Silk Road forums

Discussion => Security => Topic started by: JHGfIuiyfFTR54636 on April 28, 2012, 10:31 pm

Title: Determining the legitness of someone elses pubic key
Post by: JHGfIuiyfFTR54636 on April 28, 2012, 10:31 pm
How can you firgure out if somebodies public key is legit or not?
Title: Re: Determining the legitness of someone elses pubic key
Post by: PokerLotto on April 29, 2012, 12:29 am
If it's a vendor, they probably have it listed on their userpage. Or someone may have posted it in the forums.

Load their public key into GPG or a similar program. Then ask them to make a signed message. Then use GPG to verify the message. This shows they control the public and private keypair.

Or use their public key to send them a secret message. Then have them tell you what the secret message was. This shows they control the public and private keypair.

If you don't know how to use GPG, see this guide for Windows (and make sure to install GPA when you install GPG4Win):
http://p3lr4cdm3pv4plyj.onion/guides/shepj.html