Secure Access Protocol

A comprehensive technical guide for researchers and users establishing a secure, encrypted connection to the DrugHub Market ecosystem.

Pre-Flight Security Briefing

Before attempting to access any hidden service, it is imperative to understand the underlying architecture of the Tor network and PGP encryption. DrugHub Market operates exclusively on the Tor network (.onion) and utilizes Monero (XMR) for transactional privacy. This tutorial assumes a basic understanding of operational security (OpSec).

NOTE: Always verify that your clock is synchronized to UTC to prevent timing attacks and ensuring PGP timestamps verify correctly.
PHASE 01 Environment Setup

Network Configuration

  1. Install Tor Browser: Download the official browser only from the Tor Project. Do not use third-party bundles or VPN-over-Tor configurations unless you have advanced networking knowledge.
  2. Security Level: Navigate to Settings > Privacy & Security and set the security slider to "Safer" or "Safest". This disables JavaScript on non-HTTPS sites, which drastically reduces the attack surface.
  3. Window Size: Do not maximize the Tor Browser window. Keep it at the default size to prevent fingerprinting of your screen resolution.
PHASE 02 Connection

Access & Verification

Phishing is the most common vector of attack. You must verify that the onion address you are accessing is cryptographically signed by the market's key.

vmmrsxkevd5j2krt6qo3nw5saj555bbte3hc27lrjkadljxu43sfkcqd.onion

Verification Procedure

Upon loading the login page, DrugHub will present a PGP signed message. You must copy this message and verify it against the DrugHub Public Key (available on the Security Page). If the signature is invalid, disconnect immediately.

PHASE 03 Identity & Keys

Account Creation & 2FA

1. Credentials

Use a unique username and a strong, randomly generated password. Do not reuse credentials from other markets or clear-net sites.

2. Mnemonic Seed

DrugHub will generate a Mnemonic Seed during registration. Write this down physically. This seed is the only method to recover your account if you lose your password. Admin support cannot reset passwords.

Two-Factor Authentication (2FA)

Immediately after registration, navigate to Settings and enable PGP 2FA.

  • Add your public PGP key to your profile.
  • The system will encrypt a challenge string.
  • Decrypt the string and paste the code to enable 2FA.
PHASE 04 Communications

PGP Encryption Standards

Never communicate in plaintext. All shipping addresses, tracking numbers, and dispute communications must be encrypted using PGP.

Auto-Encryption

While DrugHub offers an "Auto-Encrypt" checkbox for messages, it is best practice to encrypt the message locally on your own machine before pasting the ciphertext into the browser. This prevents the server from ever seeing the plaintext.

PHASE 05 Wallet Protocol

Monero (XMR) Architecture

DrugHub is an XMR-only market. Bitcoin is not accepted due to its transparent ledger.

1. Generate Address

Create a new integrated address in your wallet tab.

2. Send XMR

Send funds from your local wallet (GUI/CLI/Feather).

3. Confirmations

Wait for 10 confirmations (~20 mins) for balance to update.

PHASE 06 Escrow Logic

The Order Lifecycle

Understanding the escrow status codes is vital for fund safety.

  • PENDING Vendor has not yet accepted the order. You can cancel for a full refund.
  • ACCEPTED Vendor is processing the order. Funds are locked in market escrow.
  • SHIPPED Vendor has marked item as sent. Auto-finalize timer begins.
  • FINALIZED Funds are released to the vendor. Only finalize after receiving the product.

WARNING: Never Finalize Early (FE) unless you fully trust the vendor. Once finalized, funds cannot be recovered by support.