Kerberos PGP Setup Guide
Key Generation & Verification - 2026

Download GnuPG

Kerberos darknet market requires PGP encryption for all private communications. This guide covers GnuPG 2.4.5 installation, 4096-bit RSA key generation, YubiKey 5 integration, and signature verification workflows mandatory for secure vendor/market interaction.

1. YubiKey 5 NFC Setup (Recommended)

Hardware Requirements

  • YubiKey 5 NFC / 5C NFC
  • 4096-bit RSA key support
  • Touch-to-sign enabled
  • PIV + OpenPGP applets
  • Firmware 5.4.3+

Key Generation Commands

ykman otp cred --touch
gpg --card-edit
admin
factory-reset
generate
4096
9c
save

2. PGP Message Verification

Verify Market Signature

gpg --verify kerberos-announcement.asc
gpg --fingerprint 0xA1B2C3D4E5F67890
gpg --recv-keys 0xA1B2C3D4E5F67890

Verify Vendor Message

gpg --import vendor-public-key.asc
gpg --decrypt vendor-shipping-details.asc
gpg --list-signatures vendor-key-id

Success Indicators

  • "Good signature"
  • "VALIDSIG 3 0 0"
  • Key created date matches
  • No "WARNING: subkey"
  • Full fingerprint verification

3. Key Management Workflow

Market PGP Fingerprint

0xA1B2C3D4E5F67890 1234 5678 9ABC DEF0 1234 5678 9ABC DEF0 1234

Keyring Security Rules

  • gpg --edit-key → expire 1y
  • Subkey rotation every 90 days
  • Revocation cert → metal backup
  • gpg-agent --daemon timeout 5m
  • Never gpg --armor private keys

4. Advanced GnuPG Configuration

# ~/.gnupg/gpg.conf
expert
keyid-format 0xlong
with-fingerprint
default-key 0xYOURKEYID
personal-digest-preferences SHA512 SHA384 SHA256
personal-cipher-preferences AES256 AES192 AES
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
cert-digest-algo SHA512
s2k-digest-algo SHA512
s2k-cipher-algo AES256
s2k-count 65536
s2k-mode 3
charset utf-8
use-agent
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed