Security & PGP on DRUGHUB

DRUGHUB relies on Tor, PGP and strict isolation between identities to keep your marketplace activity away from clearnet life. This page explains how PGP fits into the model and how to use it effectively.

How PGP protects your messages

PGP combines a public key, a private key and a fast symmetric cipher to keep your messages confidential, authentic and tamper‑evident.

Key pairs

You generate a keypair: a public key to share with others and a private key that never leaves your control.

  • Public key is safe to publish.
  • Private key is protected with a passphrase.

Hybrid encryption

Messages are encrypted with a fast symmetric key, which itself is encrypted to your public key and sent along with the ciphertext.

  • Efficient for large messages.
  • Only your private key can unlock the session key.

Signatures & integrity

Digital signatures bind messages to your keypair and make any tampering visible to the recipient.

  • Authenticity: who really sent it.
  • Integrity: nothing changed in transit.

Why DRUGHUB enforces PGP

PGP turns every sensitive message into a small, encrypted package that only the intended key owner can read. Even if traffic is captured, it remains opaque.

Confidentiality Only key owner can decrypt.
Integrity Tampering breaks the signature.
Authenticity Messages are bound to a key identity.
Deniability No IP‑based account recovery or phone links.
You
Vendor
Network
Encrypted payload
Observable metadata only

With PGP, the network sees only encrypted blobs and timing, not the content of DRUGHUB messages.

How to use PGP with DRUGHUB

  1. Generate a dedicated PGP keypair used only for DRUGHUB activity.
  2. Publish the public key in your DRUGHUB profile if you are a vendor.
  3. Import vendor keys and verify fingerprints inside the marketplace UI.
  4. Encrypt all addresses, order details and dispute notes before sending.
  5. Decrypt responses locally and verify signatures from the expected key.

Operational PGP hygiene

  • Store private keys on hardened devices, not inside browsers.
  • Use strong passphrases and consider hardware‑backed storage.
  • Rotate keys if your threat model demands it and revoke compromised ones.
  • Treat unsolicited “key change” messages as hostile until verified in‑app.
  • Never paste decrypted content back into clearnet messengers.

PGP on DRUGHUB: quick answers

Is PGP optional?

For high‑tier vendors and sensitive flows PGP is enforced by the platform. For other users it is strongly recommended rather than optional cosmetics.

What if a message is not encrypted?

In enforced areas, plaintext messages are blocked. In other areas, they may deliver but expose you to profiling and interception risks.

Does PGP hide everything?

PGP hides content and tampering, not timing or overall traffic volume. Combine it with Tor and good opsec to reduce metadata exposure.