Simple PGP Guide

xenxra

Member
EMERALD SPONSOR
Joined
Dec 2, 2023
Messages
354
Preface
you MUST include the header and footer segments containing ----begin/end public key block---- when saving keys to file or else you will encounter an error with importing (file extension doesn't matter, you could just use none)


MAKE SURE YOUR PUBLIC KEY IS SENT SEPARATE OUTSIDE THE ENCRYPTED TEXT (SAME EMAIL), YOU WILL ONLY NEED TO INCLUDE THE KEY FOR YOUR FIRST EMAIL SO THE VENDOR IS ABLE TO ENCRYPT COMMS BACK TO YOU



iOS
1)
download PGPro - App Store
2) locate and save vendors pgp key to file

(i dont have an iPhone to test so these steps are assumed from app store screenshots)

3) navigate to "keychain" tab in pgpro, then tap the + button at top right and import your key file(s)
4) navigate to "encryption" tab → "select contacts" and pick vendor's key from keychain
5) type message and copy encrypted text to clipboard
6) send email to vendor with encrypted text AND your public key (i would assume you can get this in PGPro by selecting your key in keychain tab and then tapping the share button in the top right — i typically include the full text appended but you could just attach a file with your key)



Android
1)
download OpenKeychain - F-Droid / Google Play
2) locate and save vendors pgp key to file
3) navigate to "keys" tab on sidebar, then tap the + button at bottom right and import key file(s)
4) navigate to "encrypt/decrypt" tab on sidebar
5) select "encrypt text", select vendors key, type message, then tap the copy icon at the top right
6) send email to vendor with encrypted text AND your public key (to locate this in openkeychain, select your own key entry from the "keys" tab and then use the copy button located on the left side of the QR code)



Windows + MacOS/Linux
1) download Kleopatra
— a) For Windows - Gpg4win (contains Kleopatra as add-on)
b) MacOS/Linux - App Store (alternatively, you could run the command sudo apt install kleopatra from terminal

2) locate and save vendors pgp key to file
3) open kleopatra, then select the "import" button on the top ribbon bar and import key file(s)
4) open a text editor (any will work), type out the message you want to send and copy it to your clipboard in clear text
5) in your taskbar, right click the kleopatra icon, navigate to "clipboard" then select "encrypt..."
6) in the encrypt window, select "add recipient...", select your vendor's key and then toggle the "openpgp" option (if it isn't done automatically)
7) send email to vendor with encrypted text AND your public key (to locate this in kleopatra, right-click your own key entry from the main window, select "details", then select "export" at the bottom and copy all the text that appears in the new pop-up window (you can remove all the lines containing "Comment: ...")



Stay safe out there! :ninja:
 
Last edited:
Thanks for writing up this guide Xenxra.

I'm new to PGP and using OpenKeychain. I have been sending messages between two burner phones.

Is it normal for decrypted messages to say "signed by an unconfirmed key" ?

It shows up on both phones when I decrypt the messages.

Anytime I add/save a PGP key it's always "unconfirmed" so I'm assuming it's normal?

I'm able to encrypt and decrypt messages successfully . It just the "unconfirmed key" that confuses me. Thanks

Edit: nvm, figured it out. I confirm fingerprint.
 
Last edited:
Legit the best thing to do for your opsec over email.

Idk why people think this is hard and don't do it, it should be standard. In fact, I would say that if you communicate with me via email, I will not respond to any non-pgp emails.
 
Def good guide thanks @xenxra

Generally it is frowned upon in the security community to use pgp on phones unless it’s a graphene etc.

I totally understand why the option is being given though. Bc people just just won’t use desktop lol. I’m not sure if I read it but remember never to use your real email address or have any identifiers to lead back to you.

-----BEGIN PGP PUBLIC KEY BLOCK-----


Comment: User-ID: WopWop <Daddy@Aol.com>

Comment: Valid from: 11/1/24 8:40 PM

Comment: Valid until: 11/1/27 12:00 PM

Comment: Type: 255-bit EdDSA (secret key available)

Comment: Usage: Signing, Encryption, Certifying User-IDs

Comment: Fingerprint: 2B4B7C439DE2F22FA698BA115CC3DD7EB0414DCF



mDMEZyV0+xYJKwYBBAHaRw8BAQdAeGcMrYBw4UiZADVavM8UhQ7eY25rImMT96U6

/E+MVxS0FldvcFdvcCA8RGFkZHlAQW9sLmNvbT6ImQQTFgoAQRYhBCtLfEOd4vIv

ppi6EVzD3X6wQU3PBQJnJXT7AhsDBQkFoyCFBQsJCAcCAiICBhUKCQgLAgQWAgMB

Ah4HAheAAAoJEFzD3X6wQU3P9LcBAPObyH4KqLLM0vFu8Nd2FAMC+UVF+FEj7+Cu

b3HfyEBBAP0XheQOTPUdbM634O/pxZWaldlp3OixpoXsVUSNsddAAbg4BGcldPsS

CisGAQQBl1UBBQEBB0B0ThQ/2Eovro9Ba09AsqZG8qHUlDD+MTy2Rib2BvqSXgMB

CAeIfgQYFgoAJhYhBCtLfEOd4vIvppi6EVzD3X6wQU3PBQJnJXT7AhsMBQkFoyCF

AAoJEFzD3X6wQU3PkacBAPal025eWPmo1hgjmMwfod35QmM1XZubVn0pVecxygSx

APsGoGWdCF7y0AlSOXd0wjV93dzooaD3zE/dRAtvDsPHDA==

=YIKT

-----END PGP PUBLIC KEY BLOCK-----

Like obv this is not my real email right? Lol

Thanks @xenxra good work
 
Drugbuyersguide Shoutbox
  1. S @ scarred14: what happened turbo?
  2. S @ scarred14: rhody can u loook at your email nothing major just a quick question. need your knowledge and input lol
  3. L @ lovOFopisndwn: whats going on ive been sort of out the loop?
  4. T @ Turbo259: thanks to @everyone, we are working through it the best we can, not going so well right now, feels like a nightmare that i cant escape playing on loop, appreciate every prayer from each and every one of you, many thanks from all of us we need the love
  5. H @ hotdog45: @Turbo259 the only way things can work out is the way they are supposed to. Sometimes thinking about difficult things that way helps me. I'll keep you and your family in my thoughts and send positivity your way.
  6. H @ hotdog45: @Turbo259 the only way things can work out is the way they are supposed to. Sometimes thinking about difficult things that way helps me. I'll keep you and your family in my thoughts and send positivity your way.
  7. CnC5 @ CnC5: @Turbo259 Prayers for you & your family friend! I hope everything is ok brother! 🙏🏻
  8. KingKong2 @ KingKong2: Cannedgoods is back
  9. R @ Rx4health: Hi to you all....Have a great day and Of course TURBO259, Wish all will be better for you and all of yours Bud, Hang in there Bud ! ! ! God Bless You !
  10. T @ Turbo259: just wanted to thank yall for your prayers, unfortunately things went south and never even made it to this fridays appointment, if yall could gimme one more for the family and myself for health, peace and recovery id appreciate it, we suffered a horrible loss and its been a rollercoaster, sorry to vent on yall but i needed to thank you and get it out...blessings to all
  11. SeaDonkey @ SeaDonkey: @PennyE granted I've only been around since the end of summer, I think things are going just fine really... I will say that I have noticed a recent influx of questionable publishers, but in my experience over the years across different platforms, that's just kind of par for the course in this game (sorry for being long-winded as usual lol)
  12. C @ Careb3ar: Prayers and good vibes turbo259
  13. hiTillidie @ hiTillidie: LOVE 2all!!well at least most...teehee
  14. hiTillidie @ hiTillidie: Somebody call? Nyuk nyuk..
  15. xenxra @ xenxra: @PennyE there's been a few fallouts here and there but we still have good company
  16. P @ PennyE: @Deepnorth I just renewed after being gone for about a year. Are things really that bleak around here? Hope you're doing well. Also, Turbo, good luck with the family.
  17. xenxra @ xenxra: no idea but his profile says he hasn't been on the site in about a week
  18. KingKong2 @ KingKong2: Anyone know whats going on with cannedgoods? Haven't been able to get in touch for a few days, usual turnaround is a day or 2 at most
  19. KingKong2 @ KingKong2: Will do!
  20. R @ Rx4health: Hi Guy¨s ....I wish you all a great day and Hope all is well on your end!! God Bless You All and TURBO259 you are in my Prayers and God¨s be with you ! ! !
Back
Top