Contact FAQ

🔐 PGP Encryption Guide

Master PGP encryption for secure communications on Catharsis Market

Beginner Friendly 📖 15 minute read 🔄 Updated: November 2025

📑 Table of Contents

  1. What is PGP?
  2. Why Use PGP on Darknet Markets
  3. Key Concepts
  4. Generating Your Key Pair
  5. Encrypting Messages
  6. Decrypting Messages
  7. Setting Up PGP 2FA
  8. Best Practices

1. What is PGP?

PGP (Pretty Good Privacy) is an encryption program that provides cryptographic privacy and authentication. It was created by Phil Zimmermann in 1991 and has become the gold standard for secure communication.

PGP uses a combination of symmetric-key cryptography and public-key cryptography. This hybrid approach provides both the security of public-key encryption and the speed of symmetric encryption.

💡
GPG vs PGP

GPG (GNU Privacy Guard) is a free, open-source implementation of the OpenPGP standard. When we say "PGP," we usually mean the OpenPGP standard, which GPG implements.

2. Why Use PGP on Darknet Markets

🔒 Encrypted Communications

Encrypt sensitive information like shipping addresses so only the vendor can read them.

✅ Identity Verification

Verify you're communicating with legitimate vendors and not imposters.

🔐 Two-Factor Authentication

Protect your account with PGP-based 2FA that can't be bypassed by phishing.

📝 Message Signing

Prove messages came from you and haven't been altered in transit.

3. Key Concepts

Public Key vs Private Key

🔓 Public Key

  • ✅ Share freely with anyone
  • ✅ Used by others to encrypt messages TO you
  • ✅ Used to verify your signatures
  • ✅ Cannot decrypt messages

🔒 Private Key

  • ❌ NEVER share with anyone
  • ✅ Used to decrypt messages sent to you
  • ✅ Used to sign messages
  • ✅ Protected by a passphrase
⚠️
Critical Security Warning

Your private key is like the master key to your identity. If compromised, attackers can read all your encrypted messages and impersonate you. NEVER share it, even with market support.

4. Generating Your Key Pair

Option A: Using Kleopatra (Recommended for Windows)

  1. Download Gpg4win from gpg4win.org
  2. Install and launch Kleopatra
  3. Click "New Key Pair" → "Create a personal OpenPGP key pair"
  4. Enter a pseudonym (not real name) and anonymous email
  5. Choose RSA 4096-bit for maximum security
  6. Set a strong passphrase (20+ characters)
  7. Export your public key to share with others

Option B: Using GPG Command Line (Linux/Tails)

Terminal Commands 
# Generate a new key pair
gpg --full-generate-key

# Choose: (1) RSA and RSA
# Key size: 4096
# Validity: 0 (doesn't expire)
# Enter pseudonym and anonymous email
# Set strong passphrase

# Export public key
gpg --armor --export your@email.com > public_key.asc

# Backup private key (store securely!)
gpg --armor --export-secret-keys your@email.com > private_key.asc
Try Our Online PGP Generator →

For demonstration purposes only. Generate real keys locally.

5. Encrypting Messages

To send an encrypted message, you need the recipient's public key. Import it first, then encrypt.

GPG Encryption Commands 
# Import recipient's public key
gpg --import vendor_public_key.asc

# Encrypt a message
echo "Your shipping address here" | gpg --armor --encrypt --recipient vendor@email.com

# Or encrypt a file
gpg --armor --encrypt --recipient vendor@email.com message.txt

The output will look like this:

Encrypted Message Example 
-----BEGIN PGP MESSAGE-----

hQIMA8Xk9E7s5hU2AQ//dGVzdCBtZXNzYWdl...
...encrypted content here...
=A7Kc
-----END PGP MESSAGE-----

6. Decrypting Messages

GPG Decryption 
# Decrypt a message (you'll be prompted for your passphrase)
gpg --decrypt message.asc

# Or decrypt from clipboard (pipe the content)
gpg --decrypt

7. Setting Up PGP 2FA on Catharsis

  1. Log in to your Catharsis Market account
  2. Navigate to Settings → Security → Two-Factor Authentication
  3. Paste your public key in the designated field
  4. The market will display an encrypted verification code
  5. Decrypt the code using your private key
  6. Enter the decrypted code to confirm
  7. 2FA is now enabled! Each login will require decrypting a challenge
PGP 2FA Advantage

Unlike TOTP (Google Authenticator), PGP 2FA cannot be bypassed by phishing. Even if you enter credentials on a fake site, attackers cannot complete the login without your private key.

8. Best Practices

  • Use 4096-bit RSA keys for maximum security
  • Set a strong passphrase (20+ characters, mixed types)
  • Back up your private key to encrypted storage
  • Use Tails OS for key generation and storage
  • Verify key fingerprints before encrypting to new contacts
  • Regularly rotate keys (annually or if compromise suspected)
  • Never share your private key with anyone, ever
  • Never generate keys on untrusted/online systems for real use
  • Never store passphrase in plain text files

Related Guides

💿

Tails OS Guide

Best environment for PGP key management
🔑

2FA Setup Guide

Detailed two-factor authentication setup
🛡️

OPSEC Guide

Comprehensive operational security