PGP Encryption of messages

[nahtnam]

Hey!

There should be an option where we can include out PGP public keys, and every private message sent to us would be encrypted with the keys.

It would be really great since everything would be secure, and the government cant really access anything.

[1713487046]

1713487046

[1713487046]

1713487046

[1713487046]

1713487046

[1713487046]

1713487046

[1713487046]

1713487046

[1713487046]

1713487046

[Muhammed Zakir]

It is good idea but isn't it better to encrypt locally?

[nahtnam]

It is good idea but isn't it better to encrypt locally?

Does it make a difference? Its much easier if the forum software did it automatically.

[Cryptowatch.com]

It is good idea but isn't it better to encrypt locally?

Does it make a difference? Its much easier if the forum software did it automatically.

Is there not a new highly expensive forum being developed, perhaps the dev for that forum would appreciate your input? I do not have their contact info. Maybe somebody else have.

[Muhammed Zakir]

It is good idea but isn't it better to encrypt locally?

Does it make a difference? Its much easier if the forum software did it automatically.

I think encrypting locally is better than encrypting messages server-side. I can't see the point sending messages to server to encrypt. My taste maybe different from yours.

[nahtnam]

It is good idea but isn't it better to encrypt locally?

Does it make a difference? Its much easier if the forum software did it automatically.

I think encrypting locally is better than encrypting messages server-side. I can't see the point sending messages to server to encrypt. My taste maybe different from yours.

Well, it can also be javascript based, so its encrypted through the browser before being sent.

My point is that it doesnt matter as long as its encrypted before being stored in the database.

[Muhammed Zakir]

It is good idea but isn't it better to encrypt locally?

Does it make a difference? Its much easier if the forum software did it automatically.

I think encrypting locally is better than encrypting messages server-side. I can't see the point sending messages to server to encrypt. My taste maybe different from yours.

Well, it can also be javascript based, so its encrypted through the browser before being sent.

My point is that it doesnt matter as long as its encrypted before being stored in the database.

That is good. Encrypting message in browser before sending is good. We can probably have a field for adding a link to PGP public key and when a person message us, the PGP pub key in our profile is used to encrypt. A custom option to copy-paste PGP public key before sending will also be helpful.

[Cryptowatch.com]

It is good idea but isn't it better to encrypt locally?

Does it make a difference? Its much easier if the forum software did it automatically.

I think encrypting locally is better than encrypting messages server-side. I can't see the point sending messages to server to encrypt. My taste maybe different from yours.

Well, PGP has you make a private and public key. The public key is given to others, so they can send you an encrypted message. Only you can decrypt it with your private key. So if you uploaded a public key to your account on bitcointalk, any pm anybody sends to your, could then be encrypted with this key, and then the plaintext deleted. However then the sender would not be allowed to keep the message in his outbox unencrypted as that would defeat the purpose of encryption.

Also, if the forum comes under attack, as it already has (ref. recent BFL subpoena), there's no guarantee that there will not be installed any software to circumvent the encryption, pretending for the users that all is fine, while in reality the clear text message is siphoned off behind the scenes.

In short, as long as the message goes to the bitcointalk server in clear-text it must be assumed it is compromised, even though they promise to encrypt it, then delete the clear text message. Of course, it might be possible to do the entire task client-side, without the clear-text message touching bitcointalks server, but that again could be circumvented temporarily or permanently by changing javascript in the forum code.

Handling encryption yourself might be the best idea. So perhaps the very best idea would be to just give your PGP-key to those you wish to communicate securely with. However, there might also be MITM-attacks here.

A gives PGP pubkey to C, however B intercepts the communication and gives C his pubkey.

C encrypts a message to A with A's pubkey, then sends it to A. It is again intercepted by B, B decrypts it with his pubkey, as the pubkey C holds and thinks is A's pubkey in reality is B's pubkey, then B decrypts message from C with his own privkey, then encrypts it with A's pubkey and send it to A. That interception could go both ways, but it could be revealed if great care is taken in exchange of the keys.

To actually know that you have the correct key, you should compare fingerprints.

This could be worth reading:
https://futureboy.us/pgp.html

As for communication with "persons of interest", it's not a wild stretch to imagine that there are active MITM attacks in this area. As for what constitutes "persons of interest", once you start looking at anything online that's outside the ordinary, for example you show an interest in TOR, Tails or anything else that's 'suspicious', you most likely end up on some list of "persons of interest". As for persons of "major interest", as major security researches and the like, it's not unthinkable that MITM-attacks in deed is taking place. For example I'm pretty sure that encrypted messages going to bitcoin devs are "of interest". I have not read about it happening, but for an entity with enough resources, I guess it's already happening. So in this regard, verification is as important as encryption itself.

If you let a forum do all the encryption, a MITM-attack is very easy to set up, and might give the users a false sense of security, as the forum says "it's all good", while in reality they have a gun to their head.

Call me paranoid, but if the target is interesting enough, and it is possible to do surveilance, it will be done.

Taking all of this into consideration, I would say that doing everything locally is the best method.

[nahtnam]

It is good idea but isn't it better to encrypt locally?

Does it make a difference? Its much easier if the forum software did it automatically.

I think encrypting locally is better than encrypting messages server-side. I can't see the point sending messages to server to encrypt. My taste maybe different from yours.

Well, it can also be javascript based, so its encrypted through the browser before being sent.

My point is that it doesnt matter as long as its encrypted before being stored in the database.

That is good. Encrypting message in browser before sending is good. We can probably have a field for adding a link to PGP public key and when a person message us, the PGP pub key in our profile is used to encrypt. A custom option to copy-paste PGP public key before sending will also be helpful.

Yep. Now if only we could get the attention of theymos...

[Quickseller]

If you are going to trust the forum enough to encrypt a PM prior to it being stored in the DB then you might as well be okay with it not encrypting the PM at all. While you could, in theory check to ensure that your messages are actually being encrypted in Javascript prior to being sent to the forum, it would be more difficult to ensure that this fact does not change, nor that the messages are not being encrypted to your PGP key plus some other PGP key (that an attacker has access to).

If you encrypt your messages manually (prior to them ever coming into contact with the forum) then you know for sure which key(s) exactly your message is encrypted to.

[nahtnam]

If you are going to trust the forum enough to encrypt a PM prior to it being stored in the DB then you might as well be okay with it not encrypting the PM at all. While you could, in theory check to ensure that your messages are actually being encrypted in Javascript prior to being sent to the forum, it would be more difficult to ensure that this fact does not change, nor that the messages are not being encrypted to your PGP key plus some other PGP key (that an attacker has access to).

If you encrypt your messages manually (prior to them ever coming into contact with the forum) then you know for sure which key(s) exactly your message is encrypted to.

Well, in this case, why not have the public key stored per user, and then have a chrome extension that encrypts the text in the textbox?

[Quickseller]

If you are going to trust the forum enough to encrypt a PM prior to it being stored in the DB then you might as well be okay with it not encrypting the PM at all. While you could, in theory check to ensure that your messages are actually being encrypted in Javascript prior to being sent to the forum, it would be more difficult to ensure that this fact does not change, nor that the messages are not being encrypted to your PGP key plus some other PGP key (that an attacker has access to).

If you encrypt your messages manually (prior to them ever coming into contact with the forum) then you know for sure which key(s) exactly your message is encrypted to.

Well, in this case, why not have the public key stored per user, and then have a chrome extension that encrypts the text in the textbox?

That would be one possibility, however you would still need to trust the forum enough to maintain an accurate list of PGP public keys. You would also need to trust the dev of the Chrome extension enough to not launch similar attacks as described above.

[EcuaMobi]

I proposed this last year: https://bitcointalk.org/index.php?topic=651386.0

Regarding security and trust in the forum I agree that while we can check the JS code we'd still need to trust the forum won't change it any time. However it would have some clear advantages like:

- Having all the PM encrypted. Several times people don't encrypt it for laziness. If it was automatic of course everyone would do it.
- Hackers wouldn't have access to hacked account's PMs.
- While we'd need to trust the forum owners at least our previous PMs would be safe in case the forum is compromised.
- It would help to create a culture to manage security properly.

Also with so many tech-savvy users here it would be extremely difficult for the forum to change the JS for a long time without someone noticing it.

Additionally critically truly private message could be encrypted off the forum as they are now.

[nahtnam]

If you are going to trust the forum enough to encrypt a PM prior to it being stored in the DB then you might as well be okay with it not encrypting the PM at all. While you could, in theory check to ensure that your messages are actually being encrypted in Javascript prior to being sent to the forum, it would be more difficult to ensure that this fact does not change, nor that the messages are not being encrypted to your PGP key plus some other PGP key (that an attacker has access to).

If you encrypt your messages manually (prior to them ever coming into contact with the forum) then you know for sure which key(s) exactly your message is encrypted to.

Well, in this case, why not have the public key stored per user, and then have a chrome extension that encrypts the text in the textbox?

That would be one possibility, however you would still need to trust the forum enough to maintain an accurate list of PGP public keys. You would also need to trust the dev of the Chrome extension enough to not launch similar attacks as described above.

If the forum changed the public key, the actual user cant decrypt the messages.

The Chrome extension could be open source, and if people are paranoid, they can build it for themselves.

[Quickseller]

If you are going to trust the forum enough to encrypt a PM prior to it being stored in the DB then you might as well be okay with it not encrypting the PM at all. While you could, in theory check to ensure that your messages are actually being encrypted in Javascript prior to being sent to the forum, it would be more difficult to ensure that this fact does not change, nor that the messages are not being encrypted to your PGP key plus some other PGP key (that an attacker has access to).

If you encrypt your messages manually (prior to them ever coming into contact with the forum) then you know for sure which key(s) exactly your message is encrypted to.

Well, in this case, why not have the public key stored per user, and then have a chrome extension that encrypts the text in the textbox?

That would be one possibility, however you would still need to trust the forum enough to maintain an accurate list of PGP public keys. You would also need to trust the dev of the Chrome extension enough to not launch similar attacks as described above.

If the forum changed the public key, the actual user cant decrypt the messages.

Correct, however if the information is very sensitive then the attacker would have intercepted the data and there would be nothing that the sender could do about it. They would know however to stop sending additional sensitive information/data to that recipient.

The Chrome extension could be open source, and if people are paranoid, they can build it for themselves.

I like this idea (the bolded part). It would be essentially the same as encrypting it themselves

[nahtnam]

If you are going to trust the forum enough to encrypt a PM prior to it being stored in the DB then you might as well be okay with it not encrypting the PM at all. While you could, in theory check to ensure that your messages are actually being encrypted in Javascript prior to being sent to the forum, it would be more difficult to ensure that this fact does not change, nor that the messages are not being encrypted to your PGP key plus some other PGP key (that an attacker has access to).

If you encrypt your messages manually (prior to them ever coming into contact with the forum) then you know for sure which key(s) exactly your message is encrypted to.

Well, in this case, why not have the public key stored per user, and then have a chrome extension that encrypts the text in the textbox?

That would be one possibility, however you would still need to trust the forum enough to maintain an accurate list of PGP public keys. You would also need to trust the dev of the Chrome extension enough to not launch similar attacks as described above.

If the forum changed the public key, the actual user cant decrypt the messages.

Correct, however if the information is very sensitive then the attacker would have intercepted the data and there would be nothing that the sender could do about it. They would know however to stop sending additional sensitive information/data to that recipient.

The Chrome extension could be open source, and if people are paranoid, they can build it for themselves.

I like this idea (the bolded part). It would be essentially the same as encrypting it themselves

1. Sure, the forum could change the public key, but lets hope that they dont do it. I cant really think of a clever way to solve this problem except for manually checking.

2. Yes, except its much less of a hassle.

[Quickseller]

If you are going to trust the forum enough to encrypt a PM prior to it being stored in the DB then you might as well be okay with it not encrypting the PM at all. While you could, in theory check to ensure that your messages are actually being encrypted in Javascript prior to being sent to the forum, it would be more difficult to ensure that this fact does not change, nor that the messages are not being encrypted to your PGP key plus some other PGP key (that an attacker has access to).

If you encrypt your messages manually (prior to them ever coming into contact with the forum) then you know for sure which key(s) exactly your message is encrypted to.

Well, in this case, why not have the public key stored per user, and then have a chrome extension that encrypts the text in the textbox?

That would be one possibility, however you would still need to trust the forum enough to maintain an accurate list of PGP public keys. You would also need to trust the dev of the Chrome extension enough to not launch similar attacks as described above.

If the forum changed the public key, the actual user cant decrypt the messages.

Correct, however if the information is very sensitive then the attacker would have intercepted the data and there would be nothing that the sender could do about it. They would know however to stop sending additional sensitive information/data to that recipient.

The Chrome extension could be open source, and if people are paranoid, they can build it for themselves.

I like this idea (the bolded part). It would be essentially the same as encrypting it themselves

1. Sure, the forum could change the public key, but lets hope that they dont do it. I cant really think of a clever way to solve this problem except for manually checking.

2. Yes, except its much less of a hassle.

1. In theory, the user could change the public key as well (for example if an account is hacked). It would also defeat the purpose of any kind of PGP web of trust, or any other level of trust for a particular PGP key.

2. It would result in (nearly) the same level of security

[nahtnam]

If you are going to trust the forum enough to encrypt a PM prior to it being stored in the DB then you might as well be okay with it not encrypting the PM at all. While you could, in theory check to ensure that your messages are actually being encrypted in Javascript prior to being sent to the forum, it would be more difficult to ensure that this fact does not change, nor that the messages are not being encrypted to your PGP key plus some other PGP key (that an attacker has access to).

If you encrypt your messages manually (prior to them ever coming into contact with the forum) then you know for sure which key(s) exactly your message is encrypted to.

Well, in this case, why not have the public key stored per user, and then have a chrome extension that encrypts the text in the textbox?

That would be one possibility, however you would still need to trust the forum enough to maintain an accurate list of PGP public keys. You would also need to trust the dev of the Chrome extension enough to not launch similar attacks as described above.

If the forum changed the public key, the actual user cant decrypt the messages.

Correct, however if the information is very sensitive then the attacker would have intercepted the data and there would be nothing that the sender could do about it. They would know however to stop sending additional sensitive information/data to that recipient.

The Chrome extension could be open source, and if people are paranoid, they can build it for themselves.

I like this idea (the bolded part). It would be essentially the same as encrypting it themselves

1. Sure, the forum could change the public key, but lets hope that they dont do it. I cant really think of a clever way to solve this problem except for manually checking.

2. Yes, except its much less of a hassle.

1. In theory, the user could change the public key as well (for example if an account is hacked). It would also defeat the purpose of any kind of PGP web of trust, or any other level of trust for a particular PGP key.

2. It would result in (nearly) the same level of security

1. What about making it so that you cant change your pgp key once its set unless you sign with the private key.

[Cryptowatch.com]

If the forum changed the public key, the actual user cant decrypt the messages.

1. User A wants to send a pm to user B.
2. Chrome extension in A's browser gets pgp pubkey for user B from the forum.
3. User A encrypts his message with the chrome extension and it is delivered to B's inbox.
4. B's incoming pm is fetched from the forum and decrypted with the chrome extension.

In step 2, the forum could give you another pubkey than B's, you'd encrypt your pm with that pubkey.
Once the forum receives the message from the chrome extension, it decrypts the message,
stores the plaintext, then encrypts the message with B's encryption key and delivers it to
B's inbox. Everyone thinks they're safe.

Think it's not a possibility? If some high profile target were pm'ing on bitcointalk, it's not unthinkable that
forum admin would get contacted by the FBI or other agency and clearly told that unless this "backdoor"
is installed, you will go to jail for n years. Since the forum has already given up certain pm's to authorities, what
will prevent them from doing so again with any method? Will a forum admin really stand up against authorities?

What's up with the forum being "Sponsored by Private Internet Access, a Bitcoin-accepting VPN.".

Is the forum hosted on servers they provide?

How to we know that Private Internet Access is not associated with British or US intel?

AFAIK, it must be assumed that the forum is compromised, and anyone wanting to send sensitive info
should do so over PGP-encrypted e-mail where they have verified the receiver.

[nahtnam]

If the forum changed the public key, the actual user cant decrypt the messages.

1. User A wants to send a pm to user B.
2. Chrome extension in A's browser gets pgp pubkey for user B from the forum.
3. User A encrypts his message with the chrome extension and it is delivered to B's inbox.
4. B's incoming pm is fetched from the forum and decrypted with the chrome extension.

In step 2, the forum could give you another pubkey than B's, you'd encrypt your pm with that pubkey.
Once the forum receives the message from the chrome extension, it decrypts the message,
stores the plaintext, then encrypts the message with B's encryption key and delivers it to
B's inbox. Everyone thinks they're safe.

Think it's not a possibility? If some high profile target were pm'ing on bitcointalk, it's not unthinkable that
forum admin would get contacted by the FBI or other agency and clearly told that unless this "backdoor"
is installed, you will go to jail for n years. Since the forum has already given up certain pm's to authorities, what
will prevent them from doing so again with any method? Will a forum admin really stand up against authorities?

What's up with the forum being "Sponsored by Private Internet Access, a Bitcoin-accepting VPN.".

Is the forum hosted on servers they provide?

How to we know that Private Internet Access is not associated with British or US intel?

AFAIK, it must be assumed that the forum is compromised, and anyone wanting to send sensitive info
should do so over PGP-encrypted e-mail where they have verified the receiver.

But up until the point of public key change, everything is secure.

Whats stopping the admin from letting the user know that he is being tracked? Im sure the law allows it.