the information on it including the short id, the key id, and the fingerprint. I guess my questions are this.

1) what forum do I use to actually message. There doesn't seem to be any place for me to write or copy/paste an encrypted message as I guess I assumed there would be. That's great, but that leaves me to wonder how I am able to input my encrypted message that has been sent to me.

2) I am having quite a go of it trying to figure out how to get my public key (the one that is pasted in my vendor profile) so that I may forward it to buyers. I have tried to export it to the key server but can't seem to find it there in subsequent searches.

Again sorry these are probably really dumb questions. I have never been good at this stuff but am very interested in learning as I don't see myself as having much else choice. Beyond that it really is interesting to me. I would really appreciate it if anyone else had any thoughts on what I might be missing.

Also for those worried about my safety, I am using a mac because it is my second computer that I have available to dedicate solely for this purpose. I am in the process of clearing everything off of it but am doing this while also attempting to put up a vendor page and gauge interest on the forums, it is a full time job to say the least.

Anyways, thanks again for any guidance you might be able to provide  :)
Title: Re: GPG Keychain Help
Post by: abitpeckish on June 04, 2013, 11:22 am
Sorry, but I really am attempting to learn this stuff. I understand that I need to know how to use it, that's why I've posted asking for help. Unfortunately I don't think I am explaining myself well enough. I have my key generated, I am able to view all of the information on it including the short id, the key id, and the fingerprint. I guess my questions are this.

You never need to apologize for not knowing something. Admitting that we don't know things is the path to learning :)

Quote
1) what forum do I use to actually message. There doesn't seem to be any place for me to write or copy/paste an encrypted message as I guess I assumed there would be. That's great, but that leaves me to wonder how I am able to input my encrypted message that has been sent to me.

http://dkn255hz262ypmii.onion/index.php?topic=30938.0

Quote
2) I am having quite a go of it trying to figure out how to get my public key (the one that is pasted in my vendor profile) so that I may forward it to buyers. I have tried to export it to the key server but can't seem to find it there in subsequent searches.

GnuPG Cheat Sheet: http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/ (Clearnet)

Quote
Again sorry these are probably really dumb questions. I have never been good at this stuff but am very interested in learning as I don't see myself as having much else choice. Beyond that it really is interesting to me. I would really appreciate it if anyone else had any thoughts on what I might be missing.

Not dumb at all. It's better to spend a little bit longer to understand what you're doing than to blindly follow instructions on faith in the intentions of whoever wrote them.

Quote
Also for those worried about my safety, I am using a mac because it is my second computer that I have available to dedicate solely for this purpose. I am in the process of clearing everything off of it but am doing this while also attempting to put up a vendor page and gauge interest on the forums, it is a full time job to say the least.

I'd recommend you either buy VMware Fusion[1] or at least install VirtualBox[2], and do all your privacy/security sensitive activities on a virtual machine in a user context that is encrypted.

Quote
Anyways, thanks again for any guidance you might be able to provide  :)

Good luck, and I hope we have been helpful.

---

[1] http://www.vmware.com/products/fusion/overview.html (Clearnet, $49)
[2] https://www.virtualbox.org/wiki/Downloads (Clearnet, Free)
Title: Re: GPG Keychain Help
Post by: connoisseur on June 05, 2013, 08:36 pm
Here is the open source wonder tool for Macs.


SimpleGPGEncrypt (v1.0), a simple frontend for gpgtools
gpgtools can be found at http://www.gpgtools.org

Easily encrypt some text with a public gpg key. Keys imported by SimpleGPGEncrypt are removed immediately after the encryption is done.

If you like SimpleGPGEncrypt, donate bitcoins: 19icDPHUVakLpZiy3BoQKHgq1RgMF6wNgh

Sourcecode and binary can be found at https://code.google.com/p/simplegpgencrypt/
Title: Re: GPG Keychain Help
Post by: dabdiego on June 09, 2013, 09:29 am
Hey connoisseur,

Thanks a bunch for your help! We more or less have it down, we just were missing a few things to begin with so none of it was working right.

Cheers,

Dabdiego