Protocol Access Tutorial

A technical guide to navigating the drughub market infrastructure securely. Follow these steps to establish an encrypted connection and verify network integrity.

01 Environment Configuration

Security Level: High

Before accessing any onion service, the client environment must be secured to prevent IP leaks and fingerprinting.

  • Tor Browser: Download only from the official project source. Verify the GPG signature of the installer.
  • Security Slider: Navigate to Settings > Privacy & Security. Set the Security Level to "Safer" or "Safest". This disables JIT compilation and reduces attack surface.
  • Window Size: Do not maximize the browser window. Leave it at the default size to prevent resolution fingerprinting.
Note: Never use a VPN with Tor unless you are an advanced user who understands bridge configuration. Tor alone is sufficient for most threat models.

02 Access & Verification

Protocol: V3 Onion

Phishing is the primary vector of attack. Always verify that you are on a legitimate mirror before entering credentials.

vmmrsxkevd5j2krt6qo3nw5saj555bbte3hc27lrjkadljxu43sfkcqd.onion

Verification Process:

  1. Navigate to the mirror URL.
  2. Look for the PGP signed message on the login page.
  3. Copy the message and signature into your PGP software (Kleopatra/GPG4Win).
  4. Verify that the signature matches the market's official public key.

03 Account Security & Recovery

Encryption: AES-256

Credentials

Use a unique username and a random, high-entropy password generated by a password manager (e.g., KeePassXC). Do not reuse credentials from other markets.

PGP 2FA

Immediately upload your PGP public key in settings and enable 2-Factor Authentication. This ensures that even if your password is compromised, the account remains inaccessible without your private key.

Critical: The Mnemonic

Upon registration, you will be shown a mnemonic seed phrase (e.g., a list of 12-24 words).

YOU MUST SAVE THIS OFFLINE.

There is no "Forgot Password" button. The mnemonic is the cryptographic seed for your account wallet and identity. Without it, account recovery is impossible.

04 Wallet Management (XMR)

Currency: Monero Only

DrugHub enforces a Monero (XMR) only policy to ensure transaction privacy. Bitcoin (BTC) is not accepted due to its transparent ledger.

Deposit Protocol

  1. Navigate to the Wallet tab in the user dashboard.
  2. Generate a new deposit subaddress.
  3. Send XMR from your personal wallet (GUI/CLI/Cake).
  4. Wait for 10 network confirmations (approx. 20-30 mins).
  5. Funds will appear in your balance automatically.

Best Practices

  • Use a local wallet, never an exchange wallet.
  • Verify the first 4 and last 4 characters of the address.
  • Keep your wallet software updated.

05 Interaction Protocol

System: Escrow

Understanding the escrow system is vital for financial safety within the ecosystem.

Traditional Escrow

Funds are held by the market logic until the order is marked as "Received" by the user or the auto-finalize timer expires. If an issue arises, a dispute can be opened for moderator review.

Finalize Early (FE)

Some established entities may request FE. This releases funds immediately upon marking as shipped. Warning: This removes escrow protection. Only use FE with entities you have thoroughly researched and trust implicitly.

Communication

Always encrypt sensitive data (names, addresses) using PGP before sending it in the chat or order notes. Do not rely on the market's auto-encrypt feature; encrypt locally first.