PGP / GPG encryption of private messages

[EcuaMobi]

I'd like to see an option to upload a public GPG key to the forum.

After that, user would be able to enable other users to send encrypted PMs. Or encryption can be enforced.

If encryption is enabled, 'Preview' would be either disabled or run completely offline on javascript.
When the message is sent, it would be first encrypted offline using openpgpjs or similar.

Decryption would be optional. Probably it'd be better to keep it off the site, so no private keys are uploaded.

For extra security, there can be information regarding when a public key was uploaded, in case a hacker accesses an account an uploads their own key.

[1714929858]

1714929858

[1714929858]

1714929858

[1714929858]

1714929858

[1714929858]

1714929858

[1714929858]

1714929858

[HeroC]

This is a good idea, for now, you can just request a Public Key from them, or tell them this message is encrypted.

[🏰 TradeFortress 🏰]

I'd like to see an option to upload a public GPG key to the forum.

After that, user would be able to enable other users to send encrypted PMs. Or encryption can be enforced.

If encryption is enabled, 'Preview' would be either disabled or run completely offline on javascript.
When the message is sent, it would be first encrypted offline using openpgpjs or similar.

Decryption would be optional. Probably it'd be better to keep it off the site, so no private keys are uploaded.

For extra security, there can be information regarding when a public key was uploaded, in case a hacker accesses an account an uploads their own key.

That would be a really nice feature. It won't hurt scam protection or message verification at all, if any party consents they can post the decrypted signed message.

[jayc89]

I would like to see similar functionality whereby all posts, public or private are encrypted. This would ensure the consistancy of quotes etc

[jekv2]

This would also, be a retardant against bitcoin account hacking?

[EcuaMobi]

I would like to see similar functionality whereby all posts, public or private are encrypted. This would ensure the consistancy of quotes etc

But which public PGP key would be used to encrypt a public message? or do you mean signed rather than encrypted?

The idea of encrypted messages is to make sure they're private.

[EcuaMobi]

This is a good idea, for now, you can just request a Public Key from them, or tell them this message is encrypted.

In the meantime, I created a tool so anybody can encrypt messages using my public PGP more easily:
http://bitPGP.com/ecuamobi/  (I no longer own this domain)
https://ecua.mobi/pgp/

If anyone wants this too, I can do it for free:
https://bitcointalk.org/index.php?topic=667380.msg7551562#msg7551562

[zedicus]

If you were to implement this then all messages would be decrypted on the server side. What would be much better would be to have better public awareness of the importance of using PGP for sensitive PMs.

Also the vast majority of PMs likely do not need to be encrypted as they only contain casual conversation and/or casual business that realistically no one would case about if they were able to intercept.

On a 2nd though I guess you could have a field for a public PGP key that would automatically encrypt messages and the receipt would need to manually copy/paste the message to decrypt, however this would still involve encryption on the server side which is still much less secure then encryption on the client side.

[EcuaMobi]

If you were to implement this then all messages would be decrypted on the server side. What would be much better would be to have better public awareness of the importance of using PGP for sensitive PMs.

Also the vast majority of PMs likely do not need to be encrypted as they only contain casual conversation and/or casual business that realistically no one would case about if they were able to intercept.

On a 2nd though I guess you could have a field for a public PGP key that would automatically encrypt messages and the receipt would need to manually copy/paste the message to decrypt, however this would still involve encryption on the server side which is still much less secure then encryption on the client side.

It can be encrypted via Javascript on the client (browser) just before sending the data.
It doesn't need to be encrypted server-side.

[ACCTseller]

If you were to implement this then all messages would be decrypted on the server side. What would be much better would be to have better public awareness of the importance of using PGP for sensitive PMs.

Also the vast majority of PMs likely do not need to be encrypted as they only contain casual conversation and/or casual business that realistically no one would case about if they were able to intercept.

On a 2nd though I guess you could have a field for a public PGP key that would automatically encrypt messages and the receipt would need to manually copy/paste the message to decrypt, however this would still involve encryption on the server side which is still much less secure then encryption on the client side.

It can be encrypted via Javascript on the client (browser) just before sending the data.
It doesn't need to be encrypted server-side.

What if javascript is disabled on someone's browser? Would they not be able to send PMs?

I would also not personally want some 3rd party software encrypting my messages (automatically or not). If the forum were to get hacked and the hack does not get noticed then an attacker could potentially modify the software to also encrypt messages to they PGP key.

I think it would cause unnecessary work for when information that is not at all sensitive is being sent, for example that the seller of a transaction received payment.