• How to use PGP for The Deep Web for beginners
    13 replies, posted
So before last week I didn't understand how PGP worked. After checking out about 5 tutorials and experimenting, I've figured it out. I'm surprised there isn't already a thread for this here. PGP is absolutely necessary for ordering from Silk Road. Most vendors require you send your address (and sometimes all messages) encrypted with PGP. [B]What is PGP? [/B] It stands for Pretty Good Privacy, and it's an encryption method used by millions to send secure messages/files/emails/etc. [B]How does it work?[/B] I could talk all day about cryptography (I'm actually a comp-sci major) but for this case, let's skip the specifics. Here's a general idea of how it works. [t]http://upload.wikimedia.org/wikipedia/commons/thumb/4/4d/PGP_diagram.svg/500px-PGP_diagram.svg.png[/t] [B]How secure is it?[/B] [QUOTE]US government agencies find it "nearly impossible" to access PGP-encrypted files. Additionally, a magistrate judge ruling on [a] case in November 2007 has stated that forcing the suspect to reveal his PGP passphrase would violate his Fifth Amendment rights i.e. a suspect's constitutional right not to incriminate himself[/QUOTE] Although the judge later ruled that the defendant must provide it, there is always plausible deniability. ("I don't remember my passphrase!") PGP is said to be among the most secure data encryption methods in the modern world. [B]How do I use it?[/B] Until recently, PGP was difficult for non-pros to use on Windows. However, in the recent years, several applications have come out which will help us encrypt/decrypt messages using PGP. [B]Where can I get it?[/B] There are several applications, but in this tutorial we'll be using GPG4win. Download link: [url]http://gpg4win.org/download.html[/url] Click this big button [t]http://i.imgur.com/DQz4zSY.png[/t] [B]Note![/B] During installation, make sure you check GPA for the selected features. [t]http://i.imgur.com/7bzvovX.png[/t] [B]How do I use it?[/B] GPG4win didn't give me any shortcuts on the desktop, and they didn't provide much documentation. Navigate to: [CODE]C:\Program Files (x86)\GNU\GnuPG[/CODE] And find "gpa.exe" Make a shortcut to this exe on your desktop, this will make things much easier for you. Open it up, and you should get something like this: [t]http://i.imgur.com/i4RVSJe.png[/t] Now, for some technical jargon that you need to know. Everybody who uses PGP has a "Public" and a "Private" key. Obviously, you share your public key, and keep private your private key. When sending a message, say to a vendor, you will need: -His public key (they usually post it on their profiles) -Your private/public keys. The message will be encrypted so that only the user who has the private key (matching the public key that you're sending to) can decrypt the message. [B]Creating your keys[/B] Under the "Keys" menu, click "New Key" [t]http://i.imgur.com/ipN5HqH.png[/t] [B]Enter a fake name[/B] Click Next [B]Enter a fake email[/B] Click Next If you'd like to create a a backup key (this is just a file that will contain your private/public keys) do so now. I chose not too since we can access all this stuff later. Enter a very long, very obscure passphrase. I suggest using symbols, letters, uppercase letters, and numbers. Store this passphrase somewhere and keep it just as private at your private key. You'll need this to decrypt messages sent to you. "Your key is being generated" You should now see your key in the list. [t]http://i.imgur.com/fi1L4TL.png[/t] [B]How (and why) do I import public keys?[/B] Before you can encrypt a message, you need to choose a recipient. Perhaps I want to send a message to this guy: [t]http://i.imgur.com/UhVtP4N.png[/t] If you scroll down on his account, you'll find his public key. Copy this and paste it into notepad. Be sure to include the beginning and ending dashes. Save this as a text file somewhere safe, in an encrypted drive or flash drive. Click Import [t]http://i.imgur.com/ExdzqBf.png[/t] If all goes well, you'll see this [t]http://i.imgur.com/9X9rxcL.png[/t] Otherwise, you might have copied/pasted it wrong, or perhaps the file was distorted somehow, try again. You should now see the vendor's key, along with his fake name and fake email, in your list. [B]How do I send the vendor a message?[/B] Click "Clipboard" [t]http://i.imgur.com/GKpMB6U.png[/t] Enter your message and click "Encrypt" [t]http://i.imgur.com/PnczoO5.png[/t] Find your recipient in the public key list, and select him. Then check the box that says "Sign" and select your key. [t]http://i.imgur.com/32YGBKD.png[/t] Click OK. I've noticed at this point sometimes GPG4Win will crash, so copy your message before clicking OK. A message box will ask you if you want to send a message to "XYZ" even though you can't confirm the key belongs to him, click "OK" or Continue Anyways, whichever option it is. Then it will ask you to enter your passphrase. Your message will be replaced with the encrypted text [t]http://i.imgur.com/88uC6Rp.png[/t] Copy and paste this encryted text into the message field on your Deep Web service of choice. [B]How do I decrypt messages sent to me?[/B] Sometimes the vendor will have a problem with your address or order, so he might send you an encrypted message. For him to do this, it's important you provide him your public key. You can send it to him in a message, or post it on your profile. You will get a similar encrypted block looking text like the one you sent him. To decrypt it, follow these steps. Paste your encrypted text into the Clipboard window. [t]http://i.imgur.com/MP9h3Wi.png[/t] Click Decrypt, it will ask for your passphrase. The encrypted text will be replaced with your plain text message. [t]http://i.imgur.com/uQfdqf4.png[/t] [B]End of thread[/B] Thanks for reading, and good luck.
I remember trying to learn this was a complete clusterfuck for me. Thanks for this cody I'm sure this'll help a lot of people [editline]9:41 PM[/editline] Still can't figure out how to do it on linux but Windows should be just fine right?
[QUOTE=iwork3daysaweek;43980130] Still can't figure out how to do it on linux[/QUOTE] Did you try man gpg (if you use GnuPG)?
If you use Chrome I recommend [URL="http://www.mailvelope.com/"]http://www.mailvelope.com/[/URL] [URL="http://www.mailvelope.com/help"]Step by Step Guide[/URL]
[QUOTE=FurrehFaux;43980352]Did you try man gpg (if you use GnuPG)?[/QUOTE] Yeah the problem isn't so much linux as it is me trying to decipher whatever the hell program I use. I'm fairly certain that yeah it's gpg and I decrypt things through thunderbird but the windows version is so much easier to navigate. But that's linux for you I guess. I'm no computer guy
[url]http://www.igolder.com/pgp/encryption/[/url] Great PGP online encryption tool. They also have a decryption tool.
[QUOTE=blehblehbleh;43981816][url]http://www.igolder.com/pgp/encryption/[/url] Great PGP online encryption tool. They also have a decryption tool.[/QUOTE] Be careful when using sites like these. Only use them when behind a proxy or on tor. You're essentially sending very sensitive information to an unsecure website. It's much safer to do these encryptions/decryptions locally
[QUOTE=cody8295;43982745]Be careful when using sites like these. Only use them when behind a proxy or on tor. You're essentially sending very sensitive information to an unsecure website. It's much safer to do these encryptions/decryptions locally[/QUOTE] True, this is more of an on-the-go type thing. Like if you're on a computer without PGP and you need to encrypt something there.
Thanks Cody, this really helped me understand.
If you use tails os on a USB flash drive it has everything you need to get started for the deep web.. Pgp, tor, i2p ready
[QUOTE=brianosaur;44022817]If you use tails os on a USB flash drive it has everything you need to get started for the deep web.. Pgp, tor, i2p ready[/QUOTE] = [editline]23rd February 2014[/editline] But you gotta boot into a new OS. With this you can just encrypt right on your fav os.
Can you send your public key as part of the encrypted message?
[QUOTE=oscarr;44024760]Can you send your public key as part of the encrypted message?[/QUOTE] Shipping message: [public key] [encrypted message]
[QUOTE=cody8295;44024355]= [editline]23rd February 2014[/editline] But you gotta boot into a new OS. With this you can just encrypt right on your fav os.[/QUOTE] Yeah of course, just saying for the linux guy though above. Its also really different for mac, but for mac I believe once you get set up its real easy. Everything you need to sign, encrypt, decrypt, import key, paste public key is all in the right click menu. The trick for mac is that you have to go into your services settings and allow all pgp services, after you install gpgtools.
Sorry, you need to Log In to post a reply to this thread.