Is-Not-My-Name Nymserver

Introduction

Welcome to the homepage of the Is-Not-My-Name Nymserver. The following pages will walk you through how to create, use and maintain a pseudonym account on this service.

Prerequisites

In order to create and use your Nym, you're going to need a reasonably good understanding of either PGP or GnuPG. Good enough that is to create a key and sign/encrypt messages. Some understanding of how email messages are formatted would also be useful.

Conventions

Currently two domains are supported:-

mixnym.net
is-not-my.name

All addresses and keys must reside in one of them. For these instructions I'll use @domain to imply one or the other.

Creating a Nym

Create a new key pair for yournym@domain.
Ideally, make it an RSA key of 4096 bits, (if all users create keys of the same format, it's harder to link messages).
GnuPG Command: gpg --gen-key
Export your Public Key
This will extract the newly generated key from your keyring and store it in a text file. In the following example, I've named that file pubkey.txt
GnuPG Command: gpg --armor --export yournym@domain > pubkey.txt
Edit the pubkey.txt file
You only need to perform this step if you want to configure additional options on your Nym, such as Subject Identification or Symmetric Encryption.
For each option, add a line to the pubkey.txt file using the format:-
option: setting
For example, to add a subject-password of dead_parrot:-
Subject-Password: dead-parrot
Caps are unimportant in the option name, but are sensitive in the setting.
Encrypt the pubkey.txt file
The pubkey.txt file must now be encrypted to the Nymserver. In the following example, the encrypted file will be created as pubkey.txt.asc
GnuPG Command: gpg --armor --encrypt --recipient config@mixnym.net pubkey.txt
Email the encrypted file
The file must now be sent anonymously to config@mixnym.net. The best way to do this is to use mixmaster. You may also which to use your preferred Mixmaster client.
Mixmaster Command: mixmaster -tm config@mixnym.net pubkey.txt.asc

That's it! The Nymserver decrypts the message, extracts your Nym's email address from the supplied Public Key and processes it. Providing the Nym isn't reserved or alreadly allocated, you will receive a confirmation message from the Nymserver, encrypted to your key.

It's worth noting that this is the only message the server will ever accept from you that's not signed by your key. From now on, your digital signature will prove your ownership of the Nym.

Receiving Messages for your Nym

Unlike a normal email account, messages for your Nym aren't delivered to you personally. Instead they are delivered to a common mailbox that you share with many other users of anonymity systems. This shared mailbox serves to delink incoming messages with their actual recipient.

The shared mailbox comes in the shape of a Usenet group called alt.anonymous.messages. In order to find your messages within this group, you'll need to download the entire content of the group and then attempt to decrypt all the messages in it. If the decryption succeeds, the message is your own.
Need to explain how to download and attempt to decrypt messages.

In addition to messages sent to your Nym by other users, you'll also receive information messages from the Nymserver about your configuration requests. Wherever possible the server will inform you about issues with your Nym or the changes you attempt to make to it. Once your key has been received by the server, it has the capability to send you encrypted messages.

Sending messages from your Nym

Of course you can send messages by many means and just set the From header to that of your Nym. Whilst this works, it's not at all anonymous! You can use the Remailer Network to send the messages (and you certainly should) but many remailers will not allow you to use a specific From header.

To overcome this issue, you can send your message through the Remailer Network to the Nymserver. Here are the steps to achieve this.

Format your message like a normal email, with headers at the top, followed by a blank line and the content. This should look something like:
```
From: mynym@is-not-my.name
To: recipient@email.address
Subject: Your Subject

The message goes here.
```
(These are a minimal set of headers, others can be included.)
Sign the message using your Nym's Private Key and encrypt it for send@is-not-my.name. (ASCII Armor must be used)
Paste the resulting encrypted PGP Message into your Remailer client and send it to send@is-not-my.name.
Providing the Nymserver can process the message, you'll receive a confirmation in alt.anonymous.messages that your email has been forwarded to the recipient.
If your recipient has a PGP key, you can hide your outgoing messages to the Nymserver by first encrypting the content to the recipient's Public Key.

Nymserver PGP Key

The Key for config@is-not-my.name and send@is-not-my.name can be obtained from here
The key can be verified against a detached signature for steve@mixmin.net.

The command to verify a detached signature is:

gpg --verify key.admin.sig key.asc

URL Retrieval

Slightly disconnected in functionality from the Nymserver, is-not-my.name also provides a means to anonymously retrieve an HTML page. To do so, a correctly formatted messages must be sent to url@is-not-my.name. The format is as follows:

SOURCE http://www.someurl.foo/page.html
HSUB myhsub
KEY symmetric_key

Where:

SOURCE: The URL to be retrieved. Multiple SOURCE lines can be included in the same request.
HSUB: The Hashed Subject key that can be used to identify the message in alt.anonymous.messages. If this line is omitted, the KEY will be used to generate the hSub.
KEY: A symmetric passphrase that will be required to decrypt the resulting post to alt.anonymous.messages.

Finally, the request should be encrypted to url@is-not-my.name and sent, preferrably via anonymous means, such as the Mixmaster Remailer network.
Messages received in plain text will be discarded.