rooshvforum.network is a fully functional forum: you can search, register, post new threads etc...
Old accounts are inaccessible: register a new one, or recover it when possible. x


PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance
#1

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Greetings. As we are nearing the international meetup day, it has occurred to me that many of us wish to communicate privately, without fear that their details would get exposed but don't necessarily have the means or know-how to do so. Forums can be hacked, deleted PM's can be rolled back from database backups and hosting companies can be subpoenaed by governmental entities in order to gain access to aforementioned confidential information. Coupled with the fact that there's nothing that a drooling SJW with no respect to privacy wouldn't do to bring public attention to people exercising their right to free speech on the internet for their mental masturbation and sometimes 5 minutes of fame, it is pretty clear that we should use all tools at our disposal to ensure that our private communications are not monitored.

In this guide I'll tell you about PGP. PGP stands for Pretty Good Privacy and it's pretty good. It is a software program created in 1991 to encrypt and decrypt e-mail messages, but it has come a long way since then. Today it's almost an industry standard in this field with multiple open source implementations based on the same principles. If you send and receive emails containing sensitive and confidential information, update the software on your iPhone or buy drugs with bitcoins on the Deep Web, this is what keeps your data safe. It primarily uses the RSA algorithm, which is based on the principle of Asymmetric Cryptography.

What is asymmetric cryptography?

Simply put; if you have a safe and a key to lock and unlock it, you use the one key to both lock and unlock the safe and this is called symmetric cryptography. However, if you have a safe, a key that can only lock it, and another key that can only unlock it, this is asymmetric cryptography. You unlock the safe, make duplicates of the locking key and hand it out to other people. They lock it with the lock key and ship the safe back to you. You then unlock it and read the contents with the unlock key that you share with no one.

In RSA the lock key is called a Public Key and the unlock key is called a Private Key -- or sometimes a secret key. You give your public key to anyone that wishes to contact you privately. Under no circumstances should you ever give out the private key to anyone.

If you own the private key you can generate the public key from it. If you only have the public key, you can not use it to generate the private key. Technically you can, but you, everyone else in the universe and the universe itself will die before you can crack it with 21st century computing power.

This is all the theory you need to know. I'll give a quick tutorial on how you put this all into practice. I'll explain it for Windows and Mac OS X operating systems. If you use Linux you're probably tech savvy enough to figure this out yourself so I won't go into that.

So I'm the Thing. I want to communicate with another person privately. I use a Mac, so I go to https://gpgtools.org and download GPG Tools. Download and install it. Right after the installation it'll ask you to create a public/private key pair. Put in your name and create one. If you miss it, you can create one after you launch the newly installed key manager GPG Keychain afterwards by going to the menu option File > New Key. It'll look something like this:

[Image: newkey.jpg]

You only need to fill in your name. If you wish to give this key out publicly and stay anonymous, don't give your real e-mail address, or better yet, don't give any email address at all, since your public key will include your email address. You can set a passphrase to lock the private key even further but if you forget the passphrase you lose the private key and by extension, the public key associated with it.

You created your key pair? Good. Right click on it and go to Details, it'll look something like this:

[Image: Screen_Shot_2016_02_04_at_1_04_59_AM.jpg]

You can see that it's an RSA key, I have both the public and private keys for this pair and it's a 4,096 bit key. More bits mean more security, every single bit doubles the difficulty of cracking it by brute force. Now I should give the public key out to people. Right click on Export to save it anywhere you want. If you email the key you can leave it as is, but I'll copy and paste it to places so I append .txt to the file name in order to make it open in a text editor when I double click the file.

[Image: Screen_Shot_2016_02_04_at_1_17_36_AM.jpg][Image: Screen_Shot_2016_02_04_at_1_18_14_AM.jpg][Image: Screen_Shot_2016_02_04_at_1_18_29_AM.jpg]

Double click the file to open it in a text editor. It's a bunch of characters representing my public key:

[Image: Screen_Shot_2016_02_04_at_1_18_42_AM.jpg]

I'll PM this key to a guy who wishes to engage in a secure PM conversation with me. He uses Windows, so he goes to https://www.gpg4win.org to download GPG4Win, a Windows implementation of the PGP cryptography system.

After the installation is complete, launch the key manager for GPG4Win, Kleopatra. Click "File > New Certificate" to create your key. You want a personal OpenPGP key pair. Then it's pretty much the same process with Mac but it's necessary to enter an email address to this one so if you wish to stay anonymous just enter a fake one.

[Image: Virtual_Box_Windows_10_04_02_2016_01_12_01.jpg][Image: Virtual_Box_Windows_10_04_02_2016_01_12_03.jpg][Image: Virtual_Box_Windows_10_04_02_2016_01_12_08.jpg][Image: Virtual_Box_Windows_10_04_02_2016_01_12_24.jpg]

“Our great danger is not that we aim too high and fail, but that we aim too low and succeed.” ― Rollo Tomassi
Reply
#2

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

You can use the back up option on the last page to back up your key pair to an USB drive or something, in case you lose it. DON'T use that file to share your public key with other people since it'll also contain your private key. To share only the public key, right click the newly generated key pair and select Export Certificates. Append .txt to the file name if you want it to open in Notepad when you double click it. This file will contain the public key which you then post on places.

[Image: Virtual_Box_Windows_10_04_02_2016_01_16_54.jpg][Image: Virtual_Box_Windows_10_04_02_2016_01_16_54.jpg][Image: Virtual_Box_Windows_10_04_02_2016_01_17_17.jpg]

Now, if you want to send a message to the Thing you need the Thing's public key. Get the public key, then select the entire block including the begin and end lines, and press Ctrl+C to copy it to the clipboard. Right click the Kleopatra icon on the system tray, go to Clipboard > Import Certificates to add the public key to your keychain. You can then see the Thing's public key listed under the Kleopatra tab called Other Certificates. Name of the game:

[Image: Virtual_Box_Windows_10_04_02_2016_01_20_07.jpg][Image: Virtual_Box_Windows_10_04_02_2016_01_21_01.jpg][Image: Virtual_Box_Windows_10_04_02_2016_01_21_01.jpg][Image: Virtual_Box_Windows_10_04_02_2016_01_22_29.jpg]

Great, now write a secure PM to the Thing. Write whatever you want in a Notepad box. It's a good idea to include your own public key in a first message you send to someone, so they can send encrypted replies.

[Image: Virtual_Box_Windows_10_04_02_2016_01_28_55.jpg]

“Our great danger is not that we aim too high and fail, but that we aim too low and succeed.” ― Rollo Tomassi
Reply
#3

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Select it all, then hit Ctrl+C to copy it to clipboard. Right click the Kleopatra icon on your system tray. Go to Clipboard > Encrypt to encrypt this message. Click on "Add Recipient" to bring up your keychain. Add the Thing and whoever else it is that you want to be able to decrypt this message. You can have more than one recipient for encrypted messages. If you want to open this message back in the future you'll need to add yourself as well.

[Image: Virtual_Box_Windows_10_04_02_2016_01_29_21.jpg][Image: Virtual_Box_Windows_10_04_02_2016_01_30_32.jpg][Image: Virtual_Box_Windows_10_04_02_2016_01_31_00.jpg]

That's it, the plaintext message in the clipboard is now replaced with the encrypted message. Go ahead and Ctrl+V that fucker into a Notepad file, my PM box or anywhere else. It will look like this:

[Image: Virtual_Box_Windows_10_04_02_2016_01_40_49.jpg]

You can rest assured that this message can only be opened by the private key owners of the public keys that you selected.

As the Thing, when I receive this message on my Mac, I see a bunch of garbled characters. I select this text on my browser or wherever I have encountered it, then I'll go to the application menu and find the relevant option to decrypt it which I will not mention because I'm starting to get sick of editing this post word by word to please fucking Cloudflare. My private key that is stored in my keychain will be used to decrypt this back into the original message and will be shown in a popup window:

[Image: Screen_Shot_2016_02_04_at_1_45_29_AM.jpg][Image: Screen_Shot_2016_02_04_at_1_45_40_AM.jpg]

Good, I have opened the encrypted message and I have obtained the guy's public key as well. I can use the public key to send an encrypted reply back. I select the public key block, right click and copy it, then go to GPG Keychain and hit Cmd+V, or go to "Edit > Paste" to add this public key to my keychain.

[Image: Screen_Shot_2016_02_04_at_1_46_54_AM.jpg][Image: Screen_Shot_2016_02_04_at_1_47_16_AM.jpg]

“Our great danger is not that we aim too high and fail, but that we aim too low and succeed.” ― Rollo Tomassi
Reply
#4

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

I'll type my shit into the text editor of my choice, select it, then go to "application menu > Services > OpenPGP: Encrypt Selection to New Window" to bring up a recipients menu similar to the one in Windows. I chose to sign my message as well, you don't have to do this. I'll explain later what signing is.

[Image: Screen_Shot_2016_02_04_at_1_49_27_AM.jpg][Image: Screen_Shot_2016_02_04_at_1_49_46_AM.jpg][Image: Screen_Shot_2016_02_04_at_1_51_24_AM.jpg]

I now select this encrypted message block copy and paste it to wherever I want. It can only be opened by the people I have designated as recipients. You ctrl c this message then right click Kleopatra in the system tray and go to the menu Clipboard > Decrypt / Verify. Assuming that you have the correct private key, the message will be decrypted and its contents will be placed in the clipboard which then you can view by pasting into an empty Notepad window.

[Image: Virtual_Box_Windows_10_04_02_2016_01_59_09.jpg][Image: Virtual_Box_Windows_10_04_02_2016_02_03_04.jpg][Image: Virtual_Box_Windows_10_04_02_2016_02_03_17.jpg]

This is the encryption/decryption tutorial. Now I have covered private and secure communication on both Windows and Mac platforms.

Though you may have noticed the red text in the Windows decryption window.

This is because I sent the message signed and you haven't verified my signature. In a chain of trust system, there is a hierarchy of entities that vet each other from the top down to ensure the signatures are indeed valid. In fact this is how http secure works, there are root organizations who vet smaller organizations who then vet even smaller organizations who at the end vouch for individual websites based on their credentials. These certificates are then used to encrypt the web just like the messages are encrypted here. Since we don't have a chain of trust system in place we simply vet each other. I can post a public key on a web page --obviously not in a forum post since I'll be responsible for removing the public key should I ever lose my private key-- and you can then vet for this public key to verify signed messages that you receive from me. This is how you do it on Windows:

[Image: Virtual_Box_Windows_10_04_02_2016_02_03_25.jpg][Image: Virtual_Box_Windows_10_04_02_2016_02_03_29.jpg][Image: Virtual_Box_Windows_10_04_02_2016_02_03_33.jpg][Image: Virtual_Box_Windows_10_04_02_2016_02_03_36.jpg]

A message doesn't have to be encrypted in order to be signed, it can be plaintext and signed to verify the authenticity of the sender. Encryption only makes sure that it is only you who can read this message. It doesn't certify that I was the one who encrypted it. Signing does that.

“Our great danger is not that we aim too high and fail, but that we aim too low and succeed.” ― Rollo Tomassi
Reply
#5

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

And this is how I do it on a Mac. You declare that you trust someone's public key by signing it with your own private key, so I'll go ahead and do it in the GPG Keychain:

[Image: Screen_Shot_2016_02_04_at_2_04_16_AM.jpg][Image: Screen_Shot_2016_02_04_at_2_04_44_AM.jpg]

Now I can verify signatures as well. The service menu option to verify it is hidden by default and can be enabled in Services Preferences on OS X operating systems. It's easy to find, I won't go into that here. I sign a message on Mac by checking the Sign box in the encryption prompt. On Windows you simply use the Sign option on the right click menu, do it right after encryption if you want both encrypted and signed.

When you have declared to your Kleopatra installation that you indeed trust this key, this is what you'll see when you decrypt/verify an encrypted/signed message from me.

[Image: Virtual_Box_Windows_10_04_02_2016_01_59_14.jpg]

So this was it. We have successfully held a private conversation via PGP and we can rest assured that our messages have not been read by anyone who had access to it along the way. If you and I have a third -fourth, fifth.. - friend and wish to set up a private meetup, we can apply this information and post our public keys/encrypted messages on whatever public web site we want and nobody else can read our coordination messages nor their mothers, system administrators or ISPs.

Before I finish, here's my public key:

Code:
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org

mQINBFaylUoBEADIs2uaRWXH2Yhv4teMW4e/F/ecTlzs8wDIhGKcUCVpDdR1tNLN
+jdLzbaZjnxA2qcxk8ZiGNNxO/DdoNYWNWvdutb9qVqSVMAIQiRIC6nGUlJVKpil
YP1KyX8RHWuGLSAURFDpc7lbymf/+EiInwIXC8qKUbwuN3plrzg9y6PTeecOM7or
ZXGeAbxzuempAGaFFwqwMnCjDiFim16yTWWNmOA5+2RUR+AjtNzlVOrKN9STHl8Q
4IwlQd32si5Kj7BlEDn2pN+03sGydvQKo0BUCRiyTRGFnRISUEU5OhpveuZsBFv9
taOutwqtM97zph86Fb8LcYEpFCz7C7P2Cz/21Ob2hQDnhiBnSLGKuBynqr/8Lhuu
zZr6hCciHka+vGZmCAzsztx7b4si2CJW4JvebRxLAnUXDb//w2yhXpkm0o27fpAJ
EZKXrja6By0wWhgHnxYAPfgT3RAaD1VrQnRqYjhJeuA+ENywJVm/8OmoSdwXvBai
gZbX+Kkdu1gc8cW55Gyw80qLTnGvR+XCUBz4STHQdZRdJEQpaLGnMM7IcOmZS8Aw
wo04dQZfOrs4ycDHWG9eDcZ+I+tKnzFFeGxVZIlqARN6mppmnf5HTCIed6eO0C0c
4jpd+zDT2dS8hXVCjlXMA+XBEFjEF7xbyR2o8Rz8WzSzPZPzvGBGhyMXnwARAQAB
tAlUaGUgVGhpbmeJAj0EEwEKACcFAlaylUoCGwMFCQeGH4AFCwkIBwMFFQoJCAsF
FgIDAQACHgECF4AACgkQZCmCcGLgnKPdQg//fnIcT/IupyA5qE/lXlFGuzsxaJ3q
l0oKlIMPuQcYy7pBsxZzKuaJTjhCbecYUzQzcXk613Pe0t6pLIE2jMPO8RK1jeoK
juqUuTtdlYIhu5FrmBM5GHdMJRFhnZGkBMU6Y8h3sg5LqyNTGanmIx5le+TmFFGW
HuMFsxwoQ1ETe1QOe1OVhm7G4Bv661V5y/Rn0pBMTU9RwepBhChIIt0d78Q5AMqT
hPBPd0xe9i5TMblG1B5OoFGnQ00Y4vz3FlDIYy4e1rzHAggMQBTcMfwL5M3bgqvh
vidoEM/jtT4wEHWNLtcuKHy9ABA8kLqWknGzahQUhVvXB3EAEN1jaPCTLCLseDh1
9Z9Ey86Z/iJ3ptLpKlfe14Vf5KtVHGO/+GJfJyuPWRcTs5ag7UY1RQzSAD6mfwvR
krD/GV6JQj8OYhgaWeKShA5ahp/Nt5tH8ZqBrfOhjpXt+Ias7I0vWFRs5rWEMbEy
Wfk+gPVcWiVihgojYy1H+vI7808Ny1cysg1Krhijq1HaD+Bb0I/U4c2+2E4TnZtF
etkhM4CRIbnIk+nR3dzrzD1YiD7RokyZucYBbHmWRRLtWc/jzDi6EM6Zu6V6SLe7
84cadMVyZTZrqqGjQRhbdxa33BCg3Xx3LZrgC78qJqR/TSsu9UEzMQReoMymYiCe
tZ+G0k/vTdhH+Mq5Ag0EVrKVSgEQAMAaD2dBKJe/v15TXQKyAgVga4CHpvcQh2Ur
EKaJ3V83L3/sUq9Jj3V319fM2hVfWUYS7EQdpLYl/uRPvkx8GpLiF+tD0T/UdyKD
hCowqbmkdXGWsPA5ieXYcOzNm1jT4ij0qivubmQLBMeQh6sB2HvOwikwJZOyM11g
LrIcEoZTLRZKPBxBCxvfTPamQGGcsgElnjQKC5t3/dRc3v3aDuFG/JZ4fsJ4RVoB
ZV+ky5r7PJLqHMXL8alSQoa9tClK4tvIraYXiTFEscL6p29eLq/cgj5w1x9Xa5KR
EEn2xCfTgjkjc9zDZOqFYf5RZ74waA3/Jv4EzU2Y/1qiJu/DSzBweWrXF4eYkjJM
/L+MpEQOo0m7DDoLZx7WGlmGHkm1yySiOTtuJ72zibbwIkXq2OZ4andRhOdXFB5o
XmEeFs0CMFPzBkoCIvVuUcjLHGxyhZLwtahiHDpTzoQt5S7+aQfZtXtGEMPQN13C
1GOf90bFthdt13Y+EiolzuSPVXbkwXv+qlDcMGGSegxL8CtPWj7B4bLQh9hdIDmw
h+nP+hHRtZ+Mr4kqmDWRXU1WbZaDalC/OzcknEbUGWtRxwcFlazb6wJ32DWJWT1S
YXX9+0rFrKf5CypLSu4zOJh6dR3gG0+sojSYWUm08TPuWReYrnDC82PT5Q6xeado
c8ncakhfABEBAAGJAiUEGAEKAA8FAlaylUoCGwwFCQeGH4AACgkQZCmCcGLgnKO9
RhAAuWevYuFwjJZ7C7iRojZVYVgcCqj/XMSQ6s3GJlx58Kx7Uen9QW/2pnsigPcR
rL/4pV4f8hd0r0KyHEcR2nfokVgBkBro81Nc33SWSnXa0e0bYNjiI1QsqDjJePwH
aB1i19jOh+s0DWFgjZDmeLhFQdGcKncaxSkDikHEfHmQDEQIkadFNOO7dtsFG4Wx
qc+MVUVd90OnouBwg7N1JkgBhSqYS9VXkmNil8DAIO/OHn7Oq9/jO6aX7mR3Dgnt
srLQT97cBa15FWPg59Ud1jPfuGK7BKFHdv2C8Qx3oSy0Pvx32e/Hz/4Ba3FXtCwz
0SvFfxHOCKFJ+biMGwFJ2ifEN0JKiDqpMvroLvJVxGhM96oy5iXAPfDuXvR7b9eh
kZ60uSERViE0Iq3xybAjCa4jDjjHcsxHddmvyTUh2g+7XBbeMyRpdlVKOPicZm8q
4G9pVGXA0dsAIu45+Zv99okOOgwICNcI0JsLSCx0fx1oLK2H87O4loBQhPQzV3ma
ZA7U/mCUOuD2eXQz9u+ExAhG3N/JXnk2nPRER32kE7v6MazvLTlLgHmzql/DkvUv
wyxLb+D2P9x8Yc/3GEdBnBq2gts7SpqsfXq2VCgxFZCcMCLuC/jrD43e9J2HQfY0
TQqaTOIUDiy9RILOIQ5wJYzPBfw0+TIMLAbH8KbVZSJLG7c=
=fFMr
-----END PGP PUBLIC KEY BLOCK-----
Shit that was long. I edited the post almost word by word to game Cloudflare, and at the end I had to divide it into separate posts so in order to be able to post all this. I had wrote another datasheet way before, but lost it all when I tried to post it and got extremely frustrated. I feel like I'm starting to get the hang of it, no quotes no parentheses, the word select always gets blocked -even now I had to break it in the middle with two separate italic tags, etc. Well.

Godspeed and wish you all the best in the upcoming meetups.

“Our great danger is not that we aim too high and fail, but that we aim too low and succeed.” ― Rollo Tomassi
Reply
#6

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Great post, thanks for putting this together.

[Image: clap2.gif]
Reply
#7

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Absolutely. Great post!

Another resource for use by those wanting to increase the security posture of their electronic devices ( english site posted) : https://prism-break.org/en/

To reiterate what was said in the above post: encryption protocols only work when people use them. Actually read the documentation.

If anyone needs specific advice about a particular device or OS I'm sure some of the Security smart guys on this forum can answer.

Good luck out there guys. Stay safe.
Reply
#8

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

I would be happy to help as well regarding PGP and encryption. I will create a new public key and send some messages back and forth and can help troubleshoot.
Reply
#9

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Good post - thanks. I've been meaning to write something about information security for some time, but I have too many notes on the topic - probably enough to write a couple of books - and don't know where to start.

PGP is an excellent solution for securing the contents of your message, but keep in mind that it won't do anything to secure your metadata. I.e. your name, email address, the location that you're sending/receiving emails from, who you're communicating with, etc. Sometimes that information is just as sensitive as the contents of the messages themselves.

If you're really concerned about your privacy, you should be using email services like Protonmail.ch or mykolab.com, which won't share your account information with third parties. Both sides of the conversation will need to use those services for it to be effective.

For text/instant messages, use Telegram or Signal. Signal also does calls and is Snowden approved.

You can use PGP on top of those services if you're discussing something extra sensitive. However, if it's that sensitive you should really be using PGP on a separate computer which is never connected to the internet. You would compose/read all of your messages on that 'offline' computer, then put them on a USB stick or similar and transfer them to an internet-connected PC for transmission.
Reply
#10

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Quote: (02-04-2016 04:45 PM)DaveR Wrote:  

...

Hey man, thanks.

I didn't want to go into too much detail because in retrospect, a couple of books could be written from these concepts. For example I called PGP straight up an asymmetric cipher, but it actually is a hybrid system which uses both symmetric and asymmetric cryptography concepts. When PGP will encrypt a message an AES symmetric stream cipher is generated on the fly and this symmetric key is then encrypted with RSA public keys of all recipients. On the recipient side, the RSA private key is used to get the AES symmetric key which is then used to decrypt the message. Also, AES runs much faster than RSA, and new generation Intel processors contain special hardware that further accelerate it. RSA also increases file size, for example a 1,024 bit RSA key by design can only encrypt 117 bytes of plaintext in 128 bytes of ciphertext, therefore message sizes increase by ~10% and this matters when encrypting large files. Lastly it is much more feasible in terms of processing power and file sizes to encrypt only the AES key for each recipient instead of encrypting the entire file in case of multiple recipients. However the AES cipher is generated on the fly for each encrypted message and it's used only once so in retrospect, even though PGP is a hybrid system, it has all the benefits of an asymmetric cipher (in which a user can send an encrypted message to another user whom he has never met before, provided that the receiving user has advertised his public key somewhere) so it's not entirely wrong to call it an asymmetric system.

Though you're very right about metadata being important. It's important to remember that when sending PGP email, your name and the subject line goes unencrypted, as well as that the email client will leak your IP address all the way to the recipient, and all third parties in between can sniff on this information. There was a guy in Sweden who got caught selling steroids. His computer was subpoenaed and even though he only communicated with PGP email, the subject lines of emails had information about his practice and this was used against him in court.

I don't really trust any 3rd party hosted service, be it an email provider or messaging app. I believe as long as something is hosted in the U.S. a 3-letter agency can get their hands on it if they want it badly enough. I had a ruggedinbox.com email account that I used on the Deep Web, they say they clean the headers off IPs and other identifying information but I still made sure I only accessed it through the Tor network and only when I needed to.

I have an upcoming datasheet about how to set up your own Fuck Phone. My fuck phone is an Android phone, running a modified version of the Android operating system, has features such as automated call recording, location tracking, encrypted voice and video calls, and is properly hardened with full disk encryption and the option to route all outgoing connections through the Tor network. I mentioned it in some thread and I remember someone asking about it, but first I need to package all installation files together to make an easy install because I configured it custom and the datasheet will be a mess if I write it that way.

“Our great danger is not that we aim too high and fail, but that we aim too low and succeed.” ― Rollo Tomassi
Reply
#11

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Great guide, theThing. It would be great to see how you would configure a "Fuck Phone". Just to be clear, do you mean a phone that hides cheating on a LTR or just a phone used in general to contact girls?

Losers always whine about their best. Winners go home and fuck the prom queen.
Reply
#12

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Quote: (02-04-2016 05:57 PM)the Thing Wrote:  

I don't really trust any 3rd party hosted service, be it an email provider or messaging app. I believe as long as something is hosted in the U.S. a 3-letter agency can get their hands on it if they want it badly enough. I had a ruggedinbox.com email account that I used on the Deep Web, they say they clean the headers off IPs and other identifying information but I still made sure I only accessed it through the Tor network and only when I needed to.

That's why Protonmail and Kolab are hosted in Switzerland. [Image: wink.gif]

The problem with PGP for regular users is that they don't have good knowledge of security in general. It isn't a problem for the FBI, NSA, or other agencies to compromise their PCs and steal their keys and passwords. The strongest encryption doesn't help if it's used in a sloppy way. That's why I suggested earlier that if you're sending something important, it should be encrypted/decrypted on an always-offline PC and sent from somewhere else.
Reply
#13

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Quote: (02-05-2016 08:28 AM)Running Turtles Wrote:  

Great guide, theThing. It would be great to see how you would configure a "Fuck Phone". Just to be clear, do you mean a phone that hides cheating on a LTR or just a phone used in general to contact girls?

Both.

If you face a false rape accusation or similar situation and the girl doesn't know anything about you except your alias first name and fuck phone number, throwing the prepaid SIM card out and reinitializing the phone is all you need to do.

If you're in a more serious situation, the phone is configured to save your location in a Google account of your choice and you can format the phone yet keep the account to use as alibi in a potential court case.

There's shortcuts built in for hiding notifications containing certain words, coming from certain contacts or applications. So it takes just 2 button presses to hide all your plates from prying eyes.

It comes with apps such as modded Whatsapp and fake GPS built in so pipelining and plate spinning is made easier.

Account switching for fake Facebooks and VKs is made easier in case you need that sort of thing.

Full disk encryption and other anonymity features means you can lose the phone and nobody will have any idea what it is used for.

It's also useful for dealing with drug paraphernalia over the Deep Web thanks to all the built in cryptography features.

Dual-boot support exists if you want to install a second, clean, unencrypted Android OS copy and hide the first one for plausible deniability.

Plus a bunch of other good features. It's a nifty little tool to have really

“Our great danger is not that we aim too high and fail, but that we aim too low and succeed.” ― Rollo Tomassi
Reply
#14

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Slightly OT, just another recommendation:

GPG4Win is a great tool, but when it comes to secure and easy communications on mobile devices, everyone should install Signal. It works on Android and iOS. Encrypted voice and data.

Edit: Yeah, someone already recommended it. Anyway, it should be installed on all phones. [Image: tongue.gif]

Here are some tools I'd throw on anyone's Windows machine:

VeraCrypt - can create encrypted containers or encrypt the whole disk
GPG4Win bundle
Bleach Bit - secure file deletion and cleaner of hard-to-get cookies, temp files, etc...
Tor Browser Bundle

Signal on all mobile devices. As said, the PRISM Break site is an excellent reference for selecting tools as well.

But the real point of failure is your own personal hygiene. Don't PM your real name or numbers if it can be helped. Don't cross-contaminate e-mails and usernames (if your forum name is "madflydawg9991" and your real Facebook is at facebook.com/madflydawg9991, you won't be very hard to out). Etc. This deserves a post in of itself.
Reply
#15

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Sounds a lot like what one should have on a travel laptop, so it makes perfect sense to have a phone like that. Would be an awesome datasheet if you find the time for it.

Losers always whine about their best. Winners go home and fuck the prom queen.
Reply
#16

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Quote: (02-04-2016 05:57 PM)the Thing Wrote:  

I have an upcoming datasheet about how to set up your own Fuck Phone. My fuck phone is an Android phone, running a modified version of the Android operating system, has features such as automated call recording, location tracking, encrypted voice and video calls, and is properly hardened with full disk encryption and the option to route all outgoing connections through the Tor network. I mentioned it in some thread and I remember someone asking about it, but first I need to package all installation files together to make an easy install because I configured it custom and the datasheet will be a mess if I write it that way.

[Image: giphy.gif]

Waiting for it
Reply
#17

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

OR

You can use Telegram (telegram.org) app. If they add you thru the username (instead of giving your cellphone number), they won't see your phone number. Encryption is end to end (they can't access the content of your chat) in Secret Chats.

The app is open source. If you think you can hack it, Telegram will pay you 300k in bitcoins, so it doesn't matter if you live in Antarctica.
Reply
#18

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

TOR and the deep web a write up of that would be appreciated too. Great info on PGP here
Reply
#19

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Signal is also great for sending end to end encrypted text messages. It is available for both android and iOS.

The EFF puts out a scorecard for encrypted messaging apps and signal got top marks across the board.

https://www.eff.org/secure-messaging-scorecard
Reply
#20

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Quote:Quote:

I have an upcoming datasheet about how to set up your own Fuck Phone.

Also waiting for this. Sad that it is almost becoming routine nowadays to worry about false rape accusations, kind of ruins a lot of the fun and positivity of relationships with beautiful girls, but if there is a fairly quick and easy solution to protect yourself it would not be such a drag.
Reply
#21

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Quote: (02-05-2016 06:06 PM)VinnieVincenzo Wrote:  

Signal is also great for sending end to end encrypted text messages. It is available for both android and iOS.

The EFF puts out a scorecard for encrypted messaging apps and signal got top marks across the board.

https://www.eff.org/secure-messaging-scorecard

Signal is great but I find Telegram to be much more robust and reliable.
- With +70 million users, you don't stand out.
- People can contact you without giving your cellphone number.
- You can set timers and delete chats. You receive an alert if the other party takes a screenshot. [they can take screenshots with another phone but at least they won't be able to retrieve incriminating evidence from your phone]. You can send plenty of dick picks with confidence.
- Messages travel faster. Encrypted messages are smaller in size.
- You can assign a different sound for each contact.
- You can send voice messages (like whatsapp), location, pics, vids, etc. It's like Whatsapp but private*.
The only hiccup is that messages aren't end-to-end by default. You have to create a Secret Chat.

Telegram and Signal are the best.

*whatsapp is supposedly end-to-end encrypted. Not being open source and coming from Facebook, you should know better.
Reply
#22

PGP Cryptography Guide - Using Government Grade Encryption in Personal Correspondance

Quote: (02-06-2016 12:25 PM)joost Wrote:  

*whatsapp is supposedly end-to-end encrypted. Not being open source and coming from Facebook, you should know better.

And they'll share your metadata with abandon. Signal and Telegram won't as they're both run by diehard libertarians.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)