Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. To get a general understanding of it’s design please take a few minutes to read this. When you create a PGP key, it gives you two unique keys. A public key, and a private key. You are to not, at any times, or for any reason, give anyone your private key. That is for your eyes only. Your public key, however, is able to be given out so others can encrypt messages with your public key, send them to you, and then only YOUcan decrypt them with your private key. This works exactly opposite when buying from vendors. You use their public key to encrypt all your shipping information, etc, then you send the encrypted message. Only the vendor is able to see it as only they possess the private key to decrypt, and read, your message. Note: if you want to make sure that you can properly encrypt and decrypt messages with PGP please go to /r/GPGpractice Sent a message without PGP? Did you sent a message which contained sensitive data (e.g. your address) without encrypting it with PGP by yourself? Then it is best to delete your market account and start a new one. And no, this is not overkill. When the Silk Road servers were seized, a lot of messages were not PGP encrypted and contained addresses in plaintext. In the following years the FBI gave those data to other law enforcement agencies around the world and they busted buyers that sent their addresses unencrypted. So if you would continue to order with that account, the evidence against you would just stack up even more. Please make the cut now and create a new market account with which you will always PGP encrypt your address by yourself.
Do I need to encrypt all messages? You only need to encrypt messages containing sensitive information such as packaging details (which should only ever be discussed between a vendor and a buyer) or addresses. Saying “Thanks!” doesn’t need encryption. Can I decrypt a PGP message I sent? No, only the user whose public key you used to encrypt the message can decrypt it. However if you select the public keys of the users you want to send the message to and your own public key, then you will be able to decrypt the encrypted message (as long as your PGP key is not expired). You will learn later how to do that. What is the difference between PGP and GPG? It is explained here.
Creating a PGP key pair Tails Click on the clipboard icon on task bar at the top of your screen and select the option “Manage Keys”. On the new window that appeared, click on “File” at the top and select the “New…” option. Then a list of items shows up that you can create, choose “PGP Key” and click “Continue”. Then you can enter your “Full Name”. Obviously do not use your real one because everybody that has you public key later can see that name. It is best to choose the same username that you already have on a market because it will make it easier for your vendor. The name has to be at least 5 characters long, if your name is shorter just add the market that you are using at the end of it or “DNM” for example. After that you can enter your email address. It is not necessary and if you do not have one you can leave it blank. However if you want to create one please take a look at the Email chapter of the DNM bible. If you already have one that you want to enter in that field, please make sure that it fulfills the requirements mentioned in the Email chapter. If one of the points is not fulfilled, please create a new one by following the steps in the email section or do not enter an email address for the PGP key creation. Now click on “Advanced key options” and set the “Key strength (bits)” to 4096 and the “Expiration Date” to one or two years in the future. Note: After a key pair expired it can not be used to send you encrypted messages any more (i.e. your public key can not be used) and you can not decrypt messages any more (i.e. your private key can not be used). It is a really useful feature that all DNM users should use because once the key expired nobody can read the messages any more, which means there will be no usable evidence against you. It is easy to set (just check the option during the creation of the key) and barely adds any extra work (i.e. creating a new PGP key once every year is not much work compared to the enormous OpSec boost you get). However it is still technically possible to use your private key even after it expired, although not all tools let you do that. So in order to get that OpSec boost, you need to
delete your old, expired PGP key after you created your new one and updated your DNM account settings with the new key. Confirm the data by clicking on “Create”. You now get asked to set a password which is, in combination with your private key, necessary to decrypt messages that were encrypted with your public key. Please choose a strong password by using KeePassX. After you clicked on “OK” you will have to wait a bit (usually not longer than a few minutes) and you will see your key in the list of GnuPG keys (click on “GnuPG keys” on the left sidebar). Congratulations, you now created your own PGP key pair!