disclaimer: I'm not a crypto/security expert, nor do I claim any info below is failproof. I'm merely demonstrating (what I believe are) safer ways of communicating.
GPG/PGP is a fucking pain. Most people don't get why it's important or care to deepen their understanding of the topics I'm about to address. But I regularly communicate with a lot of new people and need something like this to reference. This will save me from constantly explaining things or walking people through secure(ish) exchanges.
# Keyservers / Key Hosting
# Signing Messages (why)
# Secure(ish) Key Exchanges
# Generating Keys
# Key Fingerprints
# Exporting Your Key
# Importing Someone's Key
# Encrypting Messages
# Verifying Someone's Signed Message
# Deleting Keys
DON'T:
- Trust a forum or social site to securely/safely deliver your public key!
- Host your key on the forum/site where you primarily mean to communicate securely!
- Share your public key in a PM!
DO:
- Upload your public key to multiple places for convenience. Pastebins, SKS keyservers, your onion blog...
- Use onions if possible
- Introduce yourself publicly to the forum/site and sign your post with off-site links to your key
# Generating Keys
$ gpg2 --full-gen-key
[Image: 0FMLQ5h.png]
# Key Fingerprints
Make note of your Key Fingerprint, this is important to your future communications with others.
Examine keys using the keyholder name (easy):
[Image: aCPrn39.jpg]
Or with the last 16 digits of a specific key.
[Image: 9rLWlv7.jpg]
# Exporting Your Key
Export your public key and share it on keyservers:
gpg2 --export --armor --no-emit-version <YOUR KEY FINGERPRINT HERE>
Always include "-----BEGIN PGP PUBLIC KEY BLOCK-----" and "-----END PGP PUBLIC KEY BLOCK-----" !! Too often do people omit this-- it's fucking annoying. GPG cannot import or decrypt messages without it. No one enjoys adding it manually.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGK6vmEBEADVADFNeTUqDmpEB6bsMjcTrD3t+3y6upWeiWri+hZtYhkzBvqu
fA9Xcml6/WENdOJQ+Z0Eo0VoTFuNGCaIqSN1R4e8zsT3IXoAP/K2vEzm8NxrG1Rf
OvyNIou0qiYyPFoH6DArS6v3q50RHF6XGoAUjfKmTUtoYjNFQdFG7TO4fdwPPkkH
Rwacflza5CRWeE9e0gItJVOR0AplxIwTSQSvQdWynyFOpHEP0imti0oJSji++BRv
FKlJsMXQMO4ImiJrs6Y8ZsZDUgTyziLsX7GVvBAASFdNWKd5gbnqJG+suOMSGSsC
TCpEiTUueV2e9O0FKGyTwlsItigc+08B248/pBij9OP/nl7in5GhvdKPwTwwQnkb
rqq0cSkpa2FO7LwTtaE4AZXbDXsnBKahng14+Ug+GZbS7wBMY+kCpVTaCPu49zfe
gtZ02NZ9SrHXT2iOF6yFzk2WTD/kwFv1HG0rtCuoeHoHAiyxOHKX9d4fRdLAtQS+
bG1JK+YRBVXzxA74k0HPVQCsRkVA+vBG957ozcjVtUAKAV1V+7zTNyo7sz9lgC91
mvyZ6YVyCXR0GsrzhdFNMmH4aRv1EioOvhRxODf6d+VXg4Kh3vVmTTspduVMsp0S
wHuraPjeXIpD2LZW9uZ05E0a9EnC+TohC36u2stUFbn3Drb64BSrucuCOwARAQAB
tD9CbG9vZCAoaSdsbCBoYWNrIHlvdSBpZiB5b3UgYnVnIG1lKSA8Qmxvb2RmYWtl
bWFpbEBvbmlvbi5vbmlvbj6JAlQEEwEKAD4WIQQIcqxpgw/r75CwsHS2bYlKLNXb
PwUCYrq+YQIbAwUJAO1OAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC2bYlK
LNXbP3KJEACTrnZuqfCcWlCO/51d7ZvibF0jSSuu5TO70iP0e9ulmwQfgDgEqs3t
Rs7beG1aaI9ufKTjAh7dZwAOeYN4hb5ukBpXqd1t5ktUGXo++AFkJYwpnyozNx0v
OLA9vz1r0roa17jy2qxhMGaNqai2/7elN5ptgTOLNanvMI3IHvdeeOm3re0r0jgH
O8vHQJ5zQ42mRjOjn9eT3gkmfjrIJm0VhG+xUfuGoLPm7IL8u6iSTj7idFW8QqMu
tlMLPFb/9DQqSYFe61ZuoDEwKBjR0xHuzYw250DwVLW9YPnS3DZVxiEeeqfNRZJn
UA1O3BzIVBQhWMfhAKkpQiEGEMUaP6DsSatpB2DPp2kzTiDIZhqVsM1PNbLzfTrP
hWAxXaOJ/RWF/4+7mJyq9UHhw90oIeBeBt3B1jPR8o3suuYhJPYlUvyewLOhzneA
ABDzAtfUTz1GziXlk4MJHDWycBbUCMIBGit3LD/HJmTBbsRpr/Crhjk6m9SlsNNk
Smr58dG8AZwQ1I8Ttp1xTQCzrB4W2KboDb9yQVXKPQveqOXVvk/gKYRVZqoaTM8V
/50ehogj+oojvo6FV2xozpxNSvA6examrP8GagtXxLBkc/vPAJNrVzW/+uHJFiwG
q+kn3syzoN7yv4dacP24jgcqQQZIYtKzMr3zyX3xmdudlbdVp6R1MrkCDQRiur5h
ARAAz3fgxrRP9uodnxBfXvL/5XmjbD0ZAQU2KnLCFBWHib4+bdL2BZZ6skaCtKVi
dyIhcwcojb0F+Ir6+DTSnMe+7cGc+bjy59nHOxNkUPvVwQN5PRhvHEr+4uNBR5vj
yDFk5cvrNetlsWHyUkpTSD43Tm3XfOdr+SzFJKK/IGQ3/0AKYN8sG51w2sM7Zzce
+qrxPTalzpQM39F0tiHN74J1Qp11RrPunWZQ3rnx0SBPWIitajcSfJfU3IXW7iiC
y8EOZvc5L6Vcp0ae4etgJXNakxN7NxaYqMz4fFGkj+yRvU7LW9R1hMHNSYmGEUUS
8re86YOX5igH2Qdy4KCUpmDmbnmiVyOxavplz/rcoINxxishZedTcMAzT7y8mE0v
JB0NsB8kNJeImhbUC1r9iyv4q4n8HSuXWwWGhM4ewO/ejbXHaeGWI20lf1QEAAk9
7W6ZmgvqhOGtx7V+F+0kcNEjT8zBTjQteL2sCQWjISmkn47V9dvgzVwt8jDXKCbV
XWLSMqXdXNcTOC0/YIPcAKiLnTPMtczQNXycipkL8+Mxk69b1lew2zCLxp2htGry
IN71WfVq9H6DvnQs3crZNEERCcsi3RNfjUW+gzmvW0Z/SnjzFR4WHpCDpWlDm8i1
j8nTz1OPtXnntE0QxQGh0TDPItb37Y9mXou/lJYo3gCpYxkAEQEAAYkCPAQYAQoA
JhYhBAhyrGmDD+vvkLCwdLZtiUos1ds/BQJiur5hAhsMBQkA7U4AAAoJELZtiUos
1ds/vJcQAMMMTNPbZJ1NBiDSoCwgJdwUZSbxMrcanfr2fXilyaHUfYMYMDWXEfnP
swNzRGE5OHIhuB05AovZlyVM8B/n9f9960un0Zx/RizMGqTEnBFSfVCTZ5iwBeTD
f46CALI9vnbnLEgL2FQQ1KGjDgAACZAhzC1pEsuAbpbM511yGwVQFetK2abNJGyQ
pmmel6o9VoW6hSCGXqkotKbpZFsKvRfQYNNMA6dMAR9vpKXiQkNq+UW3n860lTOj
TEDT+y9uzjIw2Ya0hvNYkqOz3Ah4UQeRfrMeGyZuaRPNGAmAeXWnedvJij+Wc1/V
Debb8Uzjnz1nMblZW0WQIyzdbxWEN9qV2S+ogUA4cZ6KDM7e6jlT1Hpe4BItdT3R
jOi0sXZqtCqP0WRwX+AqoCqBRQKUSvRdwzZ72Cg0+YaIpESyKIMmFaD2sFl0WKBq
yuvazCQSZnHOh6VM5b02kgI2gwDJskooLlULS+Fa9Z6Wr8mwq0bN6Dt2+v2S9zD7
Ayd/kEeJlMYxJBY8RSRQJwFZREMYlPuPUn6XPC6vntkZqlA20HH7hM6m+cDN2OMz
WJqPioFd3RzS3xNHn6SezduvGC+0OfyvL+3Weep601Xct5hlWStRL5u9I0R1XGhm
CSFQbTNTTfdcmbKbAdQ5AUkv6UlwLKlqyTYVT7L/vjLwJbYvnqHt
=zg7k
-----END PGP PUBLIC KEY BLOCK-----
# Importing Someone's Key
@pompompurin does an excellent job of hosting his key on his server, so I'll demonstrate with that:
[Image: W0GX0IW.jpg]
$ torsocks curl <keyserver> -o username.txt
$ cat username.txt
$ gpg2 --import username.txt
$ gpg2 --fingerprint <username key fingerprint>
# Encrypting Messages
Super simple!
[Image: 53mCM7O.jpg]
gpg2 --encrypt --armor --no-emit-version -r <RECIPIENT KEY FINGERPRINT HERE>
then press Ctrl+d twice to encrypt the message.
# Verifying Someone's Signed Message
Someone sent you a signed message? Save the signed message to .txt file.
gpg2 --verify signedMessage.txt
If anyone changes a single character (byte) of that signed message, it won't work:
# Deleting Keys
Did someone change or update their key? Probably best to remove the old key before adding the new one -- to avoid confusion in the future:
gpg2 --delete-keys D18B1ADDDDF490A0
Seriously, if anyone would like to challenge or improve any of the above, I'm happy to discuss secure alternatives and update this post.
[Image: Dengram-Codes-GIF1.gif]
GPG/PGP is a fucking pain. Most people don't get why it's important or care to deepen their understanding of the topics I'm about to address. But I regularly communicate with a lot of new people and need something like this to reference. This will save me from constantly explaining things or walking people through secure(ish) exchanges.
# Keyservers / Key Hosting
# Signing Messages (why)
# Secure(ish) Key Exchanges
# Generating Keys
# Key Fingerprints
# Exporting Your Key
# Importing Someone's Key
# Encrypting Messages
# Verifying Someone's Signed Message
# Deleting Keys
DON'T:
- Trust a forum or social site to securely/safely deliver your public key!
- Host your key on the forum/site where you primarily mean to communicate securely!
- Share your public key in a PM!
DO:
- Upload your public key to multiple places for convenience. Pastebins, SKS keyservers, your onion blog...
- Use onions if possible
- Introduce yourself publicly to the forum/site and sign your post with off-site links to your key
# Generating Keys
$ gpg2 --full-gen-key
[Image: 0FMLQ5h.png]
# Key Fingerprints
Make note of your Key Fingerprint, this is important to your future communications with others.
Examine keys using the keyholder name (easy):
[Image: aCPrn39.jpg]
Or with the last 16 digits of a specific key.
[Image: 9rLWlv7.jpg]
# Exporting Your Key
Export your public key and share it on keyservers:
gpg2 --export --armor --no-emit-version <YOUR KEY FINGERPRINT HERE>
Always include "-----BEGIN PGP PUBLIC KEY BLOCK-----" and "-----END PGP PUBLIC KEY BLOCK-----" !! Too often do people omit this-- it's fucking annoying. GPG cannot import or decrypt messages without it. No one enjoys adding it manually.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGK6vmEBEADVADFNeTUqDmpEB6bsMjcTrD3t+3y6upWeiWri+hZtYhkzBvqu
fA9Xcml6/WENdOJQ+Z0Eo0VoTFuNGCaIqSN1R4e8zsT3IXoAP/K2vEzm8NxrG1Rf
OvyNIou0qiYyPFoH6DArS6v3q50RHF6XGoAUjfKmTUtoYjNFQdFG7TO4fdwPPkkH
Rwacflza5CRWeE9e0gItJVOR0AplxIwTSQSvQdWynyFOpHEP0imti0oJSji++BRv
FKlJsMXQMO4ImiJrs6Y8ZsZDUgTyziLsX7GVvBAASFdNWKd5gbnqJG+suOMSGSsC
TCpEiTUueV2e9O0FKGyTwlsItigc+08B248/pBij9OP/nl7in5GhvdKPwTwwQnkb
rqq0cSkpa2FO7LwTtaE4AZXbDXsnBKahng14+Ug+GZbS7wBMY+kCpVTaCPu49zfe
gtZ02NZ9SrHXT2iOF6yFzk2WTD/kwFv1HG0rtCuoeHoHAiyxOHKX9d4fRdLAtQS+
bG1JK+YRBVXzxA74k0HPVQCsRkVA+vBG957ozcjVtUAKAV1V+7zTNyo7sz9lgC91
mvyZ6YVyCXR0GsrzhdFNMmH4aRv1EioOvhRxODf6d+VXg4Kh3vVmTTspduVMsp0S
wHuraPjeXIpD2LZW9uZ05E0a9EnC+TohC36u2stUFbn3Drb64BSrucuCOwARAQAB
tD9CbG9vZCAoaSdsbCBoYWNrIHlvdSBpZiB5b3UgYnVnIG1lKSA8Qmxvb2RmYWtl
bWFpbEBvbmlvbi5vbmlvbj6JAlQEEwEKAD4WIQQIcqxpgw/r75CwsHS2bYlKLNXb
PwUCYrq+YQIbAwUJAO1OAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC2bYlK
LNXbP3KJEACTrnZuqfCcWlCO/51d7ZvibF0jSSuu5TO70iP0e9ulmwQfgDgEqs3t
Rs7beG1aaI9ufKTjAh7dZwAOeYN4hb5ukBpXqd1t5ktUGXo++AFkJYwpnyozNx0v
OLA9vz1r0roa17jy2qxhMGaNqai2/7elN5ptgTOLNanvMI3IHvdeeOm3re0r0jgH
O8vHQJ5zQ42mRjOjn9eT3gkmfjrIJm0VhG+xUfuGoLPm7IL8u6iSTj7idFW8QqMu
tlMLPFb/9DQqSYFe61ZuoDEwKBjR0xHuzYw250DwVLW9YPnS3DZVxiEeeqfNRZJn
UA1O3BzIVBQhWMfhAKkpQiEGEMUaP6DsSatpB2DPp2kzTiDIZhqVsM1PNbLzfTrP
hWAxXaOJ/RWF/4+7mJyq9UHhw90oIeBeBt3B1jPR8o3suuYhJPYlUvyewLOhzneA
ABDzAtfUTz1GziXlk4MJHDWycBbUCMIBGit3LD/HJmTBbsRpr/Crhjk6m9SlsNNk
Smr58dG8AZwQ1I8Ttp1xTQCzrB4W2KboDb9yQVXKPQveqOXVvk/gKYRVZqoaTM8V
/50ehogj+oojvo6FV2xozpxNSvA6examrP8GagtXxLBkc/vPAJNrVzW/+uHJFiwG
q+kn3syzoN7yv4dacP24jgcqQQZIYtKzMr3zyX3xmdudlbdVp6R1MrkCDQRiur5h
ARAAz3fgxrRP9uodnxBfXvL/5XmjbD0ZAQU2KnLCFBWHib4+bdL2BZZ6skaCtKVi
dyIhcwcojb0F+Ir6+DTSnMe+7cGc+bjy59nHOxNkUPvVwQN5PRhvHEr+4uNBR5vj
yDFk5cvrNetlsWHyUkpTSD43Tm3XfOdr+SzFJKK/IGQ3/0AKYN8sG51w2sM7Zzce
+qrxPTalzpQM39F0tiHN74J1Qp11RrPunWZQ3rnx0SBPWIitajcSfJfU3IXW7iiC
y8EOZvc5L6Vcp0ae4etgJXNakxN7NxaYqMz4fFGkj+yRvU7LW9R1hMHNSYmGEUUS
8re86YOX5igH2Qdy4KCUpmDmbnmiVyOxavplz/rcoINxxishZedTcMAzT7y8mE0v
JB0NsB8kNJeImhbUC1r9iyv4q4n8HSuXWwWGhM4ewO/ejbXHaeGWI20lf1QEAAk9
7W6ZmgvqhOGtx7V+F+0kcNEjT8zBTjQteL2sCQWjISmkn47V9dvgzVwt8jDXKCbV
XWLSMqXdXNcTOC0/YIPcAKiLnTPMtczQNXycipkL8+Mxk69b1lew2zCLxp2htGry
IN71WfVq9H6DvnQs3crZNEERCcsi3RNfjUW+gzmvW0Z/SnjzFR4WHpCDpWlDm8i1
j8nTz1OPtXnntE0QxQGh0TDPItb37Y9mXou/lJYo3gCpYxkAEQEAAYkCPAQYAQoA
JhYhBAhyrGmDD+vvkLCwdLZtiUos1ds/BQJiur5hAhsMBQkA7U4AAAoJELZtiUos
1ds/vJcQAMMMTNPbZJ1NBiDSoCwgJdwUZSbxMrcanfr2fXilyaHUfYMYMDWXEfnP
swNzRGE5OHIhuB05AovZlyVM8B/n9f9960un0Zx/RizMGqTEnBFSfVCTZ5iwBeTD
f46CALI9vnbnLEgL2FQQ1KGjDgAACZAhzC1pEsuAbpbM511yGwVQFetK2abNJGyQ
pmmel6o9VoW6hSCGXqkotKbpZFsKvRfQYNNMA6dMAR9vpKXiQkNq+UW3n860lTOj
TEDT+y9uzjIw2Ya0hvNYkqOz3Ah4UQeRfrMeGyZuaRPNGAmAeXWnedvJij+Wc1/V
Debb8Uzjnz1nMblZW0WQIyzdbxWEN9qV2S+ogUA4cZ6KDM7e6jlT1Hpe4BItdT3R
jOi0sXZqtCqP0WRwX+AqoCqBRQKUSvRdwzZ72Cg0+YaIpESyKIMmFaD2sFl0WKBq
yuvazCQSZnHOh6VM5b02kgI2gwDJskooLlULS+Fa9Z6Wr8mwq0bN6Dt2+v2S9zD7
Ayd/kEeJlMYxJBY8RSRQJwFZREMYlPuPUn6XPC6vntkZqlA20HH7hM6m+cDN2OMz
WJqPioFd3RzS3xNHn6SezduvGC+0OfyvL+3Weep601Xct5hlWStRL5u9I0R1XGhm
CSFQbTNTTfdcmbKbAdQ5AUkv6UlwLKlqyTYVT7L/vjLwJbYvnqHt
=zg7k
-----END PGP PUBLIC KEY BLOCK-----
# Importing Someone's Key
@pompompurin does an excellent job of hosting his key on his server, so I'll demonstrate with that:
[Image: W0GX0IW.jpg]
$ torsocks curl <keyserver> -o username.txt
$ cat username.txt
$ gpg2 --import username.txt
$ gpg2 --fingerprint <username key fingerprint>
# Encrypting Messages
Super simple!
[Image: 53mCM7O.jpg]
gpg2 --encrypt --armor --no-emit-version -r <RECIPIENT KEY FINGERPRINT HERE>
then press Ctrl+d twice to encrypt the message.
# Verifying Someone's Signed Message
Someone sent you a signed message? Save the signed message to .txt file.
gpg2 --verify signedMessage.txt
If anyone changes a single character (byte) of that signed message, it won't work:
# Deleting Keys
Did someone change or update their key? Probably best to remove the old key before adding the new one -- to avoid confusion in the future:
gpg2 --delete-keys D18B1ADDDDF490A0
Seriously, if anyone would like to challenge or improve any of the above, I'm happy to discuss secure alternatives and update this post.
[Image: Dengram-Codes-GIF1.gif]
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding