🔏 Advanced PGP Guide

Generate a 4096-bit RSA key pair or use the newer Ed25519 algorithm for your darknet activities. Use a unique key pair that is not linked to your real identity — set the name and email fields to your market pseudonym. Set an expiration date (1-2 years) and generate a revocation certificate immediately. Store your private key and revocation certificate on encrypted storage only. Never upload your private key to key servers or share it with anyone.

Digital signatures prove that a message was written by the holder of a specific private key and was not altered in transit. To sign a message, use gpg --clearsign message.txt in terminal or the Sign function in Kleopatra. Signed messages allow vendors and buyers to verify each other identity across sessions or even across markets. Always verify signatures on official market announcements to confirm they are authentic.

For maximum security, use multiple-recipient encryption when sending messages that both you and the vendor should be able to decrypt later. Set your PGP client to always encrypt to your own key as well (gpg.conf: encrypt-to YOUR_KEY_ID). Use subkeys for daily operations while keeping your master key offline. Consider using PGP keyservers sparingly — for darknet purposes, exchange keys directly through verified channels rather than public infrastructure.