PGP Guide

5 Steps RSA 4096

Complete PGP workflow for Torzon. Generate keys → Import Torzon master → Verify onion signatures → Encrypt vendor messages → Never trust unsigned links.

Generate Your Key Verify Torzon FP

Step 1: Generate Your PGP Key

Windows: GPG4Win

gpg4win.org

Kleopatra → File → New Keypair → RSA 4096 → Real name + email

Terminal (Linux/Mac)

gpg --full-generate-key
--expert
RSA 4096
0 (no expire)
Real Name
your@email.fake
            

Export Public Key

gpg --armor --export your@email.fake

Copy this block for vendor messages.

Step 2: Torzon Master Fingerprint

Torzon Official FP

Verify Every URL

ABCD 1234 EF56 7890 ABCD 1234 EF56 7890 ABCD 1234 EF56

Import & Verify

Kleopatra → Import → Paste fingerprint block
Check /pgp.txt on Torzon site matches
Verify /mirrors.txt signature
Reject unsigned onion announcements

Verification Workflow

Find /pgp.txt

Every legit Torzon onion has public key at /pgp.txt

Check /mirrors.txt

Signed list of ALL valid torzon onion mirrors

Verify Signature

Kleopatra → Verify → Select mirrors.txt → OK

Unsigned = Phishing

Close tab immediately

Vendor PGP Messages

Copy Vendor Key

Always Verify

From vendor profile → Copy their PGP public key block → Import to Kleopatra

Encrypt Order Message

Shipping address
Stealth packaging
Special instructions

Kleopatra → Encrypt → Paste message → Select vendor key

PGP Mistakes (AVOID)

Trusting screenshots

ANYONE can fake PGP screenshots

Wrong key imported

Fingerprint must match EXACTLY. Check 1st 8 + last 8 chars.

Reusing private key

GENERATE NEW KEYPAIR PER MARKET

Terminal Commands

Generate

gpg --full-generate-key

List Keys

gpg --list-secret-keys --keyid-format LONG

Verify

gpg --verify mirrors.txt.asc mirrors.txt

Encrypt

gpg --encrypt --recipient VENDOR_KEY message.txt