Listen Music during reading my blog

Friday, April 24, 2015

[Tutorial] GP For Newbs (Gpg4Win) & (Gpg4usb)

Tutorial for Gpg4Win using Kleopatra can be found here.
We found a great tutorial posted on reddit today about how to stay safe and use PGP.
The link to the original article is this: http://www.reddit.com/r/DarkNetMarkets/comments/1qdzl8/guide_pgp_4_n00bz/
All the credit for the tutorial goes out to this reddit user:  BenZoThr0w –  http://www.reddit.com/user/BenZoThr0w
All we did is to embed the images inside the tutorial for easier access & of course post it here to spread this important information.
=====
The goal here today is to try and educate n00bZ on what PGP is, how to install GPA, I’m making the guide because I educated myself on PGP and it took awhile for me to understand it. So here is a picture guide to installing and creating a PGP key to encrypt and de-crypt messages.
=== BACKGROUND of PGP ===
Basically, each individual has a unique PGP key. In the program GPA, you import peoples unique key to your list of keys. When you go to write a PGP message, you type it normally in the clipboard { you’l learn about the clipboard later, it’s your friend } and then press an encrypt button, which then lets you pick from your unique list of keys to encrypt to, where ONLY that person can read it. [ this is why people give their public keys out, so anyone can encrypt them a message ] === THE STEPS ===
– Step One –
Okay, so first things first, let’s get a PGP program. One of the most popular is GPA. Head over to this link to download gpg4win which includes GPA {you can see a list of the programs gpg4win contains to the left of the download page, GPA is one of them}
Download: http://gpg4win.org/download.html
IMPORTANT !!!!!!! ***********************
When installing gpg4win you get the option to install which programs you want from the package. By default, GPA is not checked. MAKE SURE YOU CHECK GPA! You need it in order to easily encrypt and decrypt messages. This is what it looks like during the installation:
Pgp Tutorial 1
Next, you want to make a PGP key. Remember, none of the details need to be valid. I’d use your online name or a different alias when making your key. Something that isn’t your gamertag for online games, or anything that may tie to you. A completely new alias. The e-mail doesn’t need to be valid at all. Here are some pictures to help you through the process. Also make a backup of your key!!!
First, click the keys in the menu at the top. Alternatively, you can click CTRL+N to begin the process of creating a key. Shown here:
Pgp Tutorial2
You will go through a set up, where you make a name for your key, which I suggest you use an alias. Shown here:
Pgp Tutorial 3
After selecting your alias it asks for an e-mail adress. This e-mail should be non existent, and be linked to a website that also doesn’t exist. Shown here:
Pgp Tutorial 4
Then you’re asked to make a backup of your key. I highly suggest you do this! Although you can make a back up at any time, you should just do it now. This is where your public key will be that you give to others to contact you. Shown here:
Pgp Tutorial 5
– Step 2 – Find Your Key –
Find where you put the back up of your key. It will be an .asc file but no worries, when asked to open the file just tell windows or whatever OS to open it using Notepad. Here you will find a public key similar to this.
Pgp Tutorial 6
When sharing your key with others, you wan’t to copy and paste from the beginning dashes to the end dashes. Exactly how I have copied and pasted above.
— HOW TO IMPORT SOMEONE ELSES PGP KEY TO YOUR GPA PROGRAMS —
You see people giving their public keys away so others can contact them. Simply open a notepad file, copy and paste their key and import it using the GPA program. I will show you how to do this.
First make a blank text file and copy the users pubic key to it. Shown here:
Pgp Tutorial 7
Then, in the Keys menu where you made your key, select import keys. Shown here:
Pgp Tutorial 8
Select the Text file you saved with the public key in it. Shown here:
Pgp Tutorial 9
Then you should get this if the key was successfully imported:
Pgp Tutorial 10
Now, lets send an encrypted message.
First, open the clipboard. You can get there through the Windows menu or through the clipboard icon on the quickbar. Shown here:
Pgp Tutorial 11
Then after opening clipboard type the message you’d like to send and select encrypt at the top of the clipboard window. Shown here
Pgp Tutorial 12
When you press encrypt, you are given a menu shown below. In this menu you select what key you’re using to send the message, and what key is going to be receiving the message. I chose to send the fake account used to make this tutorial a message with my personal account. Here’s what that menu looks like:
Pgp Tutorial 13
After you select who’s sending and who’s receiving you should get an encrypted message that looks like this:
Pgp Tutorial 14
This encrypted message is what you send instead of cleartext. So when messaging on websites, simply paste the PGP message. If you receive a PGP message, you can also use the clipboard to decrypt the message you have received by opening the clipboard, pasting the PGP message you got, and then pressing the decrypt button, shown here:
Pgp Tutorial 15
That about sums it up. I hope that people with questions on PGP and how it’s used can be solved here, as I tried to make the tutorial as noob as possible. Please be safe when communicating confidential or sensitive information on websites. Always PGP. Never FE. Be safe people. If you have questions, comment, and I’ll try my best to answer them.

This is the best & easiest way to buy Bitcoins:




 To visit bitcoin.de use this adress:  
https://www.bitcoin.de/de/r/a94hf7


How to access onion sites?

In order to use most of the sites on the Hidden Marketplace list, you must be able to access and browse .onion sites on the TOR network. Accessing these sites is a very simple process; for those of you that are still not familiar with the TOR browser and network, we have created a simple tutorial to help you access any onion site on the deep web.
A Short Explanation of .onion Sites:
.onion is a pseudo-top-level domain host suffix (similar in concept to such endings as .bitnet and .uucp used in earlier times) designating an anonymous hidden service reachable via the TOR network. Such addresses are not actual DNS names, and the .onion TLD is not in the Internet DNS root, but with the appropriate proxy software installed (in most cases, The TOR browser bundle), Internet programs such as Web browsers can access sites with .onion addresses by sending the request through the TOR network. The purpose of using such a system is to make both the information provider and the person accessing the information more difficult to trace, whether by one another, by an intermediate network host, or by an outsider.
To access these sites just follow these simple steps:
1. Navigate to the TOR Project website at this address: https://www.torproject.org/download/download.html.en and download the latest browser bundle for your operating system, never download any browser bundle from any other site! make sure that this is the site you are using:
tor browser bundle download
2. After downloading the browser bundle, just install it like any other software.
install tor browser bundle
3. Next, Start the TOR browser and it will connect to the TOR network ( it might ask you for a confirmation, just click ok):
3
4. After the browser is started, and you see the confirmation screen that the browser is connected and everything is ok, make sure that you are running the latest version of the TOR browser:
5
5. That’s it! you are all set to go, the only thing you need to do is the enter any .onion url into the address bar of the browser and you will be able to browse freely on the deep web:
access onion sites
Make sure you have Javascript disabled in the browser. Always be safe and use other measures to stay anonymous online such as PGP or anonymous VPNs. Enjoy your deep web experience!

How to access onion sites?



In order to use most of the sites on the Hidden Marketplace list, you must be able to access and browse .onion sites on the TOR network. Accessing these sites is a very simple process; for those of you that are still not familiar with the TOR browser and network, we have created a simple tutorial to help you access any onion site on the deep web.
A Short Explanation of .onion Sites:
.onion is a pseudo-top-level domain host suffix (similar in concept to such endings as .bitnet and .uucp used in earlier times) designating an anonymous hidden service reachable via the TOR network. Such addresses are not actual DNS names, and the .onion TLD is not in the Internet DNS root, but with the appropriate proxy software installed (in most cases, The TOR browser bundle), Internet programs such as Web browsers can access sites with .onion addresses by sending the request through the TOR network. The purpose of using such a system is to make both the information provider and the person accessing the information more difficult to trace, whether by one another, by an intermediate network host, or by an outsider.
To access these sites just follow these simple steps:
1. Navigate to the TOR Project website at this address: https://www.torproject.org/download/download.html.en and download the latest browser bundle for your operating system, never download any browser bundle from any other site! make sure that this is the site you are using:
tor browser bundle download 

 2. After downloading the browser bundle, just install it like any other software.
install tor browser bundle
3. Next, Start the TOR browser and it will connect to the TOR network ( it might ask you for a confirmation, just click ok):
3
4. After the browser is started, and you see the confirmation screen that the browser is connected and everything is ok, make sure that you are running the latest version of the TOR browser:
5
5. That’s it! you are all set to go, the only thing you need to do is the enter any .onion url into the address bar of the browser and you will be able to browse freely on the deep web:
access onion sites
Make sure you have Javascript disabled in the browser. Always be safe and use other measures to stay anonymous online such as PGP or anonymous VPNs. Enjoy your deep web experience!


PGP Tutorial For Newbs Gpg4usb

To wrap up the last of the PGP guides we’ll be covering gpg4usb. Gpg4usb is a PGP tool that can be ran off of a USB drive and works on both Windows and GNU/Linux, with OS X support planned. It features a very intuitive user interface, portability so it can be used on multiple devices, and is of course open source. It uses GnuPG as the backend, like most PGP methods. The operating system used in this tutorial will be Linux Mint, but the UI will be the same across GNU/Linux distros and Windows versions.
Please keep in mind that not all versions of PGP are created equally, some PGP programs use an insecure or unsafe version of PGP that could comprimise the encrypted message. Others — namely PGP4Win, Kleopatra, and GPA – use depreciated versions of GnuPG. This means that they aren’t up to date with the latest version of GnuPG or meet modern PGP standards. This can be dagerous as, for example, Kleopatra doesn’t generate subkeys. Subkeys are important as they can be revoked to minimize damage from a comprimised key. You’ll also want to keep in mind not to use online PGP methods like iGolder. You don’t own the keys, so you can’t be 100% sure they aren’t encrypting/decrypting messages that are meant for your eyes only.
Why use gpg4usb over other PGP methods?
  1. gpg4usb creates RSA keys with an encryption subkey and a master key. Your master key is used for signing other keys, creating subkeys, and revoking subkeys. Having subkeys is very important since if it becomes compromised, you can revoke it with the master key and create a new secure subkey.
  1. Like stated above, gpg4usb is cross-platform. If you decide to switch from Windows to GNU/Linux you can still have the same keys and a familiar interface to work with. With OS X support planned this only gives another reason why you should use gpg4usb over other programs.
  1. gpg4usb is portable. This means that you can bring your keys and PGP program with you wherever you go without needing to import your keys into another program. If you plan on doing this though it’s a good idea to encrypt you USB drive. This page over at the ArchLinux wiki explains how you can do this on GNU/Linux any why you should encrypt your USB drive, or read this page if you’re using a Windows computer.
  1. The interface for gpg4usb is the most intuitive out of all other PGP front-ends. The UI is laid out in an easy to understand manner and options are clearly defined.
  1. You can encrypt messages created in gpg4usb with multiple keys. This means that you can have multiple recipients for a message, and you can even encrypt it with your own key. Nobody decrypting a message encrypted with multiple keys can see that it was meant for anyone other than them. This is good if you get scammed on the DNM since you can now have proof to back up any claims you have.
Part 1 – Installing the software
Since gpg4usb is a portable program, it’s not really installed per se. It’s a bunch of files that will be extracted from a .zip archive, and copied onto the USB drive. Head on over to the gpg4usb website and click on the green download button, and save the file. If you want to check out the source code you can visit their development page here.
Note: gpg4usb will not run on GNU/Linux distributions on USB drives formatted as FAT. If you’re only using it on GNU/Linux operating systems then ext4 would be best, otherwise format it to NTFS.
g4u02
After the download has finished open up the .zip file with your archive manager of choice, you should be able to just double-click on it. You should see a folder named ‘gpg4win’, with all the files needed contained within that folder. Copy that folder over to your USB drive, open it, and it should look similar to the below picture.
g4u03
That was pretty simple right? Check out the README file if you want to know more about gpg4usb. To open it, all you have to do is double-click ‘start_windows.exe’ if you’re on Windows, or ‘start_linux_xxbit’ where ‘xx’ is your CPU architecture. For the majority of users this will be the 64bit version.
Part 2 – Generating your keypair
This is the very first thing you should do. Without your own keypair, it will be impossible to receive and decrypt messages. Open up gpg4usb and you’ll be greeted by the ‘First Start Wizard’. This will walk you through the steps of creating your keypair.
g4u04
Choose your language then click ‘Next’. It will now ask you if you want to create a new keypair, import keys from GnuPG, or import settings/keys from an older version of gng4usb. Click on ‘create a new keypair’, then click the button that says ‘Create New Key’. You should see a window with the title ‘Generate Key’. Fill out the information, fill out a fake email if you don’t want to use one, select if you want it to expire or not, choose the KeySize, then create a strong password. A 2048 bit keypair will do fine until 2030, but it’s recommended to use a 4096 bit key. If you want to know more about how the keysize affects your security, check out this link over at the GnuPG website.
If filled out correctly your window should look something similar to below.
g4u05
You can now click ‘Ok’, and your keypair will be generated. This may take some time depending on what you’re doing on your computer. Watch some porn, torrent some GNU/Linux ISOs, type up that essay you were supposed to have done last week. If all went well a window will pop up saying your keypair has been created.
g4u06
You can now close out of the wizard, and select if you want to see the offline help or show the wizard again next time you start up. You’ll be brought to the main gpg4usb window and will see your keypair on the right, along with gpg4usb’s keypair.
g4u07
Part 3 – Obtaining your public key
To receive messages you’ll need your public key posted somewhere. This is really easy in gpg4usb as you don’t need to save it to a file first.
With gpg4usb open, click ‘Manage Keys’ at the top. A window titles ‘Keymanagement’ should appear. Check off the box beside your keypair name, and click ‘Export to Clipboard’ at the top. You can now paste your public key somewhere people can access it so they can send you messages. If you want a backup of your public key you can also click ‘Export To File’ and save it somewhere.
g4u08
Part 4 – Obtaining your private key
It’s a good idea to back up your private key somewhere safe in case of computer failure. Although rare, things do happen and you don’t want to be stuck not being able to decrypt that very important message your mother sent you.
From the main window right click on your key on the right, and click ‘Show Key Details’.
g4u09
From here you can see the details of your key, it’s fingerprint, and export your private key. Click the button that says ‘Export Private Key’ and it will warn you that this is sensitive information that is not to be shared. Select somewhere to save it and keep the filename it gives. A good idea is to save it to a microSD card and hide it somewhere. You don’t want anyone other than you to get a hold of your private key.
Again, it is very important that you keep this file somewhere secure.
Part 5 – Importing a public key
gpg4win makes this just as easy as exporting your public key. Highlight everything in the public key, including ‘—– BEGIN PGP PUBLIC KEY BLOCK—–‘ and ‘—– END PGP PUBLIC KEY BLOCK’, and copy it. In the main gpg4usb window click ‘Import Key’ at the top, then ‘Clipboard’. You’ll see a window pop up with the imported key’s details.
g4u10
Close out of the window and you’ll see the public key has been imported.
Part 6 – Importing a private key
This is just as easy as importing a public key. In the main gpg4usb window click ‘Import Key’, then ‘File’. Browse to where you saved your private key and open it. You should see a window pop up confirming that it’s been imported. Click ‘Ok’ and you’ll see your keypair in the right part of gpg4win.
g4u11
Part 7 – Encrypting a message
Encrypting a message in gpg4usb is super simple. In the main window for gpg4usb there will be a text box. Type in your message, click the checkbox for the recipient on the right, and click ‘Encrypt’ up at the top. Your encrypted message will now take the place of the unencrypted one. Copy and paste this and send it to the recipient.
g4u12
Part 8 – Decrypting a message
Once again, gpg4usb makes this really easy. Just paste the message you received into the textbox and click ‘Decrypt’ up at the top. Enter your password and your decrypted message will take the place of the encrypted one.
g4u13
Part 9 – Conclusion
If you’ve followed the above steps and understood each one you’re on your way to increased privacy in a world that wants to invade it. PGP can seem complicated at first, but once you learn it you’ll laugh at yourself for thinking it was so hard. Even if you still think it’s complicated or a waste of time, just keep in mind that taking an extra 60 seconds out of your day could possible save you from serving 5+ years in prison.

Post a Comment