Required Skill

PGP Encryption Complete Tutorial

Master PGP (Pretty Good Privacy) encryption for secure darknet communications. WeTheNorth Market REQUIRES PGP for shipping addresses and sensitive information.

🔐 What is PGP and Why Do You Need It?

PGP (Pretty Good Privacy) is military-grade encryption that protects your communications from interception. On darknet marketplaces, PGP is MANDATORY for:

  • Shipping Address Protection: Encrypt your delivery address so only the vendor can read it (not marketplace admins, not hackers, not law enforcement if database is seized)
  • Vendor Verification: Verify PGP-signed messages from vendors to confirm authenticity and avoid phishing
  • Sensitive Communications: Encrypt messages about products, quantities, and special instructions
  • Account Recovery: Prove account ownership if you lose password
⚠ī¸
WeTheNorth Requirement: All shipping addresses MUST be PGP-encrypted before submission. Orders with unencrypted addresses will be rejected.

đŸ”Ŧ How PGP Encryption Works (Simplified)

🔑

Public Key

Like a padlock you can give to anyone. Others use it to encrypt messages that ONLY you can decrypt. Safe to share publicly.

🔐

Private Key

Like the key to that padlock. ONLY you have it. Used to decrypt messages encrypted with your public key. NEVER share this.

✍ī¸

Digital Signature

Proves a message came from specific person. You sign with private key, others verify with your public key. Prevents impersonation.

💡
Analogy: Public key is like your mailing address (anyone can send you mail). Private key is like the key to your mailbox (only you can open it). Digital signature is like your unique handwriting signature (proves it's really you).

đŸ’ģ Step 1: Install PGP Software

Choose the appropriate software for your operating system:

đŸĒŸ Windows: Gpg4win (Kleopatra)

Download: gpg4win.org
Installation:

  1. Download Gpg4win installer from official site
  2. Run installer, select "Kleopatra" component (others optional)
  3. Complete installation, launch Kleopatra

🍎 macOS: GPG Suite

Download: gpgtools.org
Installation:

  1. Download GPG Suite .dmg from official site
  2. Open .dmg and run installer
  3. Follow installation wizard
  4. GPG Keychain will launch automatically

🐧 Linux: GnuPG (Command Line)

Installation: Pre-installed on most Linux distributions
Verify: 

gpg --version

If not installed: sudo apt install gnupg (Debian/Ubuntu)

đŸ’ŋ Tails OS: Pre-Installed

Tails OS comes with GnuPG and GUI tools pre-installed and configured. No additional setup needed. Recommended for maximum security.

🔑 Step 2: Generate Your PGP Key Pair

Using Kleopatra (Windows) or GPG Keychain (Mac):

  1. Open Kleopatra/GPG Keychain
  2. Click "New Key Pair" or "File → New Key Pair"
  3. Enter details:
    • Name: Use pseudonym (NOT real name). Example: "MarketUser2025"
    • Email: Create anonymous email on ProtonMail/Tutanota, or use fake email (markets don't validate)
  4. Click "Advanced Settings":
    • Key Type: RSA (RSA+RSA recommended)
    • Key Size: 4096 bits (maximum security)
    • Valid Until: 2-5 years (or no expiration for long-term use)
  5. Click "Create Key"
  6. CRITICAL: Create STRONG passphrase (12+ characters, mix of letters/numbers/symbols). This protects your private key.
  7. Key pair generated! You'll see it in the key list.

Using Command Line (Linux/Tails):

gpg --full-generate-key

Follow the prompts:

  1. Key type: (1) RSA and RSA
  2. Key size: 4096
  3. Expiration: 0 (no expiration) or 2y (2 years)
  4. Name: YourPseudonym
  5. Email: your@anonymousemail.com (or fake)
  6. Comment: (leave blank)
  7. Passphrase: Strong passphrase (12+ characters)
🔒
Passphrase Security: Your passphrase protects your private key. If someone gets your private key file but not passphrase, they can't decrypt messages. Use strong, unique passphrase and MEMORIZE it (don't write down).

📤 Step 3: Export and Share Your Public Key

You need to share your public key with vendors so they can encrypt messages to you.

GUI Method (Kleopatra/GPG Keychain):

  1. Right-click your key in the list
  2. Select "Export" or "Export Public Key"
  3. Save as .asc or .txt file
  4. Open file in text editor, copy entire text block (including BEGIN/END lines)
  5. Paste into WeTheNorth profile settings → PGP Public Key field

Command Line Method:

gpg --armor --export your@email.com

This outputs your public key in ASCII format. Copy entire output and paste into marketplace.

✓
Example Public Key Format: Your public key should look like this:

-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGX... (many lines of random characters) ...ending with... -----END PGP PUBLIC KEY BLOCK-----

🔒 Step 4: Encrypt a Message (Your Shipping Address)

When ordering on WeTheNorth, you must encrypt your shipping address with vendor's public key.

GUI Method (Kleopatra/GPG Keychain):

  1. Import Vendor's Public Key:
    • Copy vendor's PGP public key from their profile
    • In Kleopatra: Tools → Clipboard → Certificate Import
    • Or: Save to file → File → Import Certificates
  2. Write Your Message: Create text file with shipping address: 
    John Smith
123 Main Street, Apt 4B
Toronto, ON M5V 2T6
Canada

Order #12345
Please use discreet packaging.
  3. Encrypt:
    • Right-click text file → Sign/Encrypt File (Kleopatra)
    • Or: Clipboard → Encrypt (for text in clipboard)
    • Select vendor's public key as recipient
    • Click "Encrypt"
  4. Copy Encrypted Message: You'll get encrypted output starting with: 
    -----BEGIN PGP MESSAGE-----
(encrypted gibberish)
-----END PGP MESSAGE-----
  5. Paste encrypted message into order form on WeTheNorth

Command Line Method:

  1. Import vendor's key: 
    gpg --import vendor_pubkey.asc
  2. Create message in text file (address.txt)
  3. Encrypt: 
    gpg --armor --encrypt --recipient vendor@email.com address.txt
  4. Output saved as address.txt.asc - copy contents and paste into order
💡
Important: Once encrypted with vendor's key, YOU cannot decrypt it (only vendor can). If you need to keep a copy, encrypt it to both vendor AND yourself by selecting multiple recipients.

🔓 Step 5: Decrypt Messages Sent to You

When vendor replies with encrypted message, you decrypt it with your private key.

GUI Method:

  1. Copy encrypted message (including BEGIN/END lines)
  2. In Kleopatra: Clipboard → Decrypt/Verify
  3. Enter your private key passphrase when prompted
  4. Decrypted message appears in new window

Command Line:

gpg --decrypt encrypted_message.asc

✍ī¸ Step 6: Verify PGP Signatures

Digital signatures prove authenticity. WeTheNorth admins and vendors sign important messages (mirror links, policy changes, etc.) with their private key. You verify with their public key to ensure it's really them.

Why Verify Signatures?

  • Prevents phishing: Scammers can't forge signatures without vendor's private key
  • Confirms mirror links: Admin-signed links are legitimate
  • Vendor authenticity: Proves vendor messages aren't from impersonators

How to Verify:

  1. Import signer's public key (admin/vendor)
  2. Copy signed message: 
    -----BEGIN PGP SIGNED MESSAGE-----
(message content)
-----BEGIN PGP SIGNATURE-----
(signature)
-----END PGP SIGNATURE-----
  3. GUI: Clipboard → Decrypt/Verify (checks signature automatically)
  4. CLI: gpg --verify signed_message.asc
  5. Look for "Good signature from..." = authentic
  6. "BAD signature" or "No public key" = reject message (phishing)
⚠ī¸
Always Verify Mirror Links: Before accessing WeTheNorth from new .onion link, verify it's PGP-signed by admin. Unsigned links = phishing scam.

✅ PGP Best Practices

✓ DO:

  • Backup private key to encrypted USB (store separately from computer)
  • Use 4096-bit RSA keys minimum
  • Create strong passphrase for private key (12+ characters)
  • Verify signatures on all admin/vendor messages
  • Encrypt shipping addresses EVERY time
  • Test PGP setup before making first order

✗ DON'T:

  • Share private key with anyone (NEVER)
  • Use weak passphrase ("password123")
  • Lose private key backup (= cannot decrypt old messages)
  • Reuse same PGP key across clearnet and darknet
  • Submit unencrypted shipping addresses
  • Skip signature verification on mirror links

đŸŽ¯ Practice Exercise: Test Your PGP Skills

Before placing real orders, practice PGP encryption:

  1. Generate your PGP key pair
  2. Export your public key and save it
  3. Import a test public key (find on Dread forum or create second key)
  4. Encrypt a test message to that key
  5. Ask someone to encrypt message to YOUR public key
  6. Decrypt the message they send you
  7. Practice verifying signed messages from WeTheNorth admin (find on Dread)
💡
Dread Forum PGP Practice: Visit /d/PGP on Dread forum for practice exercises and help from community. Many users offer to send test encrypted messages to help newcomers learn.

🔧 Common PGP Issues & Solutions

❌ "Decryption failed: No secret key"

Cause: Message was encrypted to different key, or you don't have private key.
Solution: Ensure message was encrypted to YOUR public key. Verify you have private key imported.

❌ "Bad signature"

Cause: Message was altered after signing, or signature is fake.
Solution: DO NOT trust this message. It's either corrupted or phishing attempt.

❌ "No public key found"

Cause: You haven't imported recipient's public key.
Solution: Import their public key first, then retry encryption.

❌ Forgot Passphrase

Cause: Passphrase is required to use private key.
Solution: If forgotten, passphrase CANNOT be recovered. You must generate new key pair. This is why strong-but-memorable passphrase is critical.

Ready to Register?

Now that you've mastered PGP, you're ready to create your WeTheNorth Market account.

Registration Guide Monero Payment Guide