The only way to allow a user to retrieve their original password, is to encrypt it with the user's own public key. Only that user can then decrypt their password.
So the steps would be:
- User registers on your site (over SSL of course) without yet setting a password. Log them in automatically or provide a temporary password.
- You offer to store their public PGP key for future password retrieval.
- They upload their public PGP key.
- You ask them to set a new password.
- They submit their password.
- You hash the password using the best password hashing algorithm available (e.g. bcrypt). Use this when validating the next log-in.
- You encrypt the password with the public key, and store that separately.
Should the user then ask for their password, you respond with the encrypted (not hashed) password. If the user does not wish to be able to retrieve their password in future (they would only be able to reset it to a service-generated one), steps 3 and 7 can be skipped.
