PGP Tutorial

PGP Tutorial


General information

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails and files and to increase the security of email communications.

Learning how to use PGP is very important. You don’t ever want your personal details to fall into the hands of law enforcement. Please carefully read through all sections in this chapter.


Creating a PGP key pair

When you create a PGP key pair, it gives you two unique keys: a public key, and a private key. You are to not, at any times, or for any reason, to give anyone your private key. That is for your eyes only. Your public key, however, is able to be given out so others can encrypt messages with your public key, send them to you, and then only YOU can decrypt them with your private key.

When you sign up to a market you may be asked to enter a public key. To prevent your market accounts from being linked together, you should always generate a new key pair for every account you make. Never upload the same public key to multiple accounts.

By uploading your public key you allow your vendor to securely send you sensitive information about your shipment (e.g. tracking codes). It can also serve as a two factor authentication mechanism to login to a market: every time you login you are required to decrypt a message containing a special code. Entering this special code proves that you own the account, because only you would be able to decrypt the message.

You should not keep private keys around that are no longer in use. If you make a new account on a market, delete the old key. If a markets gets busted or exit scams delete all keys for the accounts you created on that market. In the event that your private keys are compromised you want an attacker to be able to decrypt as little sensitive information as possible.

Click on the clipboard icon on task bar at the top of your screen and select the option “Manage Keys”.

On the new window that appeared, click on “File” at the top and select the “New…” option. Then a list of items shows up that you can create, choose “PGP Key” and click “Continue”.

Then you can enter your “Full Name”. Obviously do not use your real name because everybody that has your public key later can see that name. Never use a name that can be linked to your real identity.

If you’re making a new key to sign up to a market it is best to fill in your market username, this will make it easier for your vendor to encrypt messages for you.

It is recommended to leave the email field blank. If you want to be contacted via email you can add one, but please make sure that it fulfills the recommendations mentioned in the email chapter.

Under “Advanced key options”, set the “Key Strength (bits)” to 4096 and the “Expiration Date” to one or two years in the future.

Confirm the data by clicking on “Create”. You will now get asked to set a password which is, in combination with your private key, necessary to decrypt messages that were encrypted with your public key. Please choose a strong password by using KeePassXC.

After you clicked on “OK” you will have to wait a bit (usually not longer than a few minutes) and you will see your key in the list of GnuPG keys (click on “GnuPG keys” on the left sidebar).

Congratulations, you have now created your own PGP key pair!

One last thing: if you want to copy your public key, just select your key in the “GnuPG keys” list and press CTRL + C. Now you have your public key copied and can paste it anywhere.

Your public key should look like this:

—–BEGIN PGP PUBLIC KEY BLOCK—–

mQINBFhNDOsBEACzwJJVsMo7sIiLhvCsLx2n+DVHzw1trM/C8Yao8EmWdDYe3ei9
mXRqSudbD6S4KvJfm+ZeOlEQ6gGoG2q3aFYASRgcK7WDhs+jwG42Ey+j2oIpU/EO
8EQXTmTn8T+LQT84JZ5KkiZZp2CqLU8RVszfkKEj1oX/sO5watxNQur4fbk9FiCA
1MjHMYir1g==
=TV04
—–END PGP PUBLIC KEY BLOCK—–


IMPORTING A PUBLIC KEY

To be able to send someone an encrypted message (e.g. your address to a vendor), you need their public key. In order to get a vendor’s public key you have to visit his profile and look out for a link that is named like “PGP key” or “Vendor public key”. Sometimes it is also featured directly on the vendor’s profile page.

A public key looks like this:
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1

mQINBFhNDOsBEACzwJJVsMo7sIiLhvCsLx2n+DVHzw1trM/C8Yao8EmWdDYe3ei9
mXRqSudbD6S4KvJfm+ZeOlEQ6gGoG2q3aFYASRgcK7WDhs+jwG42EA+j2oIpU/EO
8EQXTmTn8T+LQT84JZ5KkiZZp2CqLU8RVszfkKEj1oX/sO5watxNQur4fbk9FiCA
1MjHMYir1g==
=TV04
—–END PGP PUBLIC KEY BLOCK—–

The gibberish part in the middle will be a bit longer though. The “Version” line may also be different or not exist at all.

Find the public key that you want to import and copy it to your clipboard. Then open the text editor and paste it in there.

Click save and name the file: key.asc

Now open the file browser and right click on the key.asc file, then click Import Key.

If this option is missing there was a formatting problem with the key you copied. Make sure that you copied all of the key including the lines with the BEGIN and END statements and all the dashes. PGP is very picky about formatting errors.

If everything went successfully, a notification should pop up telling you that the key is imported. It should look like this:

If you get a pop up telling you that the import failed, there is something wrong with the public key.

Double check that you copied the entire key.


DECRYPTING A MESSAGE

First copy the encrypted message. Then click on the clipboard icon and select “Decrypt/Verify Clipboard”.

Enter the password for your key if requested.

A window will show up the decrypted message:

Are you looking for more darknet related tutorials besides the PGP Tutorial? Find them here.