What is PGP and why do all markets use it?

PGP is an acronym for Pretty Good Privacy. It is an encryption standard created in the early 90s, that has since been improved and widely implemented. Most encrypted email systems today use Pretty Good Privacy (PGP). Since launch, the standard has been opensource, and widely available to everyone which is likely the reason for its rapid adoption. Today PGP is the standard used by most dark-net markets and shops to encrypt messages and other data.

Some History

The PGP encryption standard was first invented in 1991. It was created by the popular computer scientist Phil Zimmermann. At the time PGP found its way onto the internet and statrted spreading in the tech community. It was popular at the time as it was right around the period people started taking cyber security seriously. Shortly after the release of PGP, the tool found its way abroad, and Zimmermann quickly became a target for US authorities. A criminal investigation was started for ‘munitions export without a license’. In the end it was figured out that PGP did not meet the definition of ‘non-exportable weapon’.

How PGP works

PGP works by utilizing both symmetric, and public key encryption. In essence, when a sender wants to encrypt a message, the recipient needs to generate a pair of keys. The pair consists of a public key, that can only be used to encrypt data, and a public key that can be used to decrypt. The recipient then provides the public encryption key to the sender. The sender uses that public key to encrypt any data, and once sent the recipient uses the public key to decrypt it.

To simplify:

• • User A wants to send user B a file

• • User B generates a public and private key

• • User A receives public key and uses it to encrypt the data

• • User B received the encrypted data and uses the private key to decrypt it

The actual algorithms behind this system are much more complex to understand. Still, most cryptography experts swear by this standard.

A signature standard is also implemented into the PGP system. This allows users to sign messages using their private key to prove that they are indeed who they claim to be. This signature system can also be useful for websites, to verify that the information listed is from the right source .

Why dark-net markets use PGP

By the 2000s, PGP was already a widely adopted standard making it really easy to implement to dark-net markets. Anyone can really easily generate his own PGP key pair, making it a much more trust-worthy choice than a more native built-in encryption. If a user generates his own key pair, the market only has access to the public key. This means that the messages cannot be decrypted by anyone other than the user.

This is the most basic form of security dark-net markets could implement as users have to somehow provide a shipping address. If a platform ever gets seized by authorities all communications will be encrypted and unreadable. At the same time, PGP can be used for 2FA logins. Platforms use the public key to create a one time password that is provided to the user. The password can only be decrypted using the private key.

Security concerns

Pretty Good Privacy encryption on its own is really secure and versatile. Despite that there are a few things that users should watch out for. Keeping the private key is of the utmost priority, and if leaked, your security is compromised. This means that generating the key pair at the right place is really important.

Using any online PGP key generator is extremely unsafe, and not recommended as it is unknown if the site keeps a copy. Markets that offer a built in generator should also be avoided. Any market directories offering a built in PGP generator are very likely a scam. The correct way to generate a key pair is using an openPGP tool like GPG4Win or Cleopatra. Such tools generate the key pair locally and it is only kept where you store it.

Conclusion

Overall, PGP is one of the most established encryption standards for text. It is a great tool for its purpose, and a great fit for its dark-net uses. The fact that the user can generate his own key pair gives piece of mind and guarantees maximum security. If you wish to remain anonymous when communicating on the dark-net, PGP is clearly unavoidable.