Silk Road forums
Discussion => Security => Topic started by: 681227 on April 23, 2012, 07:32 pm
-
I've seen a lot of people who are completely baffled about GPG encryption, so I thought I'd take a shot at helping them with this tutorial.
GPG is a very powerful tool for secure communication. It's based on asymmetric encryption, which means that every person using it has a private and a public key. (Yes, this means you too). Using these keys, you'll encrypt and decrypt messages.
So what's the difference between these keys? Well,
The *public key* is completely public. Share it to people who you want to communicate with: they'll encrypt any messages to you with your public key.
The *private key* is your own secret key. Don't share it with anyone. You'll decrypt any messages sent to you with it.
So for example:
Person A sends person B a message. Person A needs person B's public key. (Public keys are often found in people's profiles). They encrypt their message using B's public key.
B receives this message. It looks like a bunch of gibberish, but no worries: they just paste it into a GPG tool and after entering their private key's password, it (hopefully) turns into readable English!
So in summary: give people your public key. This way they can send you encrypted messages. Your private key is used to decrypt messages sent to your public key. When you want to send messages to others, the same thing applies: you need their public key.
--
So how does GPG work in practice? Well, install GnuPG and open up GPA (GNU Privacy Assistant). This tool does it all for you: it lets you generate a key for yourself and encrypt/decrypt messages.
## Creating a key ##
1. Go to Keys -> New key
2. Set the Algorithm to RSA and the key size to the biggest option available
3. Set the name to your username (normally you would use your real name, but needless to say you're going to want to more privacy here)
4. Set the email to something fake, for example your username at your username dot your username
5. Press OK: GPA will ask you for a passphrase for the key. Use a strong password: for example, a long sentence with numbers and special symbols in it. DON'T FORGET IT, or you will not be able to decrypt any messages sent to that key.
## Sharing your key ##
1. Your key will now show up in the GPA list. Right click and click "Copy".
2. The public key is now in your clipboard. it's wrapped by a "-----BEGIN PGP PUBLIC KEY BLOCK-----" piece of text. For example, here's mine:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.17 (MingW32)
mQINBE+UJj0BEAC793PdPq1bKUwCSLxcLhqCp8MVnaJphsEI0DycergmBxaZEW8X
v7EpPV2v13Q55ZqgwOqDv5DAX3w3zjihU+M++DcfLJ8eSaQBAoA5Uj6yp31LnPVQ
6HIWIo8HMgAQQzyCF0DAmxAktR7tky1Oxg9qZH2q0SO3szyTa//YISVqN0C83tJn
u5mHCNxiqTz1p3uyRWqj30vCaGr6rx+rMmbmLs4agJA+5lYOZDks10FyvoCNqDE6
F3Cq1OgP8AV24vYqi5Ohewbzq4AIOLCOBAExB4gjAmBWa1GfWF9t6xAHX+fyXya+
Vnq3TfZRAB5KszDm5zEgOH0mOCvKX3CiZPNj2U6wMMhjFGxAGwoqWqrktJSMcZMj
F8TSALl63vRN3kTlQRxwuNWgjHSg2m8G92A+7VMkqrKzUc6nKV3566GbSOEOO2B7
slabB32u2Zi0hAoJfAHc5Drx7dBJyD7wGxFcD913ZSAE55G9VnqkMuSW/pTG70nd
nfn9gWKwTVS6XqIwy9XB5gdG1ZjP43kph3A1SoU0BX3Nd9SYgu5WJPwZcfqA128I
YUW1S9N/yjGk/zals1x5gz2VvLE+MvB/DagPOWKHSQF2I/vcp5/tz/y/TbeT55/n
7DlxtOp19JQ27WPAkDJSiVYhO4k3kLo+OREMLVX7pxYI8rX17A51yi2AtwARAQAB
tDJTaXggRWlnaHQgT25lIFR3byBUd28gU2V2ZW4gPDY4MTIyN0A2ODEyMjcuNjgx
MjI3PokCOAQTAQIAIgUCT5QmPQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
CgkQUInALLWiWwvRjg//ZdLEjwa1rzdWS6XisEtdVG2NWMWMFdenYVwCw/CzERB2
Cwco6DhDjNSVFEov9vBbhO8BSb1sXrZ7Xpuh8VecRRh1r2Kppg6xc1ZLK8ImA+b8
crQQPaezlZ8Kcd28Hn/dsqnAqZF4gotTlsVz4HX7dfka8V9zBQ2hhDZJozxRCXMI
vs/KYuXXYqcuQbOBLSk2P336GHpzphLq8EfObF2WIg+19hogq9qcfIOUVFwF0iBA
ixAZIPgRxG0mFZA9J/HEyrPdfm+WutIURKonEWhL/NxeSHSsKXsAQZWIkD8Lnuoz
TiZogpmzclyBgWtnntLTsYgh4fg6yJgpdgw9qFkD8FE7WPirF6h+p5M1AXmKF4Ki
RhwHHpJt0CGMZ1wjJk1tweIVdJ+CYBkJE3sUMcZlEBIan7t6arQiD7ZQK5TfpSQ6
Dqn3TyyttXzJMGo9rNSPhDouMZ0gBD41IDSct9i2SWnqkXlx20d3UHeD5i3a8SXZ
W1ZXxXa86P+SRFDMw6EG0aPB69e6ufGiegq6VWNmTzK5hPb+fWdpd2WINfxPN+QN
1IwS8dqpvNhimF/3qPu0KNZIwLA+RZXNKiM0HSjHsP+QxtfsQwwwQ6ZjA4Aqj5ap
EeVyjWL0vSeCo+U2Et2jYpREleIQLOhRtY02ij0SyRTgy1IOorw8wCVUvg0nfCG5
Ag0ET5QmPQEQANWFt6VnrLJHRu8me427auvOs2Bg1HHWLR9tfP5qwo9yLYpye+ke
oKSF3M9FkX/05jMCE+PhiCPHjiEFNWq9WfzmW2208P4c4TbEOdKKsKWhNZ0l3u0V
lFN5cUBTer+gqPro/NETftwVq1OK1OATAQxk3wtBQZS2r4PXkP1qo9x8SGrc5L/A
t0dYl52vzBaftVvO65jSj36MlL9AnZOmQcGeUIGBqZcA6pVmP58VLEWnHuH9A7MA
FKetBPRYcmWZVq11hCY9OI0LFqLFV6BErFp1ksIPI9T9rFYogmFDx3/BuheOK/Xl
5hFVMAEaLVaHr9a816uYrFVOboUBDg+68ht7TxaRmt+0sEHroDb9ZL97xcZI75JB
ZUpw9bVb2oOx89Og3S7gfASLiKb5uvdTQZahpw5WM4uUcmb/UQo//m8HN335E5el
O+6USasziakMZAB6SIfRyOZKC4864xgg+jVMjX/5Qh7VqF8/bMd+MjxprY6Wrdvx
uv5d80Lfs4k8r5vifdpejcNYFED8joe3alqoBPsHCxoU2904GhX2KwArSYmFzMuE
fkuCvjwLYjULVnufWRAdaD+EVdzW8bZFCiXDZDEGAirzF8RMs2KtaLmRYoF6xoss
4SZMVYcM+6snbeoeI/t3q5IhNclczHKaFFta5LcVJicmhDY7lSGaW7J7ABEBAAGJ
Ah8EGAECAAkFAk+UJj0CGwwACgkQUInALLWiWwuy1A/9E81G+sBnX2WvhmHb7sa5
CnZrCbWJ+7tiejPkoONP/sxdv7/yRNPSYQgAbb3Vbi6mDhYIU3k/yA0c1bvm2jO+
ETCOv/tmOZTaXepKeYePAHDdXa0d/VXMFOkdFp658KsjrqeZ8lWaK7dwMgawKpZK
xN+FyVUaslMyXYK0e5mvjMw9unTuyB349z3Q5XR6Y36I+Mr4l7uEQ5MD9O4zqC7G
5d+Pu1QTrreXzpR4OHPH+GMBDKYhZ4aNduXJqXQ50VYPMHlnd+J42IJqFqCV3Js6
5pE/T7M+7n1K9jThzD29mqPWkykxPOkYnSbq9FY8U/VoyP83JCZCcCeyTwvi9dRD
DIG01wlk/9wQqW+rvjLTsLV2fcsjWgfoVk9oOpvyFIkNs/9bTyZnCCuOwRTrPgod
12IZJw8KVeqwZLFm4D98gcbS9SQFvsS42yBzayM86kObCe3BJglNVH3ZqNi8jOuA
aTa+PmqxbtlvjYauRfrquBYrgCedq8ADvgAAlUMd80SaKXumoKT0yGbJLhmOGhkS
aL8BsVAAupbyDgtqKRDQiJPYwj2oMekaPC+8hH38q+5GAAZIZZmyb/mELFKQ9YxE
UivKfybuWQE9Nog/7bpR9lQ5U2Lg6aQIY6QjtAfSEo9SPRvleBYHH/FWrq4MQyZf
BXFzCsOZoWEBB/TPbUn502Q=
=kubw
-----END PGP PUBLIC KEY BLOCK-----
(that's a long fucker!)
3. Put it on your profile and post it to the forums (http://dkn255hz262ypmii.onion/index.php?topic=174.0). Make sure to not to mess with the formatting or characters.
Now anyone who wishes to correspond with you securely can take that key and encrypt messages to you with it.
## Decrypting messages ##
Someone sends you a message - and it's just a bunch of strange characters and other nonsense!
An example of a GPG message:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.17 (MingW32)
hQGMA/gcc9JG/83sAQv/dhvIGS7W/zclXrEJ7yeg0mentZSjax4h0a9Y/6semsZ2
E/XSTihbq1AolkVuSKuWO8IxZXvVHyOof57upxhAzD5uyyQf8xsB5qKC0fl73hzJ
l/mUG/OgfeuaJTGdRd5STtrNc71jbowYqwPZDUpFIEk3FYqEzllilBsuOg+DwOaM
SpEneY+rSnVGalYqN/F/A+OOHDgAdoYUw6eEhhailVYjSL1GCljCrbV+auZ7n1r9
AqMbxNr003HObBTWtEuCQNZBQhmNFWTGMpZmRtPDxq/QrhFpbg/9/i6sVfTg5p4Y
4bN296awKY32BIPsfJZq4lr0/U7fWNUNueuvTtGoGjZlVWWmKp904TiYtnLQo6Ib
SYwvucPYGWZLML40Kwd24QYCsNXYJICkpxGXDS24jQaNIS03Gf3ABDnBZiFR0+26
7tVas31GtzSiCkKhKvQs9uSUimIIxGXriAUMCtMv7c4JTfUOKIIf9cBZ+gXyCe8D
0VOOLbkkwVMQl4xh/HS30jwBNW8Kb9sZ6XNmeE1TiWzfhB+o0SUwh/akNY89Q0TR
3Jt8KB2jN7rLB4oEr285+90mlQZvve3aU2VuRok=
=RG5S
-----END PGP MESSAGE-----
Decrypting this message in GPA is simple. Click the "Clipboard" option in the top bar of GPA and a new window will pop up.
1. Copy that whole message and paste it to this window
2. Click "Decrypt". GPA will ask you for your key password.
3. The real message will appear!
Insanely simple.
## Encrypting messages ##
So you want to write a reply. You should encrypt it using the sender's public key.
Where can we find their key? Well, maybe they attached it to their message: look for one of those "---- BEGIN PGP PUBLIC KEY BLOCK ----" things. If it's not in the message, check their profile. If it's not there, tell them about this tutorial.
So you've found the key. Copy it (completely!) and open the GPA application. In the keys view (where you can see your own key), just press CTRL + V and it will automatically import their key. You should now see it in the list along with your key.
Writing a message to them is now simple (and you don't need to repeat the above step since you already have their key saved):
1. Open the Clipboard page again
2. Type your message
3. Press "Encrypt"
4. Choose the recipient's key from the popup list (make sure to pick the right one!)
5. The text you typed will turn into a bunch of gibberish. Copy and paste this to your message.
6. Send!
The recipient can now follow the steps above to read the message. That's how simple it is!
## Trying this all out ##
You can try out GPG with an online bot located here (http://p3lr4cdm3pv4plyj.onion/test.php). Read the steps above for help: that page contains the public key of the bot. Use it to write an encrypted message to it and it'll tell you its contents.
-
Thank You For This! This is a lot simpler than most of the other threads about using GPG. I should have realized that using GPG didn't require a mail plug in. You can just cut and paste to encrypt/decrypt. DUH. This will make my life 100 time easier. Thanks.
p.s. if I knew how to give Karma I'd throw you some good karma. I'm still learning the ropes around here.
-
Decrypting this message in GPA is simple. Click the "Clipboard" option in the top bar of GPA and a new window will pop up.
1. Copy that whole message and paste it to this window
2. Click "Decrypt". GPA will ask you for your key password.
3. The real message will appear!
This is the part I'm stuck on. When I hit "decrypt" I get a message saying "Clipboard contained no OpenPGP data". I'm not sure how I find/use the seller's key? When I try to copy that big message, and control-v into the key manager, it tells me "No keys were found"
Damn I'm confused!
-
Thank you Guru!
I think I got it. I copied your PGP key (I wasn't including the dashes and 'BEGIN' message) and pasted into GNU and it came up.
So, let's say I wanted to send you an encrypted message on SR. Would I then put a message on my clipboard using your key, such as this?
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.17 (MingW32)
hQEMA1tw1XB0vD7JAQf+LakHkmWEpNzDTXgVfMTtRV2Pk1ET6/SFoIjRLysjmpXF
WMtLivn6LOwELGK6aJyzjCaC4CPDoTN4EYKxeLAzdlVHiWlyJ/RuV4cemt5iwZqf
SfGLLyE/r/xCwwosQ6cAVgIjRcWMppVO8+ngngh9vpGxjp/AWFwKS+kG8kSQW9rb
qAtFwaEImQsMsAYCnLGqckIZbmclkGR34F1zt05LpaExhPF1JdAe+m/euzld8Peg
fhCTvnx2GRR0lLeRAnWoPG7z3Kj03fCYfmsoUvVjjDYdOd86GeU1sUdo1ChkNOfq
JPZCwYZhjFRVJJ/2ULD/EPZBRBJM+MK/pO6qm0sIbNJIAeapTF66xGsQqw0YZSte
noVLIhFbHak6fkVKV9IOKk94Csb+/BIVEyZ1Rh5yVUIqjBGST5BgoMLdl0v2KlzT
v5rhvTu+DruB
=L2ut
-----END PGP MESSAGE-----
Do I include my PGP key in there as well? Thanks so much. I know I seem like an idiot, but want to make sure I'm doing this all right.