Silk Road forums
Discussion => Security => Topic started by: MacMan on March 19, 2012, 06:45 pm
-
So i think im finally getting the hang of this but want to clear some stuff up that i am not sure about.
I just figured out how to decrypt and encrypt messeges, but am unsure how i should go about including my public key. Im running PortablePGP. Do i type my messege then paste my public key after it? Or when i hit encrypt does it the program include it? Or do i encrypt my messege, paste in the email and then paste my public key under it?
And what does it mean to "sign" and "verify" in PGP?
Also could someone help me run a test to see if i am doing this correctly?
Sorry for the stupid questions, i just wanna get this right! And thanks for any help!
-
Wr3tch3d helped me out with this earlier.
"save a file on notepad/text with vendors public key in file, then import that file into your pgp client. then create a file called message.txt (or something similar) type your message into that file, and select encrypt in your pgp client."
"during the encryption stage, there will be a text output or ASCII output option. that is what formats the output file to give a message like the one I sent you. then you paste that instead of attaching the file."
"make sure you use the text output option so you can copy/paste the text from the resulting file into a PM instead of having to attach the file."
" select that file, and follow the prompts to select my key. once you finish, open the new file that was created (i.e. message.txt.gpg) copy the cyphertext from that file,"
-
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
And what does it mean to "sign" and "verify" in PGP?
it is a message like this one. if you have my public key, you can verify that this message came from the real ME by running the verify command with your pgp client. if someone has changed the text of the message, it will not verify.
wretched
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk9n06MACgkQaD4th2p6A7IOtwCfWWv4rQmi1zmVmPYcrw6XmPA8
2MkAoLI1qBibFdmvbkeW7UNMGpMNteoy
=04Vc
-----END PGP SIGNATURE-----
-
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
And what does it mean to "sign" and "verify" in PGP?
it is a message like this one. if you have my public key, you can verify that this message came from the real ME by running the verify command with your pgp client. if someone has changed the text of the message, it will not verify. this time I changed the text without re-signing the message, so this one will not verify, but the first one will.
wretched
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk9n06MACgkQaD4th2p6A7IOtwCfWWv4rQmi1zmVmPYcrw6XmPA8
2MkAoLI1qBibFdmvbkeW7UNMGpMNteoy
=04Vc
-----END PGP SIGNATURE-----