Complete PGP Encryption Tutorial

Introduction to PGP Encryption

PGP (Pretty Good Privacy) is essential for secure communications on darknet marketplaces. This guide will teach you everything you need to know about generating keys, encrypting messages, and verifying signatures.

Why PGP is Critical

PGP encryption provides three critical security features:

• Confidentiality: Only the intended recipient can read your messages
• Authentication: Verify the sender's identity through digital signatures
• Integrity: Detect if messages have been tampered with

On darknet marketplaces, PGP is used to:

• Encrypt sensitive information like delivery addresses
• Verify marketplace authenticity (official PGP-signed mirrors)
• Secure vendor communications
• Enable two-factor authentication

Installing PGP Software

Windows: Gpg4win

1. Download Gpg4win from gpg4win.org
2. Run the installer and select "Kleopatra" component
3. Complete installation with default settings
4. Launch Kleopatra from Start Menu

macOS: GPG Suite

1. Download GPG Suite from gpgtools.org
2. Open the DMG file and run the installer
3. Follow installation wizard
4. GPG Keychain will launch automatically

Linux: GnuPG (command line)

sudo apt-get update
sudo apt-get install gnupg2

Generating Your PGP Key Pair

Using Kleopatra (Windows)

1. Open Kleopatra
2. Click "New Key Pair"
3. Select "Create a personal OpenPGP key pair"
4. Enter details:
   • Name: Use a pseudonym (never real name)
   • Email: Can be fake (e.g., torzon_buyer@protonmail.com)
5. Click "Advanced Settings":
   • Key Material: RSA
   • Key Size: 4096 bits (maximum security)
   • Valid until: 2 years (recommended)
6. Click "Create"
7. Enter a strong passphrase (20+ characters)
8. Wait for key generation to complete

Using Command Line (Linux/Advanced)

gpg --full-generate-key

# Select:
# 1. RSA and RSA (default)
# 2. 4096 bit key size
# 3. Key expiration: 2y
# 4. Enter user ID (pseudonym and fake email)
# 5. Strong passphrase

Understanding Key Components

Public Key

• Share freely with vendors and marketplaces
• Others use it to encrypt messages for you
• Can be posted publicly

Private Key

• NEVER SHARE THIS!
• Used to decrypt messages encrypted with your public key
• Protected by your passphrase
• Store securely on encrypted volume

Key Fingerprint

• Unique identifier for your key
• Format: 1234 5678 90AB CDEF 1234 5678 90AB CDEF 1234 5678
• Use for verifying key authenticity

Exporting Your Public Key

Kleopatra Method

1. Right-click your key
2. Select "Export..."
3. Choose "ASCII armor" format
4. Save to file or copy to clipboard

Your public key will look like:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGXXXXXXXXXXXXXXXXXXXXXXXXXX...
-----END PGP PUBLIC KEY BLOCK-----

Encrypting Messages

Encrypting Text (Kleopatra)

1. Click "Encrypt" in toolbar
2. Paste or type your message
3. Select recipient's public key
4. Click "Encrypt"
5. Copy encrypted message

Command Line Encryption

# Import recipient's public key first
gpg --import vendor_pubkey.asc

# Encrypt message
echo "My delivery address" | gpg --encrypt --armor --recipient vendor@market.onion

Decrypting Messages

1. Copy encrypted message (entire block from BEGIN to END)
2. In Kleopatra, click "Decrypt/Verify"
3. Paste encrypted message
4. Enter your passphrase
5. View decrypted message

Digital Signatures

Signing Messages

Sign messages to prove they're from you:

1. Type your message
2. Click "Sign"
3. Select your key
4. Enter passphrase
5. Share signed message

Verifying Signatures

1. Import sender's public key
2. Click "Decrypt/Verify"
3. Paste signed message
4. Check verification status:
   • ✅ Green = Valid signature
   • ❌ Red = Invalid or tampered

Verifying Marketplace PGP Keys

Critical: Always verify marketplace PGP keys before trusting mirror links!

1. Find official PGP key from multiple sources:
   • Darknet forums (Dread)
   • Independent review sites
   • Community channels
2. Compare key fingerprints from different sources
3. Import the verified key
4. Check PGP-signed mirror lists
5. Verify signatures on marketplace messages

Best Practices

Passphrase Security

• Minimum 20 characters
• Mix uppercase, lowercase, numbers, symbols
• Use unique passphrase (not reused elsewhere)
• Consider using a passphrase manager (KeePassXC)

Key Management

• Back up private keys to encrypted USB drive
• Store backup in secure physical location
• Never email or upload private keys
• Create separate keys for different identities
• Set expiration dates and renew regularly

Operational Security

• Never encrypt sensitive info to untrusted keys
• Always verify key fingerprints before first use
• Delete plaintext messages after encrypting
• Use secure deletion tools for sensitive files
• Encrypt messages even for "trusted" vendors

Common Mistakes to Avoid

• ❌ Sharing private keys
• ❌ Using weak passphrases
• ❌ Skipping key fingerprint verification
• ❌ Reusing same key across multiple identities
• ❌ Sending unencrypted addresses/sensitive info
• ❌ Trusting keys without verification
• ❌ Forgetting to back up keys

Testing Your Setup

Test PGP before using on marketplace:

1. Encrypt a test message to yourself
2. Decrypt it successfully
3. Create and verify a signature
4. Import and verify a known public key
5. Practice the full workflow

Troubleshooting

Can't Decrypt Messages

• Verify you have the correct private key
• Check passphrase is correct
• Ensure message is complete (BEGIN to END)
• Try importing key again

Invalid Signature

• Message may have been tampered with
• Wrong public key imported
• Message corrupted during copy/paste
• Do not trust if signature invalid!

Conclusion

PGP encryption is non-negotiable for darknet marketplace safety. Master these skills before making your first purchase. Always encrypt addresses, verify signatures, and never compromise on security practices.

Remember: Your freedom depends on using PGP correctly. Take time to practice and understand each step before trusting it with real sensitive information.