Wiki / PGP Encryption & 2FA

🔑 PGP Encryption & 2FA

Advanced ⏱️ 15-20 minutes Required Updated: November 2025

Master PGP encryption - generate 4096-bit keys, encrypt messages, verify signatures, and setup mandatory 2FA authentication.

⚠️ MANDATORY: DrugHub requires PGP for login and communication. This is non-negotiable. You cannot use the market without it.

🔐 What is PGP?

PGP (Pretty Good Privacy) is encryption software that uses two keys:

  • Public Key: Share with others - they encrypt messages for you
  • Private Key: Keep secret - you decrypt messages meant for you

Why DrugHub Requires PGP

  1. Mandatory PGP Login: Proves you control the private key
  2. Address Encryption: Shipping addresses must be encrypted
  3. Secure Communication: Messages with vendors are encrypted
  4. Signature Verification: Verify you're talking to real admins/vendors

📥 Installing PGP Software

Windows: Kleopatra (Gpg4win)

  1. Download from official site: gpg4win.org
  2. Run installer, select "Kleopatra" component
  3. Complete installation
  4. Launch Kleopatra from Start Menu

macOS: GPG Suite

  1. Download from: gpgtools.org
  2. Run installer package
  3. Complete installation
  4. Launch GPG Keychain

Linux: GnuPG (Usually Pre-installed)

# Check if installed
gpg --version

# Install if needed
sudo apt-get install gnupg2
sudo apt-get install kleopatra # GUI

🔑 Generating Your PGP Key Pair

Using Kleopatra (Windows/Linux GUI)

  1. Open Kleopatra
  2. Click "New Key Pair""Create a personal OpenPGP key pair"
  3. Fill out form:
    • Name: Use pseudonym (e.g., "DrugHubUser2025")
    • Email: Fake email or leave blank (e.g., "user@localhost")
  4. Click "Advanced Settings"
  5. Set:
    • Key Material: RSA
    • Key Size: 4096 bits (REQUIRED by DrugHub)
    • Valid until: Never expires OR 2+ years
  6. Click "OK" then "Create"
  7. Enter strong passphrase (20+ characters, store in password manager)
  8. Wait for key generation (may take 1-2 minutes)

Using Command Line (Linux)

gpg --full-generate-key

# Select: (1) RSA and RSA
# Key size: 4096
# Expiration: 0 (never) or 2y
# Name: DrugHubUser2025
# Email: user@localhost
# Enter strong passphrase
Passphrase Security:
  • Minimum 20 characters
  • Mix uppercase, lowercase, numbers, symbols
  • NOT related to personal information
  • Store in KeePassXC or similar
  • If lost, you lose access to account permanently

📤 Exporting Your Keys

Export Public Key (Share with Others)

Kleopatra:

  1. Right-click your key → "Export"
  2. OR: Right-click → "Copy" → "Copy Public Key"
  3. Paste into DrugHub registration form

Command Line:

# List keys to get Key ID
gpg --list-keys

# Export public key
gpg --armor --export YOUR_KEY_ID

Backup Private Key (CRITICAL)

🚨 CRITICAL: Backup your private key securely. If you lose it, you lose access to your DrugHub account forever.

Kleopatra:

  1. Right-click your key → "Export Secret Keys"
  2. Save to encrypted USB drive or secure location
  3. NEVER upload to cloud or email

Command Line:

gpg --armor --export-secret-keys YOUR_KEY_ID > private-key-backup.asc

Storage Recommendations:

  • Store on encrypted USB drive
  • Use VeraCrypt encrypted container
  • Multiple offline backups in separate locations
  • Never store on cloud (Dropbox, Google Drive, etc.)

🔒 Encrypting Messages

Encrypting for Others (e.g., Shipping Address for Vendor)

Step 1: Import Recipient's Public Key

Copy vendor's public key from their profile → Kleopatra → "Import" → Paste

Step 2: Encrypt Your Message

Kleopatra:

  1. Click "Notepad" icon (Encrypt/Decrypt Notepad)
  2. Type your message (shipping address, etc.)
  3. Click "Encrypt"
  4. Select recipient's public key
  5. Copy encrypted message (starts with -----BEGIN PGP MESSAGE-----)
  6. Paste into DrugHub order form

Command Line:

# Encrypt file
gpg --encrypt --armor --recipient VENDOR_KEY_ID message.txt

# Or encrypt text directly
echo "Your message here" | gpg --encrypt --armor --recipient VENDOR_KEY_ID

Example Encrypted Shipping Address

-----BEGIN PGP MESSAGE-----

hQIMA+9K7xK3VqPeAQ/+MmxKz7TZG4RI8...(encrypted data)...vC2
=abCD
-----END PGP MESSAGE-----

🔓 Decrypting Messages

Decrypting PGP Login Challenge

When you login to DrugHub, you'll receive an encrypted challenge. Here's how to decrypt it:

Kleopatra:

  1. Copy the entire encrypted message from DrugHub (including headers)
  2. Open Kleopatra → Click "Decrypt/Verify"
  3. Paste the encrypted message
  4. Enter your PGP passphrase
  5. Copy the decrypted code (usually 6-8 characters)
  6. Paste code back into DrugHub login page

Command Line:

# Decrypt from clipboard
gpg --decrypt
(paste encrypted message, press Ctrl+D)

✍️ Signing & Verifying Messages

Why Signatures Matter

Signatures prove a message came from the key owner. Always verify admin/vendor signatures to prevent phishing.

Verifying a Signature

Kleopatra:

  1. Copy signed message
  2. Click "Decrypt/Verify"
  3. Paste message
  4. Check result: ✓ Valid signature from [Name]

Signing Your Messages

Kleopatra:

  1. Open notepad, type message
  2. Click "Sign"
  3. Select your key
  4. Enter passphrase
  5. Copy signed message

📱 Two-Factor Authentication (2FA)

Highly Recommended: 2FA adds extra security layer. Even if someone steals your password, they can't access your account without the 2FA code.

Setup 2FA on DrugHub

  1. Login to DrugHub
  2. Navigate to: Settings → Security → Two-Factor Authentication
  3. Click "Enable 2FA"
  4. Scan QR code with authenticator app:
    • Recommended: Authy, Aegis (Android), Raivo (iOS)
    • Avoid: Google Authenticator (no backups)
  5. Enter 6-digit code to verify
  6. SAVE BACKUP CODES - Store in password manager

Using 2FA for Login

  1. Enter username and password
  2. Decrypt PGP challenge
  3. Enter 2FA code from authenticator app
  4. Successfully logged in
⚠️ Backup Codes: If you lose your phone, backup codes are the ONLY way to recover access. Store them securely offline.

🔧 Common PGP Issues

❌ "Invalid PGP Key" on Registration

Cause: Key not 4096-bit or incomplete paste

Solution:

  • Verify key is exactly 4096 bits (check advanced settings)
  • Ensure entire key including headers copied: -----BEGIN PGP PUBLIC KEY BLOCK----- to -----END PGP PUBLIC KEY BLOCK-----
  • Remove extra spaces/line breaks

❌ Can't Decrypt Login Challenge

Causes:

  • Wrong private key selected (if you have multiple)
  • Incorrect passphrase
  • Incomplete encrypted message copied

Solution:

  • Verify you're using the same key pair as registration
  • Copy entire encrypted block including headers
  • Double-check passphrase in password manager

❌ "No secret key" Error

Cause: Private key not imported or missing

Solution:

  • Import your private key backup
  • Verify key ownership with: gpg --list-secret-keys

🎯 PGP Best Practices

  • ✅ Use 4096-bit RSA keys minimum
  • ✅ Create strong 20+ character passphrase
  • ✅ Backup private key to multiple offline locations
  • ✅ Enable 2FA on DrugHub account
  • ✅ Save 2FA backup codes
  • ✅ Verify signatures on admin/vendor messages
  • ✅ Use different PGP key for DrugHub (don't reuse personal keys)
  • ✅ Test encryption/decryption before first order
  • ❌ Never share private key
  • ❌ Never upload private key to cloud
  • ❌ Never email private key
  • ❌ Never reuse PGP key from clearnet identity
← Back to Wiki Hub Next: Monero Guide →