OPSEC 101: PGP Keys and Secret Identities

PGP Keys and Secret Identities
Rate our article

Movies and series have perhaps exaggerated what will happen to you if you do not remain 100% anonymous when you enter the darknet. But that may not be a bad thing, as keeping every bit of information on you as private as possible is essential. This is where OPSEC comes in. 

OPSEC is the way to keep your every move on the internet secure and private. This can help you with your usual day-to-day life, but it’s even more important when you’re doing something on the darknet. 

What Is OpSec?

OpSec(an acronym for Operations Security) is the word we use when you need to keep your operations on any computer secure and private. It’s a system that you, as a user, puts into place to prevent important information into the wrong hands.

It’s important not only when using the darknet but anytime you as a user need to remain anonymous. The concept of OpSec came about when military workers had to find ways to prevent important war information from reaching enemies. Even if the enemies were able to infiltrate and get a hold of the documentation, they would not be able to understand it. 

This is because they would use ciphers and alternative methods to scramble or blur the important data. 

OpSec has since developed and is used by the government, large businesses, and by people who find it important to keep their data safe. 

Why You Should Take OpSec Seriously

OpSec is becoming more and more essential in our everyday lives as every company and government wants to gather data and use it against you. Whether you have something to hide or not, your data is worth a lot of money to many people. 

So by keeping your OpSec up to standard, you could prevent these people from gathering that valuable data. Over and above that, OpSec protects you from hackers, scammers, stalkers, terrorists, phishers, and the list goes on. 

So here’s a few ways you can improve your OpSec both on and off of the Dark Net. 

OpSec 101

Keeping your OpSec up to standard means taking a few fairly simple steps, as well as implementing a few essential methods into your everyday life. Let us break down a few ways to remain anonymous. 

Usernames and Passwords

Humans are creatures of habit. That’s undeniable. Unfortunately, a pattern on the internet is a fatal flaw that can be used against us. Perhaps the most common habit we have is repeating our passwords/usernames. For example, the most common passwords on the internet are “1234” and “password.” 

  • Use a new and unique password and username for every account we make across the internet… no matter the site you’re using. 
  • Never affiliate your account name/password with your IRL identity.
  • Use “Burner” accounts when you’re not planning on returning to a website. Sign up using a fake email or similar. 

When we say having a unique name and password, it doesn’t mean turning “DogLover” into “D0GL0ver” but into two unrelated names. 

The same goes with your passwords; use unique passwords that are not simple. 

Two of the largest Darknet Market admins were taken captured due to this flaw. Alexandre Cazes, the AlphaBay co-founder, and Ross Ulbricht, the Silk Bay owner, were both captured because they repeated their online usernames and email addresses. Heck, Alexandre used an email address with his name in it “[email protected]

PGP Keys

PGP, or “Pretty Good Privacy,” is one of the most important ways to keep communications encrypted. It has been the primary method of governments, nuclear activists, and darknet market communication since its invention back in 1991.

Although it may take a few tries to get the hang of PGP encryption, once you get it right, the concept becomes simple and quick. This way, you can ensure every message you put out is unreadable to anyone who doesn’t have the key to decrypt the message. 

PGP encrypts messages using both symmetric key encryption and public-key encryption. The exact mathematics behind how PGP keys work is quite complex, but that is necessary in order to prevent an outsider from accessing your data. 

The PGP is especially important when using the darknet. As an example, when the Silk Road was taken down, most users did not attempt to conceal their messages sent through the platform. As a result, the FBI has used the Silk Road to take down multiple buyers and sellers that used the platfrom. 

Here’s a good video explaining exactly how PGP works in detail. We 

The process is fairly simple. 

Setting up a PGP Pair

In order to use the tool, you don’t need to have a very complex understanding on every detail of PGP encryption. In a few steps, this is how you can use PGP for communications across the deep web.

Screenshot 2022 10 21 at 14.47.56

Step 1: You need to find a good PGP tool. Luckily for you, we at LiveDarknet have a PGP tool built right into our website. But if you use Proton Mail (which you should), then it has PGP encryption options. 

Screenshot 2022 10 21 at 14.49.47

Step 2: Once you’ve found the tool that works for you, you need to actually generate your PGP key. To do this, fill in the relevant blocks. Note that you do not need to use a real name or email address; we strongly advise against this. Once you’ve completed each section, tap the “Generate Keys” button.

Screenshot 2022 10 21 at 14.54.07
Private and Public PGP Keys

Step 3: Your Public and Private Keys will automatically generate. It’s essential that you save the keys. We offer the option to directly download the key information in a .ASC file.

  • Public Key: You can put this key on your website or at the bottom signature of your email messages. Anyone wishing to contact you in private will have your public PGP key to send you encrypted messages. It’s the key you will provide to any darknet market before you can start speaking with the buyer.
  • Private Key: The Private key is needed to decrypt a PGP message that’s been sent to you using your public key.

How to encrypt a message with PGP

Now that you’ve set your own Public and Private keys, you will want to encrypt a message. You usually won’t need to do this if you’re sending basic messages like “thanks,” but if you’re sending sensitive data such as an address, the PGP key is necessary.

Screenshot 2022 10 21 at 16.16.48

Step 1: Head over to the “Encrypt (+sign)” tab with our built-in PGP tool. Here you’ll see a few boxes that you’ll need to fill in. Starting with the “Reciever’s public key.”

Step 2: You need the receiver’s public key to encrypt this message. This sort of detail will be provided by the DM vendor. Paste their public key into the “reciever’s public key” block.

You can also fill in your own signed message (which can be set up in the “sign” tab.) Generally, you won’t need to do this, but if it’s important enough of a message that you need to prove that you’re the person sending the message, you can complete this section too.

Step 3: Type out the message with the data that you’d like to encrypt (As with the image above, there is an address.) Our PGP tool allows you to upload an entire text file to encrypt using PGP. Once you’ve filled in the message tab, you can tap “Encrypt the message.”

Step 4: The PGP tool will automatically generate and encrypt the message. You can then copy and paste this to the receiver, or you can download the message to send to the receiver.

Decrypting and Verifying a PGP Message

Screenshot 2022 10 21 at 16.32.53

If you’re using the Darknet, the vendor will send you a tracking number for your parcel. Most markets force vendors to use PGP. They will send you an encrypted message that can only be decrypted using your Public Key.

Step 1: Copy the full Encrypted PGP Message from the sender (or download the file) and paste it into the “Encrypted PGP Message” tab.

Step 2: Fill in the Signer’s Public Key and the receiver’s Public Key at their set text blocks. If you’ve set up a password, fill this in too.

Step 3: Tap “Decrypt the message.” The page will automatically add the Decrypted message to the “Decrypted Message in Plain Text” tab. If any of the information you’ve provided is incorrect, it will reject your decryption attempt.

Conclusion: OPSEC

Using common sense when using the darknet is essential. But keeping your identity secret needs more than just understanding PGP Keys and using fake usernames. This is only an additional precaution you need to take. It’s essential that you understand how to use Tor, and have a basic understanding of using crypto anonymously. We suggest using XMR or using ChipMixer to clean your Bitcoin.

Additional steps are using a paid VPN that takes your privacy seriously and understanding on how to use Darknet markets. If it’s your first time using darknet markets, take a look at our detailed guide with everything you need to know about using darknet markets.