PGP Configuration Guide

This section explains how to set up, import, and validate Kerberos PGP keys. All market announcements and vendor messages are cryptographically signed using the Kerberos master key. By verifying PGP signatures, users ensure that they are interacting with authentic sources within the darknet infrastructure.

1 · Generate New PGP Keypair

gpg --full-generate-key

Choose RSA 4096 bits and set expiration (optional). Avoid using real names or identifiable emails.  Once generated, export the public key:

gpg --armor --export your_key_id > public.asc

2 · Import Kerberos Public Key

gpg --import kerberos_public.asc

Compare its fingerprint to the PGP string on Official Mirrors page before trusting any message or address.

3 · Verify Signed Message

gpg --verify message.txt.asc message.txt

Result should read “Good signature from Kerberos Market (key ID B9F78D440C219C88)”.  If you receive a mismatched key or expired sub‑key, it indicates tampering or phishing.

4 · Encrypt and Send Message to Kerberos

Use the following syntax to encrypt text before sending:

gpg --encrypt --armor -r kerberos@market yourmessage.txt

Never paste unencrypted content into web forms. Always encrypt text locally and check for ASCII armor format.

5 · Key Rotation and Backup

Kerberos rotates its sub‑keys monthly while keeping the root fingerprint identical.  Users can refresh the keychain:

gpg --refresh-keys kerberos@market

Store private key files on encrypted drives, preferably detached media (USB or Tails persistent volume).

6 · Troubleshooting

• “No public key” → re‑import Kerberos key.
• “Bad signature” → verify mirror source and timestamp.
• Key expired → fetch fresh rotation from Official Mirrors.