Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails and files and to increase the security of email communications.
A typical darknet user will use PGP to:
- To encrypt the shipping address and other sensitive information so only the vendor can read it.
- Vendors will encrypt sensitive shipping information for you (e.g. tracking codes).
- Decrypting a message is sometimes required to login to a market.
Learning how to use PGP is very important. You don’t ever want your personal details to fall into the hands of law enforcement. Please carefully read through all sections in this chapter.
What if I sent a message without PGP?
Did you sent a message that contained sensitive data (e.g. your address) without encrypting it with PGP by yourself?
Then it is best to delete your market account and start a new one. And no, this is not overkill. When the Silk Road servers were seized, a lot of messages were not PGP encrypted and contained addresses in plaintext. In the following years the FBI gave those data to other law enforcement agencies around the world and they busted buyers that sent their addresses unencrypted. So if you would continue to order with that account, the evidence against you would just stack up even more.
Please make the cut now and create a new market account with which you will always PGP encrypt your address by yourself.
Can I use the market’s built in encryption?
No. The server processes the message in plain text, if the market is compromised attackers will be able to see the contents. Always encrypt sensitive information yourself.
Do I need to encrypt all messages?
You only need to encrypt messages containing sensitive information such as packaging details (which should only ever be discussed between a vendor and a buyer) or addresses. Saying “Thanks!” doesn’t need encryption.
Can I decrypt a PGP message I sent?
No, only the user whose public key you used to encrypt the message can decrypt it. However if you select the public keys of the users you want to send the message to and your own public key, then you will be able to decrypt the encrypted message. You will learn later how to do that.
Creating a PGP key pair
On the main page fill up all the info.
** important – do not use your real name or real email, you do not need a working email in order to create a PGP key.
Please notice the recommended paramters for algorithm, key size, expiry duration and passphrase (must be min of 5 letters).
After you finished filling up the info, press on the Generate keys button, the key creation can take a few minutes.
Once finished you will get 2 parts, your public key (for sharing) and private key (never share that part), make sure to save the 2 keys on a safe place.
After you saved the 2 keys, you can then upload the public key to any darknet market.
Encrypt Your Address Using PGP
The main purpose of PGP is encrypting your address to send a vendor for buying drugs on a darknet market, go to the Encrypt (+Sign) tab on PGP Tool.
On the Receiver’s Public Key area paste the vendor you want to encrypt the message of, and on the Your Message in Plain Text area write your message (usually your address), after finishing press Encrypt PGP message button.
Now you can simply copy the encrypted message from the Encrypted PGP Message tab and send to the vendor!
Decrypt Messages using PGP
Go to the Decrypt (+Verify) tab on PGPtool.
Paste your private key to the Receivcer’s Private Key (For decryption purpose) tab and the encrypted message you with to decrypt to the Encrypted PGP Message tab, then press the Decrypt Message in Plain Text button and your message will be decrypted.