[03] Cryptography & PGP Implementation

The Necessity of Encryption: Torzon Market enforces mandatory PGP (Pretty Good Privacy) encryption for two-factor authentication (2FA) and shipping information. While the Tor network encrypts your connection, it does not encrypt the data stored on the server. If the server is seized, unencrypted messages are evidence. PGP ensures that only the intended recipient (the Vendor) can read your message.

Step 1: Key Pair Generation

You need two keys: a Public Key (which you share) and a Private Key (which you keep secret).
On Tails OS, click the clipboard icon in the top right -> "Manage Keys" (Kleopatra).

• > File -> New Key Pair -> Create a personal OpenPGP key pair.
• > Name: Use your Torzon Username (Not your real name).
• > Email: Leave blank or use fake@fake.com.
• > Advanced Settings: RSA 4096 bit. (Do not use ECC, older systems may not support it).

Step 2: Importing Vendor Keys

To send an encrypted message to a vendor, you must have their Public Key. 1. Copy the Vendor's key from their profile page (Ctrl+C). 2. Open Kleopatra. It should detect the key in the clipboard. 3. Click "Import". 4. Crucial Step: Verify the Fingerprint. Check the first and last 4 characters against a trusted source (like their Dread profile).

Step 3: Encrypting a Message

GUI Method (Kleopatra):
1. Open the "Notepad" tool in Tails.
2. Type your address.
3. Copy the text.
4. Click the Kleopatra icon -> "Sign/Encrypt Clipboard".
5. Select the Vendor's key as the recipient.
6. Paste the result into the Torzon order form. It should look like this:

Step 4: Decrypting 2FA

When you log in to Torzon, we will present you with a PGP-encrypted challenge. 1. Copy the PGP block from the login screen. 2. Kleopatra -> "Decrypt/Verify Clipboard". 3. Enter your Private Key password. 4. The output will be a 6-digit code or a secret word. 5. Enter this code into the browser.

Common Error Codes