PGP Encryption Complete Guide

Master PGP/GPG for secure Darkmatter Market communication

⚠️ PGP is MANDATORY for Darkmatter Market: Unlike optional on other markets, Darkmatter requires PGP for account registration, 2FA login, and vendor communication. Mastering PGP is non-negotiable.

What is PGP and Why You Need It

PGP (Pretty Good Privacy) is military-grade encryption that protects your communications on Darkmatter Market.

Account Security

PGP public key required during registration. PGP 2FA protects login even if password is stolen.

Message Encryption

Communicate with vendors privately. Only you can decrypt messages with your private key.

Address Protection

Encrypt shipping address so only vendor can read it. Market admins cannot see your address.

Signature Verification

Verify official mirror URLs through PGP-signed Dread posts. Prevents phishing attacks.

Installing PGP Software

Windows: Gpg4win (Kleopatra)

  1. Download from: gpg4win.org
  2. Run installer (accept defaults)
  3. Launch "Kleopatra" application
  4. Kleopatra is your PGP key manager

macOS: GPG Suite

  1. Download from: gpgtools.org
  2. Install GPG Suite
  3. Open "GPG Keychain" app
  4. Integration with Apple Mail included

Linux: GPG Command Line

Most Linux distros include GPG by default:

gpg --version

If not installed: sudo apt install gnupg (Debian/Ubuntu)

Generating Your PGP Key Pair

Using Kleopatra (Windows/Mac GUI):

  1. Open Kleopatra → File → New OpenPGP Key Pair
  2. Name: Use pseudonym (e.g., "Dark Buyer 2025")
  3. Email: Use throwaway/fake email (doesn't need to be real)
  4. Click "Advanced Settings"
  5. Key Material: RSA 4096-bit (strongest)
  6. Valid Until: Set 2-3 years (can extend later)
  7. Click "OK" → "Create"
  8. Passphrase: Enter STRONG passphrase (12+ characters, mix symbols/numbers)
  9. Confirm passphrase
  10. Wait for key generation (may take 1-2 minutes)
  11. Key pair created! You'll see it in Kleopatra list

Using GPG Command Line (Linux/Advanced):

gpg --full-generate-key
  1. Select: (1) RSA and RSA
  2. Key size: 4096
  3. Expiration: 2y (2 years)
  4. Confirm: y
  5. Name: DarkBuyer2025
  6. Email: darkbuyer@proton.me (or fake)
  7. Comment: (leave blank)
  8. Confirm: O (okay)
  9. Enter strong passphrase twice
⚠️ CRITICAL: Passphrase Security
  • Passphrase protects your private key
  • If someone gets your private key file WITHOUT passphrase, they still can't use it
  • Use 15+ character passphrase with symbols: Quantum!Market#2025$Secure
  • NEVER forget passphrase - cannot be recovered
  • Store passphrase separately from key file

Encrypting Messages

Encrypt your shipping address or messages to vendors:

Using Kleopatra:

  1. Copy vendor's PGP public key from their profile
  2. Kleopatra → File → Import → Paste vendor's public key → Import
  3. Write your message/address in Notepad
  4. Kleopatra → Notepad icon → "Sign/Encrypt Notepad"
  5. Select vendor's public key from list
  6. Click "Encrypt"
  7. Copy encrypted message block (-----BEGIN PGP MESSAGE-----)
  8. Paste into Darkmatter message field

Using GPG Command Line:

echo "Your message here" | gpg --encrypt --armor --recipient vendor@market.onion

Or encrypt from file:

gpg --encrypt --armor --recipient vendor@market.onion address.txt

Decrypting Messages

Decrypt vendor messages, 2FA challenges, or confirmations:

Using Kleopatra:

  1. Copy entire encrypted message block from Darkmatter
  2. Kleopatra → Notepad icon → "Decrypt/Verify Notepad"
  3. Paste encrypted message
  4. Click "Decrypt"
  5. Enter your private key passphrase
  6. Decrypted message appears in new window

Using GPG Command Line:

gpg --decrypt message.asc

Or from clipboard:

echo "-----BEGIN PGP MESSAGE-----..." | gpg --decrypt

Verifying PGP Signatures

Verify official Darkmatter mirror URLs from Dread forum:

  1. Import Darkmatter admin's public key from Dread profile
  2. Copy PGP-signed mirror announcement
  3. Kleopatra → Notepad → "Decrypt/Verify"
  4. Look for "Valid signature" from Darkmatter admin key
  5. If signature is valid, mirror URLs are authentic
  6. If signature is invalid/missing, DO NOT trust the URLs
💡 Why Signature Verification Matters: Phishing sites cannot create valid PGP signatures without Darkmatter's private key. Verified signatures prove authenticity 100%.

Backing Up Your Keys

Export Private Key (CRITICAL BACKUP):

Kleopatra:

  1. Right-click your key → Export Secret Keys
  2. Save to encrypted USB drive (NOT cloud storage)
  3. Filename example: darkmatter_privatekey_2025.asc
  4. Store USB in secure location (home safe, bank deposit box)

GPG Command:

gpg --export-secret-keys --armor your.email@example.com > private-key-backup.asc

Export Public Key:

gpg --export --armor your.email@example.com > public-key.asc
⚠️ Private Key Security:
  • NEVER upload private key anywhere online
  • NEVER send private key to anyone
  • Store offline only (USB, paper printout)
  • Encrypt backup USB drive with VeraCrypt
  • Test backup periodically by importing to verify it works

PGP Best Practices for Darkmatter

✅ DO:

  • Use 4096-bit RSA keys
  • Create separate PGP identity for darknet (don't mix with clearnet email)
  • Set key expiration (2-3 years, renewable)
  • Use strong 15+ character passphrase
  • Back up private key to offline storage
  • Test encryption/decryption before first purchase
  • Import vendor public keys before messaging

❌ DON'T:

  • Share private key with ANYONE
  • Upload private key to cloud storage
  • Use weak passphrase
  • Forget passphrase (cannot be recovered)
  • Lose private key backup
  • Use real personal email in PGP identity
  • Skip signature verification on mirror URLs

What's Next?

Registration Guide

Use your new PGP keys to create Darkmatter account

 PGP 2FA Setup

Master Darkmatter's mandatory PGP 2FA system
← Back to Wiki Hub