PGP Encryption Complete Tutorial
PGP encryption is mandatory for secure marketplace usage. This tutorial covers installation, key generation, and practical usage.
💡 Quick Summary: PGP lets you encrypt messages that only the recipient can decrypt, and verify sender identity.
1. Install GPG Software
Windows
- Download Gpg4win from
gpg4win.org - Install with default settings
- Launch Kleopatra application
macOS
- Download GPG Suite from
gpgtools.org - Install and restart
Linux
sudo apt-get install gnupg
2. Generate Your Key Pair
Step 1: Open Kleopatra → File → New Key Pair
Step 2: Enter details:
- Name: Use alias (NOT real name)
- Email: Disposable email or leave blank
- Key type: RSA 4096-bit
Step 3: Set strong passphrase (20+ characters)
Step 4: Backup private key to encrypted USB
3. Export Your Public Key
- Right-click your key → Export
- Copy the text block (begins with
-----BEGIN PGP PUBLIC KEY BLOCK-----) - Paste into Vortex Market profile settings
4. Encrypt a Message
GUI Method (Kleopatra):
- Write message in text editor
- Clipboard → Encrypt
- Select recipient's public key
- Copy encrypted output
Command Line:
gpg --encrypt --armor -r recipient@email.com message.txt
5. Decrypt a Message
- Copy encrypted message
- Clipboard → Decrypt
- Enter your passphrase
- Read decrypted message
6. Verify Vendor PGP Key
⚠️ CRITICAL: Always verify vendor's PGP fingerprint before encrypting address. Phishers can post fake keys.
- Copy vendor's public key from profile
- Import to Kleopatra
- Check fingerprint matches vendor's posted fingerprint
- Only then encrypt your shipping address
7. Best Practices
- ✅ Use 4096-bit RSA keys (minimum 2048-bit)
- ✅ Set expiration date (1-2 years recommended)
- ✅ Backup private key securely
- ✅ Never share private key
- ✅ Verify fingerprints before encrypting
- ❌ Don't use online PGP tools (they can log keys)
Practice Exercise
Encrypt this message to yourself:
Test shipping address: 123 Main St, Anytown, USA 12345
Then decrypt it. If you can read it back, you're ready!