DrugHub PGP Login Guide
Access DrugHub Market:
http://drughuberjxfrxtlk2cystdz4jvogmc3lsnk5drvwx2nfi63ou2r2kid.onion/
https://drughub.io (Clearnet Gateway)
DrugHub Market uses passwordless PGP authentication for maximum security. No usernames, no passwords - only your PGP key pair. This comprehensive guide covers PGP key generation, registration, and login procedures. You must understand PGP encryption before using DrugHub.
Why PGP-Only Authentication?
DrugHub's passwordless PGP login system provides security advantages over traditional authentication:
| Security Aspect |
Traditional Login |
DrugHub PGP Login |
| Phishing Risk |
High (credentials can be stolen) |
Zero (no credentials to steal) |
| Database Breach |
Exposes password hashes |
Only public keys (useless to attackers) |
| Two-Factor Auth |
Optional add-on |
Mandatory (private key = 2FA) |
| Password Reuse |
Common vulnerability |
Not applicable |
| Brute Force |
Possible with weak passwords |
Computationally infeasible |
PGP Key Generation
Prerequisites
- PGP software: GPG (Linux/macOS), Gpg4win (Windows), or GPG Suite
- Secure environment: Tails, Whonix, or at minimum clean OS
- Understanding of public/private key cryptography
- Secure storage for private key backup
Key Generation Steps
1Install GPG Software
Linux/macOS: GPG usually pre-installed. Verify with: gpg --version
Windows: Download Gpg4win from gpg4win.org
Tails: GPG pre-installed and configured for maximum security
2Generate New Key Pair
Command: gpg --full-generate-key
Recommended settings:
- Key type: RSA and RSA (default)
- Key size: 4096 bits (maximum security)
- Expiration: 0 (no expiration) or 2+ years
- Name: Use pseudonym, not real identity
- Email: Optional or use fake email
- Passphrase: Strong, unique, memorable
3Backup Private Key
Export private key: gpg --export-secret-keys --armor YOUR_KEY_ID > private-key.asc
Critical: Store backup on encrypted USB drive or offline storage. Loss of private key = permanent account loss.
4Export Public Key
Command: gpg --export --armor YOUR_KEY_ID > public-key.asc
This public key will be uploaded to DrugHub during registration.
DrugHub Registration Process
Registration Steps
- Access DrugHub via Tor Browser
- Complete Proof of Work (10-30 seconds)
- Navigate to registration page
- Upload or paste your public PGP key
- Submit registration
- DrugHub verifies key validity
- Account created - no password needed
- Receive private mirror URLs (bookmark immediately)
⚠ Important: DrugHub requires PGP knowledge before registration. The marketplace operates with a "no handholding" philosophy. You must understand key management, encryption, decryption, and signing before attempting to register.
Login Procedure
How PGP Login Works
DrugHub login uses cryptographic challenge-response authentication:
- Access DrugHub: Navigate to onion URL or private mirror
- Initiate Login: Click login button
- Receive Challenge: DrugHub generates random challenge text encrypted with your public key
- Decrypt Challenge: Use your private key to decrypt the challenge
- Sign Response: Sign the decrypted challenge with your private key
- Submit Signature: Upload signed response to DrugHub
- Verification: DrugHub verifies signature using your public key
- Authenticated: If signature matches, you're logged in
Manual Login Commands
Decrypt challenge:
gpg --decrypt challenge.txt
Sign response:
echo "DECRYPTED_CHALLENGE_TEXT" | gpg --clearsign
Note: DrugHub's encryption helper scripts can automate this process transparently.
Encryption Helper Tools
DrugHub Encryption Helper Scripts
DrugHub provides encryption helper tools that function as reverse proxies, automatically handling encryption, decryption, and signing:
Available Languages:
- Python (280 lines) - drughub-helper.py
- Go (290 lines) - drughub-helper.go
Features:
- Transparent encryption/decryption
- Automatic PGP signing for authentication
- Local reverse proxy (localhost:8080)
- No binary distribution - compile yourself
- PGP-signed releases for verification
Compatible Operating Systems:
- Tails (recommended)
- Whonix (VM-based security)
- Qubes OS (compartmentalized)
- Debian and derivatives
Setup: Download source code from DrugHub, verify PGP signature, compile, configure with your PGP key, run proxy, access DrugHub through http://localhost:8080
Security Best Practices
Key Management
- Never share private key: Your private key is your identity - never transmit it
- Strong passphrase: Protect private key with strong passphrase
- Offline backups: Store encrypted backups on offline media
- Key rotation: Consider generating new key every 1-2 years
- Separate keys: Use unique PGP key for DrugHub only
Login Security
- Private mirrors: Use your private mirror URLs after registration
- Verify URLs: Always confirm you're on authentic DrugHub site
- Secure environment: Only login from Tails, Whonix, or secure OS
- Clear session: Use Tor Browser's "New Identity" after logout
- No public computers: Never access DrugHub from public/shared computers
Troubleshooting
Common Issues
Issue: Public key rejected during registration
Solution: Ensure key is 2048+ bits RSA, properly formatted ASCII armor, and valid PGP format
Issue: Cannot decrypt login challenge
Solution: Verify you're using the same private key that matches registered public key. Check passphrase correctness.
Issue: Signature verification fails
Solution: Ensure you're signing the exact decrypted challenge text without modifications. No extra whitespace or characters.
Issue: Lost private key
Solution: Account permanently lost. No password reset possible. Create new account with new PGP key pair.
Ready to create your DrugHub account?
Generate PGP key pair, then access DrugHub to register:
http://drughuberjxfrxtlk2cystdz4jvogmc3lsnk5drvwx2nfi63ou2r2kid.onion/