When using Darknet markets you will have to reveal some personal data like a name and address for shipping. Also other information which might not identify you directly, but which is also valuable or should just be kept secret, is exchanged. To make the exchange as secure as possible this information should be encrypted. We do also have to mention at this point that you do not have to encrypt every message. For example simply saying "Thanks" or other non critical messages do not have to be encrypted.
With the encryption program Pretty Good Privacy (PGP) encrypting your messages is pretty easy. Besides encryption, PGP does also support the signing of messages, which can be used to proof ones identity.
Let's see how PGP works.
PGP uses two sorts of keys used to encrypt and decrypt messages:
The following image illustrates the encryption and decryption of a message:
Pretty Good Privacy (PGP)
To put this in context of our market, you will encrypt your confidential information like the shipping address with the public key of a vendor. This public key can be found either on the vendor's profile or directly when creating an order. The vendor can decrypt your message with his private key. Important about this is that the message can only be decrypted by the vendor as he owns the private key for the corresponding public key with which you have encrypted the message. Another important point is that the plain message is never processed by any third party (as the market), as it is encrypted and decrypted locally. That is also the reason why we do not recommend to use the automatic PGP encryption for orders.
You probably wonder how you can do all of this. Continue with the next section to learn how to use PGP on Tails.
If you are using Tails (which we strongly recommend) you are already ready to start using PGP. Everything you need, is pre-installed and easy to use. In the next chapters you will learn all what you have to know to use PGP on the market.
Besides the tutorials here, have a look at the official PGP documentation for Tails at tails.boum.org
As a prerequisite please make sure you have setup you persistent storage on Tails, as your keys cannot be saved otherwise. You can find out how to setup your persistent storage in the official Tails documentation at tails.boum.org.
As PGP uses a key pair of a public and private key you have to generate this as a first step.
If you want to use your new PGP key pair, you need to get your public key. Just select your key in the “GnuPG keys” list and press CTRL + C. Now you have your public key copied and can paste it anywhere.
Creating a PGP key pair
Before you can place your first order you have to maintain your public PGP key in you account settings. This is necessary as for example your vendor has to encrypt a message he wants to send to you with it. The next steps explain how to maintain your public PGP key.
Maintaining your public PGP key in your account settings
To be able to encrypt a message you have to import the public key of your vendor (or whom you want to send a message). The next steps explain how to import the public key of a vendor during the order process. Note, that you can also obtain the vendor's public key from his profile.
If you get a pop up with the following error: “Could not display ‘Clipboard text’ Reason: Unrecognized or unsupported data”, then there was a formatting problem with the key you copied into the clipboard. Make sure that you are copying all of the key including the five dashes at the beginning and end of the key and the “BEGIN” and “END” statements. PGP is very picky about formatting errors.
Importing a public PGP key
You need to import the public key of the user (e.g. a vendor) you want to send your message first.
To encrypt a message with someone's public key follow the next steps.
After you encrypted your message you will NOT be able to decrypt it any more. Only the person with the corresponding private key and the password will be able to do it (in this case the vendor).
Encrypting a message
You need a message that was encrypted with your public key for the next steps.
If you receive an encrypted message there is an easy way in Tails to decrypt it.
Decrypting an encrypted message
No, you do only need to encrypt messages which contain sensitive information such as a shipping address or packaging details. Other messages which do not contain sensitive information should not be encrypted due to usability and security reasons (every time you use a private key password is a risk).
No, only the user with the corresponding public PGP key you used to encrypt the message with, can decrypt it.
No, not at all. Please never do this as any information entered there cannot be considered as private anymore. Your private key and password might be in the hands of others.