Pretty Good Privacy, PGP, is an encryption system that combines two encryption standards: symmetric and asymmetric, which means that PGP uses both a public and private key using the efficiency from the symmetric system (public keys) and the security of the asymmetric system (private and public keys).
In symmetric encryption (public keys), only one key is used to encrypt and decrypt data and although it is notably faster, it is less safe since the same key is shared between the sender (usually a buyer on Dark Web Marketplace) and the recipient (usually the seller). If the messages are somehow hacked, the attacker will also have access to the key.
Asymmetric encryption uses two keys: private and public. The public key is used to encrypt data and the private key decrypts it. It is a slower process but more secure since the private key is not shared whatsoever.
For this guide, we will be using GnuPG with Gnu Privacy Assistant, GPA, as a graphical front-end. Also Command Line Interface, CLI, to install these two pieces of software, and to create the keypair on the Operating System, OS, Linux Mint.
Part 1: Installing the software
- Open up Terminal.
- Type, without quotes, ‘sudo apt-get install gpa gnupg2’. Click on [Enter]
- Enter a password. Click on [Enter].
- Instructions will be given for both to work properly. Type ‘y’ then click on [Enter] to confirm.
- Wait until it installs. It should look something like this:
Part 2: Generating Your Keypair
Once Part 1 is finished, the next step is to create a keypair. We will be using 4096 bit RSA to add extra security.
- On Terminal, type without quotes ‘gpg –gen-key’. Click on [Enter]
- When asked what kind of key you want choose option ‘1’
- The next step is key. The longer the length, the more secure it will be. For this guide, we will use 4096 bits:
- There will be an option to choose a key that will expire after a certain amount of time or the key doesn’t expire. For this guide, we are choosing ‘key does not expire’. After making a choice, click on [Enter].
- Confirm the choice of date expiration of the key. Type ‘y’ and click on [Enter].
- Enter an ID to make it easier for the people to identify your key.
- It will ask if this information is correct. Check if it is correct, type ‘O’ and press [Enter].
- Create a strong and memorable passphrase to protect your secret/private key. Keep it safe somewhere.
- Once the key is generated, it will ask you to do some random actions to create entropy. See the screenshot below for an example of what will be output in the Terminal.
- Once the required amount of entropy is created, the installation is done.
Part 3: Obtaining Your Public Key
Software is installed and the secure keypair is generated. However, it’s needed to obtain the public key. The steps from here will be done through the graphical front-end.
- Open Terminal, type ‘sudo gpa’, click on [Enter] and type in the password.
- A window will be displayed like this:
- Click on the keypair you just created, click on [Keys] up at the top and select ‘Export keys’.
- Select where you want it saved, enter a filename, and click on [Save].
- Browse to the location in your file manager and open it with a text editor. This is your public key. Put this on your market profile, so people can contact you easier.
Part 4: Obtaining Your Private Key
In case of switching operating systems or PGP programs, this next step will be required. Make sure to keep this file safe.
- Hopefully, you still have your GPA open. If not, follow step #1 of Part 3.
- Click on your keypair, click on [Keys] at the top and select ‘Backup’.
- Select where you want it saved, keep the filename it gives you, and click on [Save].
- A window will be displayed, you can back up to a floppy disk (suggestion of the OS) but go for whatever device you wish to backup.
Make sure to keep this file safe and don’t forget the passphrase.
Part 5: Importing A Public Key
When purchasing any product not available on the Surface Web, it is required to add extra security by encrypting the messages between sender and recipient. Follow the instructions below to correctly do it.
- Obtain the recipient public key, which can mostly be found on their profile.
- Copy it all and paste it into a text editor. Save it.
- Up at the top, click on [Keys] and then select ‘Import key’
- Select the key of your choice and click on [Open]. The window below will be displayed.
- Click on [Close] and the key selected will be displayed as shown below and it is done.
Part 6: Importing a Private Key
To avoid any disclosure of private information after getting hacked, importing a private key is the best method to remain anonymous.
- At the top, click on [Keys], then ‘Import Keys’.
- Select ‘backup’, it should have a file extension of .asc
- This window will be displayed.
- Click on [Close]. The private key is now imported
Part 7: Encrypting A Message
The GNU Privacy Assistant (GPA) is a graphical user interface for the GNU Privacy Guard (GnuPG). It can be used to encrypt, decrypt, and sign files, also to verify signatures and age the private and public keys. It is an important tool to keep privacy. Follow these steps below to learn how to encrypt messages using GPA.
- Click on [Windows] and select ‘Clipboard’.
- The window below will be displayed.
- Type the message you wish to encrypt.
- Click on the envelope with the blue key.
- Select the seller of the message, sign it with a key to add security, and click on [Ok].
- The encrypted message will appear in the buffer. Copy the entire message and send it to the seller.
Part 8: Decrypting a Message
Once an encrypted message is received, it is required to decrypt it using the private key to be able to read it.
- Copy everything the recipient has sent and paste it into the buffer.
- Click on the envelope at the top with the yellow key.
- Enter the passphrase.
- The message is decrypted.
This guide aimed to teach how to stay safe on the DarkNet Market. PGP can be overwhelming at first, but with persistence and the willingness to learn, anyone can do it correctly by following the instructions described above.