News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Why isn't the keyring encrypted? + Should I delete suspicious entries from the keyring? : pgppractice | Torhoo darknet markets

Title.
And by 'suspicious entries' I mean those that could potentially be incriminating. For example, having torproject's keys in a country where it is illegal / frowned upon to use tor.
/u/pgpfreak P Moderator
4 points
2 weeks ago*
This is a good question, but a better fit for /d/pgp. I'll crosspost.
The main reason I can think of is because PGP wasn't designed for illegal business as a primary use case. The following statement from Phil Zimmerman tells a lot on the matter.

It's personal. It's private. And it's no one's business but yours. You may be planning a political campaign, discussing your taxes, or having an illicit affair. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don't want your private electronic mail (email) or confidential documents read by anyone else.

"You don't want your private electronic mail [...] read by anyone else". That's it. PGP protects messages between you and a peer. Nothing more. It's up to you if your threat model implies defending your setup against attackers. Even further, I'd assert that while PGP has become the community standard for lots of good reasons, it's not really fit for DN. The concept behind public keys is to create a "web of trust" which is something we can't really achieve here. Same goes with Tor project public keys. Tails is responsible for packaging those with Kleopatra. Not PGP. It's up to you to adapt.
That being said, I don't think it would be difficult to manually encrypt your key ring. Either by moving it in a safe somewhere or by using full disk encryption.
/u/bleak 📢
1 points
2 weeks ago
Thank you. This explains a lot. Since PGP was made for legal shit, it makes sense to not have the keyring encrypted.

I don't think it would be difficult to manually encrypt your key ring. Either by moving it in a safe somewhere or by using full disk encryption.

And yes, I agree. You could write a script which encrypts or decrypts the keyring using your own SSH key.

I'd assert that while PGP has become the community standard for lots of good reasons, it's not really fit for DN.

Is there any alternative then? I don't think anything comes even remotely close to good ol' Diffie-Hellman key encryption.
/u/pgpfreak P Moderator
2 points
2 weeks ago
I don't know why PGP became the darknet standard. And of course I can't speak for everybody. But I'd believe it was probably one of the very few options, probably the only option to fit the bill for the tremendously strict standards of DNM.

  • 100% open-source;
  • Offline;
  • Stable;
  • Standalone;
  • Text based;
  • Well-documented;
  • Cross-platform;
  • Widely distributed through multiple libraries/applications;
  • Used for legal purposes;
  • Battle tested in court;
  • Actively maintained;
  • Not going anywhere.

I'm not a cryptography expert but I know PGP isn't the best for it. I'd assert it's enough if the project is maintained to face the incoming challenges of quantum encryption. Few users actually need state-level encryption. Brute-forcing a simple RSA2048 key already comes at a cost so high it will keep out most attackers. That being said, a large part of the PGP specification is useless for darknet purposes and there's not doubt challengers will arise eventually.
/u/bleak 📢
2 points
2 weeks ago
That's amazing insight. Thank you for the time.
/u/pgpfreak P Moderator
1 points
2 weeks ago
You're welcome man :)
/u/MrBacon420 P Pretty Good Professor
1 points
2 weeks ago
I'm confused. Please talk and communicate clearly what you are trying to say.
/u/bleak 📢
1 points
2 weeks ago
I think I was clear enough? I'll explain it again:
In simple words, all I mean is that it is risky to have the keyring not encrypted by default. It's technically like your contact list. If it contains the "contact" or in this case the PGP key of an illegal service (like Tor in some places) it could be incriminating. Which is why I asked if it is a good idea to import, use, and then delete keys once done with them.
/u/MrBacon420 P Pretty Good Professor
1 points
2 weeks ago
That makes more sense.

So My keyring isn't encrypted but you should have a layer of encryption above or a head of that. Tails/LUKS persistent storage, LUKS full disk encryption, Bitlocker lol, or VirtualBox VM encryption. Something that requires a password to get to the keyring files anyway.
/u/bleak 📢
1 points
2 weeks ago
FDE won't help. See xkcd.com/538/. In fact, I have FUD on all my machines and LUKS on all my drives.

A better solution would be Veracrypt Hidden Volumes. That shit is literally a gift from gods.
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo