Mandatory PGP 2FA Guide

Mastering Darkmatter's PGP-based Two-Factor Authentication

⚠️ 2FA is NOT Optional: Unlike other darknet markets where 2FA is optional, Darkmatter Market enforces PGP-based two-factor authentication for ALL accounts. No 2FA = No access.

Why Darkmatter's 2FA is Different

Traditional 2FA (Other Markets)

  • ❌ Optional (most users skip it)
  • ❌ Mnemonic phrases can be phished
  • ❌ Centralized: market controls recovery
  • ❌ PIN codes can be brute-forced

Darkmatter PGP 2FA (Mandatory)

  • ✅ Mandatory for all accounts
  • ✅ PGP encryption cannot be phished
  • ✅ Decentralized: you control private key
  • ✅ Mathematically unbreakable with 4096-bit RSA
  • ✅ Protects account even if password is compromised

How PGP 2FA Works

1

You Enter Credentials

Submit username and password on Darkmatter login page

2

Market Generates Challenge

Server creates random code and encrypts it with your PGP public key

3

You Receive Encrypted Message

Market displays encrypted PGP block starting with -----BEGIN PGP MESSAGE-----

4

You Decrypt with Private Key

Copy encrypted message → Paste into Kleopatra/GPG → Decrypt with your passphrase

5

You Submit Decrypted Code

Enter the decrypted challenge code back into Darkmatter

Access Granted

Login successful - you've proven possession of private key

🔐 Security Principle: Only someone with your PGP private key can decrypt the challenge. Password theft alone cannot compromise your account.

Initial 2FA Setup

Prerequisites

  • ✅ PGP key pair generated (4096-bit RSA recommended)
  • ✅ Kleopatra, GPG Suite, or GPG command-line installed
  • ✅ PGP passphrase memorized and secure
  • ✅ Private key backed up to encrypted USB

Step 1: During Registration

  1. Navigate to Darkmatter registration page
  2. Enter username and strong password
  3. Locate "PGP Public Key" text field
  4. Export your public key:
    Kleopatra: Right-click key → Details → Export
    Command line: gpg --armor --export your@email.com
  5. Copy entire public key block (including -----BEGIN/END----- markers)
  6. Paste into "PGP Public Key" field on registration page
  7. Complete registration

Step 2: Test Your 2FA Immediately

  1. Logout from newly created account
  2. Return to Darkmatter login page
  3. Enter username and password → Submit
  4. You'll see encrypted PGP message block
  5. Copy the entire encrypted message
  6. Decrypt it (see "Login Process" section below)
  7. Enter decrypted code
  8. If successful, 2FA is working correctly

Login Process (Step-by-Step)

Troubleshooting Common 2FA Issues

❌ Issue: "Decryption Failed" Error

Cause: Wrong passphrase or private key not found

Solution:

  • Verify you're using correct PGP passphrase
  • Ensure private key is imported in Kleopatra/GPG
  • Check that encrypted message was copied completely
  • Confirm private key matches public key used during registration
❌ Issue: "Invalid 2FA Code" When Submitting

Cause: Code expired or typo during entry

Solution:

  • 2FA codes expire after 5 minutes - refresh login page for new challenge
  • Copy/paste code instead of typing to avoid typos
  • Don't include extra spaces or line breaks
  • Make sure entire code was copied (some are 8+ characters)
❌ Issue: Lost PGP Private Key

Cause: Device failure, key file deleted, or backup lost

Solution:

  • ⚠️ No recovery possible - Darkmatter cannot reset 2FA
  • Account is permanently inaccessible without private key
  • Prevention: ALWAYS backup private key to encrypted USB
  • Store backup separately from computer (safe, deposit box)
  • Test backup periodically by importing to different device
❌ Issue: Forgot PGP Passphrase

Cause: Passphrase not written down or lost

Solution:

  • ⚠️ Passphrase cannot be recovered - encryption is unbreakable
  • Private key becomes useless without correct passphrase
  • Account is permanently locked
  • Prevention: Write passphrase on paper, store in secure location
  • Use password manager with encrypted database
  • Create memorable but strong passphrase (e.g., diceware method)
❌ Issue: Encrypted Message Not Displaying

Cause: JavaScript disabled or Tor Browser security level too high

Solution:

  • Ensure JavaScript is enabled for Darkmatter domain
  • Try "Safer" security level instead of "Safest" (temporarily)
  • Clear browser cache and reload page
  • Try different Darkmatter mirror
❌ Issue: Kleopatra Not Showing Decrypt Option

Cause: Private key not imported or wrong key selected

Solution:

  • Kleopatra → File → Import → Select your private key .asc file
  • Verify key appears in "My Certificates" section
  • Right-click key → Details → Check "Secret key available"
  • If missing, restore from backup USB

Security Best Practices

✅ DO:

  • Back up private key to multiple encrypted USB drives
  • Store backup in physically secure location (safe, bank deposit box)
  • Use strong 15+ character passphrase
  • Write down passphrase separately from key file
  • Test 2FA login immediately after registration
  • Practice decrypt/encrypt workflow before first purchase
  • Keep Kleopatra/GPG software updated
  • Verify you're on real Darkmatter before entering credentials

❌ DON'T:

  • Share private key with anyone (including Darkmatter admins)
  • Upload private key to cloud storage (Dropbox, Google Drive)
  • Email private key to yourself
  • Store passphrase in plaintext file on computer
  • Use weak passphrase (dictionary words, personal info)
  • Skip backing up private key
  • Assume you'll remember passphrase forever
  • Trust "2FA recovery" phishing offers

Advanced: Updating PGP Key

⚠️ Key Rotation Warning: Changing your PGP key requires support ticket and proof of ownership. Only do this if:
  • Current key is compromised
  • Key is expiring soon
  • Upgrading to stronger encryption

Key Update Process:

  1. Generate new PGP key pair (4096-bit RSA)
  2. Login to Darkmatter with old 2FA
  3. Navigate to Settings → Security → PGP Key Management
  4. Click "Request Key Change"
  5. Paste new public key
  6. System sends encrypted verification to OLD key
  7. Decrypt verification code with old private key
  8. Submit verification code
  9. New key becomes active after 24-hour security hold
  10. Test login with new 2FA before 24 hours expire

Emergency Account Recovery

🚨 Critical Reality: Darkmatter has NO WAY to recover your account if you lose your PGP private key or forget your passphrase. There are no backdoors. No support tickets can help. Account is PERMANENTLY INACCESSIBLE.

Prevent Lockout Before It Happens:

  • Create 3 backup copies of private key on separate USB drives
  • Store backups in different physical locations
  • Write passphrase on paper, store in fireproof safe
  • Consider backup passphrase in bank deposit box
  • Test backups quarterly by importing to fresh Kleopatra install
  • Set calendar reminder to verify key hasn't expired
  • Keep backup of mnemonic phrase (if using account recovery feature)

Why 2FA Matters: Real Attack Scenarios

🎣 Scenario 1: Phishing Attack

Attack: User enters password on fake Darkmatter clone site

Without 2FA: ❌ Attacker logs in immediately, steals funds

With PGP 2FA: ✅ Attacker can't decrypt challenge, account safe

💻 Scenario 2: Keylogger/Malware

Attack: Keylogger records username and password

Without 2FA: ❌ Full account compromise

With PGP 2FA: ✅ Attacker needs private key file + passphrase

🗄️ Scenario 3: Database Breach

Attack: Darkmatter database is seized/leaked

Without 2FA: ❌ Password hashes can be cracked over time

With PGP 2FA: ✅ Login still requires private key not stored on server

🔓 Scenario 4: Password Reuse

Attack: User's password leaked from unrelated breach

Without 2FA: ❌ Credential stuffing attack succeeds

With PGP 2FA: ✅ Unique private key prevents cross-site compromise

Related Guides

PGP Encryption Guide

Learn PGP fundamentals before setting up 2FA

 Security & OPSEC

Complete security practices for Darkmatter users

 Registration Guide

Step-by-step account creation with 2FA setup
← Back to Wiki Hub