Deep Dot Web Surfacing The News From The DeepWeb
Tutorial for Gpg4Win using Kleopatra can be found here.
We found a great tutorial posted on reddit today about how to stay safe and use PGP.
The link to the original article is this: http://www.reddit.com/r/DarkNetMarkets/comments/1qdzl8/guide_pgp_4_n00bz/
All the credit for the tutorial goes out to this reddit user: BenZoThr0w – http://www.reddit.com/user/BenZoThr0w
All we did is to embed the images inside the tutorial for easier access & of course post it here to spread this important information.
=====
The goal here today is to try and educate n00bZ on what PGP is, how to install GPA, I’m making the guide because I educated myself on PGP and it took awhile for me to understand it. So here is a picture guide to installing and creating a PGP key to encrypt and de-crypt messages.
=== BACKGROUND of PGP ===
Basically, each individual has a unique PGP key. In the program GPA, you import peoples unique key to your list of keys. When you go to write a PGP message, you type it normally in the clipboard { you’l learn about the clipboard later, it’s your friend } and then press an encrypt button, which then lets you pick from your unique list of keys to encrypt to, where ONLY that person can read it. [ this is why people give their public keys out, so anyone can encrypt them a message ] === THE STEPS ===
– Step One –
Okay, so first things first, let’s get a PGP program. One of the most popular is GPA. Head over to this link to download gpg4win which includes GPA {you can see a list of the programs gpg4win contains to the left of the download page, GPA is one of them}
Download: http://gpg4win.org/download.html
IMPORTANT !!!!!!! ***********************
When installing gpg4win you get the option to install which programs you want from the package. By default, GPA is not checked. MAKE SURE YOU CHECK GPA! You need it in order to easily encrypt and decrypt messages. This is what it looks like during the installation:
Next, you want to make a PGP key. Remember, none of the details need to be valid. I’d use your online name or a different alias when making your key. Something that isn’t your gamertag for online games, or anything that may tie to you. A completely new alias. The e-mail doesn’t need to be valid at all. Here are some pictures to help you through the process. Also make a backup of your key!!!
First, click the keys in the menu at the top. Alternatively, you can click CTRL+N to begin the process of creating a key. Shown here:
You will go through a set up, where you make a name for your key, which I suggest you use an alias. Shown here:
After selecting your alias it asks for an e-mail adress. This e-mail should be non existent, and be linked to a website that also doesn’t exist. Shown here:
Then you’re asked to make a backup of your key. I highly suggest you do this! Although you can make a back up at any time, you should just do it now. This is where your public key will be that you give to others to contact you. Shown here:
– Step 2 – Find Your Key –
Find where you put the back up of your key. It will be an .asc file but no worries, when asked to open the file just tell windows or whatever OS to open it using Notepad. Here you will find a public key similar to this.
When sharing your key with others, you wan’t to copy and paste from the beginning dashes to the end dashes. Exactly how I have copied and pasted above.
— HOW TO IMPORT SOMEONE ELSES PGP KEY TO YOUR GPA PROGRAMS —
You see people giving their public keys away so others can contact them. Simply open a notepad file, copy and paste their key and import it using the GPA program. I will show you how to do this.
First make a blank text file and copy the users pubic key to it. Shown here:
Then, in the Keys menu where you made your key, select import keys. Shown here:
Select the Text file you saved with the public key in it. Shown here:
Then you should get this if the key was successfully imported:
Now, lets send an encrypted message.
First, open the clipboard. You can get there through the Windows menu or through the clipboard icon on the quickbar. Shown here:
Then after opening clipboard type the message you’d like to send and select encrypt at the top of the clipboard window. Shown here
When you press encrypt, you are given a menu shown below. In this menu you select what key you’re using to send the message, and what key is going to be receiving the message. I chose to send the fake account used to make this tutorial a message with my personal account. Here’s what that menu looks like:
After you select who’s sending and who’s receiving you should get an encrypted message that looks like this:
This encrypted message is what you send instead of cleartext. So when messaging on websites, simply paste the PGP message. If you receive a PGP message, you can also use the clipboard to decrypt the message you have received by opening the clipboard, pasting the PGP message you got, and then pressing the decrypt button, shown here:
That about sums it up. I hope that people with questions on PGP and how it’s used can be solved here, as I tried to make the tutorial as noob as possible. Please be safe when communicating confidential or sensitive information on websites. Always PGP. Never FE. Be safe people. If you have questions, comment, and I’ll try my best to answer them.
=====
Hope this helps.
when encrypting i sometimes decrypt to check and it will say no valid data
I get the same message. Did you find any info you could share?
You can’t decrypt the message, that’s the entire point. ONLY the vendor’s PRIVATE key can decrypt this message.
I get that error when receiving a private message from a vendor. I gave them my public key, but when I tried to decrypt their reply it said that “”Clipboard” contained no valid encrypted data.”
To decrypt a message, you need the other person’s public key. This can usually be found on their profile of whatever website or super secret message board you’re a part of.
To lay it out simple.
To encrypt:
1) type message
2) encrypt it using an imported public key of the person you are sending to
3) SIGN IT (makes it secure) with your private key
4) you can never decrypt it, only the person whose public key you encrypted it with can decrypt it
———–
To decrypt:
1) paste encrypted message and encrypted signature
2) select their public key as well as your private key
3) view the message
hello … first of all a nice tutorial, congratulations. I wanted to ask a question.
– I followed perfectly the tutorial, I created a second true e-mail on ‘outlook’ the same that I have sent you here. Then, after the back-up of the keyword on the desktop and on the usb , file is not me marks on the desktop or usb , that is, I can not see the key to the desktop, because it does not come out of it, but on gpa, finds files, strange. How so?
it was happening the same shit to me. just copy the URL where the document have been saved (on the GPA program at the backup option) and paste it on the URL space in a random window. you will find it then and backup properly.
Namaste
so when i send an encrypted message do i also have to send my public key with it or do they already have my public key to reply back?
After I had imported the key, it said 1 public key read and 1 public key imported and the rest were 0’s. Does that mean it did not import correctly?
Yes, This is fine
its fine but go back on yourself double check
gpg4usb might be a better choice for someone new to PGP as it is less complicated to use and is portable.
If you are serious about PGP you need to protect your private key by encrypting your computer or using gpg4usb from inside a Truecrypt container.
gpg4win is known to create broken or flawed keys, I can’t believe this is been recommended. Have a look at the security thread on SR2 forums Nightcrawler explains it better than I ever could. It also doesn’t use encrypted sub keys. GPG4USB is a much better and as easy to use system
Also it is usually set to 2048 as default but these are not too secure these days and 4096 is as high as that program will allow so obviously set your key to 4096 bits when creating it
How do I import my backed up private key.
It is in a .asc format?
Open it with note pad or a text editor to see the key for copy/paste bavk ups but a .asc file would be better to use as a back up, its what the client will be looking for.
Go to Key Management the import key and it will import a .asc file but it might have problems with a text file and some GPG clients don’t have an editor to paste and import the key from.
Try GPG4USB, if you look in the forum theres a good post as to why you should use GPG4USB or WinPT(Windows privacy tray) they are what I use on windows and I use kgpg and GPG4USB on linux and APG, OpenKeyChain, GnuPG installed on my android phone, I can even encrypt txt messages to the guy I get my weed from.
In JollyRoger’s security thread it talks about using tails and livebox. Is that not necessary then?
Its more secured but its not a must of course
But TAILS really should be use, it leaves no trace on your laptop what so ever. Its an amazing tool, I don’t go near Tor with out it and was nervous using it at first. But normal linux should be OK depending on what your doing. I use windows so TAILS then is a much better idea. I was watching a video not so long ago and all anyone needs is 10% of Tor’s exit nodes to listen to Tor and try figure out whats going on. It was a youtube video so if I’m wrong its probably that far off.
I am still a little unclear. When you have someone else public key and you send them an encrypted message do you also paste in your public key and encrypt it all and then send it?
Yes – only if you want them to be able to encrypt a message back to you with your key, you should add it to your message before encrypting it with his key.
Thank you. I am new at PGP and this detail is left out of all the guides that I have read. I could not determine if I should encrypt my public PGP with the recipients public PGP, or if I should just send my public PGP to them unencrypted.
You can send it unencrypted to the recipient or encrypt it with HIS public key.
if you encrypt your public address they have no way to use it to decrypt your message
You want to use the receiving parties public key to encrypt the message you send. If you happen to put your own key in there then it will only be read by the person who can decrypt it with their private key.
NEVER EVER send your private key to anyone!!!
so what is the difference between your private key and your public key. What is the different uses for both of them.
Thanks
The public key is what you give to others so they use your public key to ENCRYPT messages for you. The private key is for you and for you ONLY and you will use it to DECRYPT messages that have been encrypted with your public key.
Messages that have been encrypted with a public key can only be decrypted with the private key related to exactly this public key.
So in short: Your public key is used by others to encrypt messages for you and your private key is used by you to decrypt messages for you.
Another usage for your private key is you can encrypt your message with it, so someone can decrypt it with your public key and know the message is really sent by you. That’s (cryptographic) electronic signature for you. It won’t stop anyone knowing your public key from reading your message so you may still want to encrypt it with the recipient’s public key.
I can’t decrypt a public key i alwys get an error message?
There is any way to put a PGP public/secret key in QR Code form?
Just to hand it down to people you trust or keep it in paper format easy to reload on a computer.
Great article, thanks. I made use of this immediately. One suggestion. You might want to fix the sentence directly above your 7th screenshot that makes reference to a PUBIC key. I got a chuckle out of that. Cheers!
Amazing guide….you have saved me from smashing one of my computers in frustration…
Once you understand it it really is as easy as pie.
Big thanks for reposting this mate!!!!!
Everytime I try to import a key it is telling me no key found but it is all there where i copied it and pasted it into a notepad and saved that. I have uninstalled and reinstalled the program and nothing. I just need to send 2 or 3 messages quick and need help thanks.
Gpa will not work for me, it doesn’t like my laptop.
The only one that works is ppgp, but when I enter my key into silkroad it says it is invalid.
Is there any way to use silk road without a pgp?
And if not is there an alternative?
It is possible to encrypt file using private key?
if yes then please give sample code
where do I find my public key to post on the pgp program mentioned, I cant seem to figure it out. I followed the whole encryption decryption thing but i cant find my public key like ones posted on vendor sites
click on the key in your PGP client to pick witch one you want, then right click and go to properties, you should get a prompt to export your public key or paste to clip board, you can copy it straight from your clip board.
Try GPG4USB(GPG is a open source/GNU PGP) its much easier to use and more secure, there are threads on silkroad that warn people not to use PGP4Win and its written by people with a lot more experience than me, pgp4win is also closed source American company so most likely has a back door GPG4USB is German and open source so people can check to make sure theres no backdoor.
I’ve no idea why this is being used as a guide for new users, its a bad idea to use American closed source products for security against mostly US LE
I’m still uncertain of how to add a message once I encrypt a key. I did everything the guide says. I’m trying to send my physical home address to someone, but I need to encrypt it first. (Which I just did thanks to this guide) Where do I actually type in my address? I’ve already pasted their PGP in the GPA and encrypted it. But where do I go from here?
I’m sorry but where do I actually type in the message I want to send? Not my key or their key, but that actual message (My home physical address) The site I’m on is requesting I encrypt it before I give it to place an order. I’ve followed all the steps so far.
Seth – type the message in the clipboard, when you’re done typing select their key and hit Encrypt (assuming hopefully you’ve imported their public key).
Hi when I try to run GPA after installation I get this message.
The procedure entry point rand_e could not be located in the dynamc link library msvcrt.dll.
how do I get over that?
Help will be appreciated
Thanks
cant we just use hushmail this is sum super dupper fbi shit it guna take me yearscto learn this im dyslexic also this is why i loved topix as silk road gonecfor good now then just agora and atlantis left ioo givevthis actry ohhh csn this be done on samsung tablet
Hushmail? Sure, go ahead and use Hushmail if you want to end up in jail. In 2007, the DEA, in “Operation Raw Deal” got 100,000 DECRYPTED emails from Hushmail. There were quite a few busts from this operation.
A few years later, in 2010, Hushmail was forced to turn over the decrypted emails belonging to the people running The Farmer’s Market. They were all busted as well.
Wanna go to jail? Use Hushmail!
Hi,
thanks for this tuto.
Anyone know an equivalent for mac?
Help! I cannont open re Step 2 – Find Your Key –
Find where you put the back up of your key. It will be an .asc file but no worries, when asked to open the file just tell windows or whatever OS to open it using Notepad. Here you will find a public key similar to this.
Ugh i must be dumb not having much luck with this tutorial
Just a few questions that are troubling me. Where do I see or find my private key? Do I actually need to type it in to decrypt messages or just press the button. Also how do I know what level of encryption my key is, I dont remember what I chose when generating key. I heard 4096 bits is better than 2048. Also how to I encrypt my computer to make things safer? I am using GPA but also have kleopatra installed.
Here is my public key. Thanks a lot in advance.
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v2
mQENBFTAML4BCAC6aaaK31Pm06u9utT7AF9T96yATq8721d94a0e7ekKow/fXn/5
npUYu+YdOOa7n+VEWNfSqaRDKaK3jNMSgjSJXdk4o8HRlw/+zarAwC2XmZESYqZu
SKEp6PYfFpJifYrlkiFtzVmEoxFql91mqO9dN9lTRtp20opRbR/aOL3EFXTGRq+P
YDMUH//dQk+RZHZNSPGRuW+9jaX8wr+fYfJEZj2im5UNYJxinQjEfUmlemvLAeOG
0BTBI+kINc+CeJ/b3x6xF3Vm1Ctdu3zP8QpKmafnoOG8hM4IpEmgI/RS77Se++EB
avmpIMeHp6mAPRi1om+c5ghp8+ZIankmlK9DABEBAAG0LEVsbTNyIDBtM3IwIDx0
aDRnMGRmNDdoM3JpbnhAZmFpcnNhdmlvci5jb20+iQE5BBMBAgAjBQJUwDC+AhsD
BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQqd2wJRrzpTKr7Qf8DXDs388O
fbz7NkdJza17ge0kQrfGJXjvmRbFd1CP9WG3rCgOBCGK+3zd0OBFcVwilgJ90itF
n6FEjSvI/WsAVenuK2Kficrl5RTRI7i5JxM1jcoLppQGkeUKMyOCYC9C9LXRJ8uY
ZfAT2PtctSo2qMRSI+dVM5vPt+JsvHVlDyekyeAFrKJ31kfw8JGsJ5L2uD1ak4c0
COrIpQ4L0fs/oFCY5E0jRxZ13ukWITyVTJYInj3O1CyfJ6WfmP0EimH6wo1QycqJ
0MYYOgLpGgcXjRKHXG+xBR3Yh5vpe7zDyGvkGLlEWFheZhTkS+HMll7q7pULpRg0
4Yl7zsOW0UMg9bkBDQRUwDC+AQgA4GHlf4IvJi9b7SAn6JG07LbzlsbsgJ/6b+n4
Xg5zXRi+jU6J+Woa2hdO1GQ60CTC99vm2cvCK2wpaZToi8q8rC9dgNVWap07BQRw
j7phqkkd645FcbhWzr6RV4c7MU/0UxSeN2fRyGuh94Te4BnoQxbK+0ScUTPl4mpJ
BFPlOyxQRLB5V+pYkR/hiOIoyR9QmvyW4RIMZKWIypAuZ+jkSf8Hocm+TN40dXQv
K2GGG4pk1Tp1rbWW5Z2dDh37c/bduNgthfwfm40CDzPBhkgTZf+5dKziZZRb8rcw
XcVVVGjJRT27EtsDdgPH7zCS1q8dkT8UjsVe4Rb2GkA7EiTnmQARAQABiQEfBBgB
AgAJBQJUwDC+AhsMAAoJEKndsCUa86UyTLgH/ivjbSTBvNThUJky+EV1o/tNL3f1
kdF/iOBQ2EM4kFh1D3UCJavTrq4X4Q+Jed3bJh1Z/D2rg8CLAApURJm6wB3zhNJk
4fq/dDY/e4EOkOtHzZviB3Vveh+vdZeOUsAAlfq/13UsDA/fVY4F5ygBIRC4z23S
p2BIvejCys72skNG/X8ElnwdnVnSXK3UIVbqPlY1sU0gX126zHmKdVxZI1rnMXyH
ets8DYIrEGdHt0VObRAbG3z39LUoy3u1wcehFtncAQwEW5rVgvzF0vIMIIkYmKAn
GhoeXHCFlreuxKqUnyHsPexIPYA4m5DfjO+hXi060Zzjuzi9Io6q1lZfABE=
=WgDm
—–END PGP PUBLIC KEY BLOCK—–
I have my mail on my mac set up for my school email already. I downloaded the software and when i installed it tried to use my school email EEK. help?
I forgot or can’t find my pgp passcode for the keys I created several months ago. What do I do?
I can’t copy and paste my public key. Whenever I got o sign up at grams it does not copy correctly (there are gaps between the lines) so I cant sign up. Any ideas?
How do you know if you’ve received mail. Also , when sending mail, isn’t the first portion the sender and the second bottom portion the recipient?
Thanks
I was wondering if you could clarify something. In order to encrypt, there is the upper section called “GNU PRIVACY Assistant – Encrpyt Documents. It has the list of yours and any imported persons public keys.
The lower section has a box “sign” that can be selected and the lower list only includes your own name but not imported names of others public keys only.
What is sign?
If I’m encrypting to send to someone imported, do I select them in the upper list/box and then select sign and pick my name as the sender?
Does that make sense?
What if the person says “use this specific key”. How do I do that? Like, if I am buying something and the vendor states that you need to use this key for your address? So confused.
i will pay someone $25 to decrypt a pgp message for me. The message was written with GnuPG v2.
hi denise,
Decrypting a pgp message requires that you are in possession of the corresponding private key. If not, there is only left the possibility of bruteforcing the key, which is only realistic with not too long, weak passwords.
If that is what you intend, I can give it a try. Write a pm or an email or use my i2p-bote-adress [yes, it is that long]:
qwOezLsOvVHS0imnsMqLt1iWvGPqVc6q3HpqR51UBc2cuZreKl9~aDqGqLOY4qzwsHP3X0mT92Oh2jFIjRfzLtBRxEVFlgDdcB214dI1pJ2~NdVhQaFPxWNhnHhizpsps5kkknM2mCrtt697B15IIE4WwwRPSwNPoqWNWs7ZxlbG3fQzmkuQycBQFzJgX1BYUxGOoozxRY7-QOxw92d4cUIOs6FK4YL3oLBOo79bav1RSZi~U-KXARNS92pe9A-BHF0fr~eSffSxDEkjniPkV3zBD0hgMmTHQouA~dcIlCxd9d-fayOA62NORNoZQKDIuvItvjA85EBnyUjMxHYye9uYZjGuPCfNZJeJ9jND5-W41kffs6gbJ0wYXUlhd8MiEQ0~myWrRR-tnLyiTUjbnLUL1HXO3I~AOkuT5KMQd1ucC4HmFsY7iR04DMg-WXM~Yxb69RNSYSvD1O8Qqe0ntJWp3GBu03SKzTT44PGrh3BgyFcMMwu~cCo9VwVlGgSRrxfCgZjCDaGPtnuRItqDqFAgM4qkqZilgXGgQ96HNtaGk3VvHa5mTZoxTe3lHJDk12w6-o2CVYqsEuj3BXCHpUXF96QEdORILwrRDeZ-wvdYyKV4gzCAFYIZr23cowjtWtzxIYLA7s1umyFZn9OtPORUYafyirN5DYZTSf7DbKl3Sy4gByrmRxPIZK-OhR60vpeVRfcu2o30NNcmdjZiNhadjte0-mijr7NgJihaXGB~LG7mhcMZdqKdGVoQK2HnhM449-Fl5KrRCEZw1X-QwnUElkaL8GW6mIsBWAkDAgEgxMjv1ETlddoNkU8FEZd~9LLsKwzErqo5OqLuVPxZCguVufUhjZquM3HM9SJwsFtQHoh2yd5TyoU~zQAHVkDHAsPnzRQreZu4E8RmMAvmLnDiTFwhynStjmt3g~oa7JaUC5X7tVCX~KyeDr4qlw3cTmT3UAumSSokLvcXDdOh87ISmSManF2rQcV7b1VjeCd3L8zCeCvP-kHblkLRAtmLyYXgszIDu11vP6olJRa0VQWXUuMqxkWr58-sPA0f3mbmVIKbgiBzESvgp6LZc92JiXH73uFceyu4OffBQo5t6S6-IPW4t6zIk8S3V~mnl2pY0l8UfMLiLg9pmbDAwBZAbM~yZQd01i-kFGtHnCsRbgHP8gQQ4Kurgr9bm7tW6-TVNm74aTyYSXJzK8n-xxV-eGw~QKpBMhxDG2J~uxlzkVx6l50wUNjg9Oej9NBxLmloMzGqJuaTG9g7NS8lh3u8rDVdZDcFax4LBYXtW8j-oPV3mr0g~jH4ZkO3odQQHMnSapnRl82h6bH0ip5ytirxwqqHC7qkJdNpfeN4mYp7HRO6LqyWMQeXmI65~tgrR9ae0Rw8QBuvLDG20nkU07DutJVsWh3AL8CrJ2IvSnMnFLsaOZXxDYdF9ctMkYF2ekYSrIKbe2UfVYubwkhBqGhYTMdTgrjuCluRkdz4AuFXNUqGVtfkAKTtxTcumDdtDiUNY-mdAjHVY~~WRX0C64jxeKw4MLmsxp7gdcFhCowHzwe4f-6Ls9CXdpP3824g3KAEb5K0afUZ1zyQSqOPsG~oQGN6Y9YBUjO9AbrP0NQlXUZcPvmoJ~agtssCU7pyD4LyXMpbzscFcUsKyEwIBG9HE6HRPjy0ihAnN1~Bmy7rTKTP~5rAmvvCQ8XET0v8hwMswypLDn2LmSmNksLuMAUP5MmcrD4MpCFp05e4nU~8nVAsAu-C3mPIljnV1ZeHbi8fTiRXN6uIgOtd6krqmlVHebiTFH-ULDvkd5ynO6~fqd~Vqjh~pRCZw2o6JXz2iRIu8EaplR-tP5HL6weeccNkrA7ofmFzh3F7SeJ23rLOJrDiFyZWz8PAiD08dMRGlWYgzAJE2ATopnW5-YEUHg2cz91nV~aXLi9O4WUQNrJmPHlVh6-l2V~~TO4SGcfLspE6tt1mrnEdw4rLhoJz7RJDYMQuq~HiA0xNRVfQB7d0huEwLGS1JvPKe01oVePoAadkfAZvCBZUUPk8T5cHOAqcnPIufrymLzxk7576AvU2puneU1NIBTE
greetings
andor
I got the package u listed but i dont get what program i use to actually send the the message?
thanks a lot