nymphemeral¶

Features¶

• Manages pseudonym actions: creation, configuration and deletion, as well as message dispatch and retrieval
• Communicates with the new nymserv, a Zax-type nym server with forward and future secrecy
• Uses python-gnupg and pyaxo for encryption
• Uses aampy to retrieve messages from alt.anonymous.messages
• Sends messages through Mixmaster, sendmail, or outputs the resulting ciphertexts to be sent manually
• Supports End-to-End Encryption

Current Release¶

The current version of nymphemeral is 1.4.2, a beta, released 2016-03-21.

Limitations¶

Other Dependencies¶

nymphemeral will be ready for use after installation via either of the two methods described in Main Dependencies. However, you should follow the instructions from Connections, install Mixmaster and have a News Server running to be able to use all of its features.

Updating¶

If you installed nymphemeral with pip, you can also use it for updates:

sudo pip install --upgrade nymphemeral

Stunnel¶

stunnel adds TLS to your connections. You can install it with:

sudo apt-get install stunnel4

To configure stunnel, you can use the .conf file we provide with nymphemeral. Copy that file to the directory where stunnel looks for config files (which is usually /etc/stunnel):

sudo curl https://raw.githubusercontent.com/felipedau/nymphemeral/master/connections/stunnel.conf -o /etc/stunnel/stunnel.conf

Open /etc/default/stunnel4 and enable stunnel automatic startup by switching ENABLE to 1:

# Change to one to enable stunnel automatic startup
ENABLED=1

And start it with:

sudo service stunnel4 start

You should get the following message:

Starting SSL tunnels: [Started: /etc/stunnel/stunnel.conf] stunnel.

[nntps-client]
client = yes
accept = 127.0.0.1:119
connect = 127.0.0.1:10063

[ssmtp-client]
protocol = smtp
client = yes
accept = 127.0.0.1:2525
connect = 127.0.0.1:2526

Tor¶

Tor is a low-latency communication system used to hide your traffic. If you wish to have the latest stable version you should use this option. If that is not the case, simply install it with:

sudo apt-get install tor

Socat¶

socat manages the last part of the process, which will make the connections from your machine to the servers via Tor. You can install it with:

sudo apt-get install socat

A script should be used to make the connection itself. Copy both socat scripts we provide with nymphemeral:

curl https://raw.githubusercontent.com/felipedau/nymphemeral/master/connections/socnews.sh -o ~/socnews.sh
curl https://raw.githubusercontent.com/felipedau/nymphemeral/master/connections/socsmtp.sh -o ~/socsmtp.sh

And enable them to be executed:

chmod +x ~/socnews.sh ~/socsmtp.sh

socat TCP-Listen:10063,bind=localhost,fork SOCKS4A:localhost:news.mixmin.net:563,socksport=9050 > /dev/null 2>&1 &

~/socnews.sh

socat TCP-Listen:2526,bind=localhost,fork SOCKS4A:localhost:lnwxejysejqjlm3l.onion:2525,socksport=9050 > /dev/null 2>&1 &

~/socsmtp.sh

mail.mixmin.net
mail.allpingers.net

Preliminaries¶

First, you need to install the packages required by Mixmaster and OpenSSL:

sudo apt-get install build-essential libpcre3-dev wget \
zlib1g-dev libncurses5-dev curl perl bc dc bison libbison-dev

Build OpenSSL¶

Then you need to compile a version of OpenSSL that contains the IDEA cipher. Grab the most recent version (make sure it is version 1.0.1g or later!) from the OpenSSL download page.

Extract the tarball (substituting your version for 1.0.1g):

tar xvf openssl-1.0.1g.tar.gz

Build the distribution:

cd openssl-1.0.1g
./config
make
make test
sudo make install

Note that this installs OpenSSL into /usr/local/ssl. Symlink the new OpenSSL installation into your normal lib and include directories so that the Mixmaster install script can find them. Note that the sudo mv instructions below will only work if you have previous copies of the files installed. If you get an error along the lines of mv: cannot stat libssl.a or similar, just ignore it - you did not have a file there to move:

cd /usr/lib
sudo mv libssl.a libssl.a.old
sudo ln -s /usr/local/ssl/lib/libssl.a libssl.a
sudo mv libcrypto.a libcrypto.a.old
sudo ln -s /usr/local/ssl/lib/libcrypto.a libcrypto.a
cd /usr/include
sudo mv openssl openssl.old
sudo ln -s /usr/local/ssl/include/openssl openssl

Build Mixmaster¶

Download Mixmaster 3.0.3.

Be sure to verify the SHA256 hash of the downloaded file. You can do this by executing the command:

sha256sum mixmaster-3.0.3b.tar.gz

The output should match the following hex number:

4cd6121e49cddba9b0771d453fa7b6cf824bee920af36206d1414388a47708de

Extract the Mixmaster tarball:

tar xvf mixmaster-3.0.3b.tar.gz

Run the Install script:

cd mixmaster-3.0.3b
./Install

Answer the questions posed by the script:

• You can just press enter when it prompts for the installation directory. It will be installed at ~/Mix
• Do not worry about the OpenSSL version questions - 1.0.1g+ is so new the script does not know about it - select the default YES
• Your new version of OpenSSL does have AES encryption, so answer YES to that question as well
• As we are going to only use Mixmaster as a client (with nymphemeral), answer NO to the question about running a remailer

Mixmaster should be installed successfully.

gcc mix.o rem.o rem1.o rem2.o chain.o chain1.o chain2.o nym.o pgp.o pgpdb.o pgpdata.o pgpget.o pgpcreat.o pool.o mail.o rfc822.o mime.o keymgt.o compress.o stats.o crypto.o random.o util.o buffers.o maildir.o parsedate.tab.o rndseed.o menu.o menusend.o menunym.o menuutil.o menustats.o main.o /usr/local/ssl/lib/libcrypto.a  -lz -L/usr/lib/x86_64-linux-gnu/ -lpcre -L/usr/lib/x86_64-linux-gnu/  -lncurses -L/usr/lib/x86_64-linux-gnu/ -o mixmaster
/usr/bin/ld: /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): undefined reference to symbol 'dlclose@@GLIBC_2.2.5'
/lib/x86_64-linux-gnu/libdl.so.2: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make: *** [mixmaster] Error 1
Error: The compilation failed. Please consult the documentation (section `Installation problems').

LDFLAGS=

LDFLAGS="-ldl"

Getting New Remailer Stats¶

Before you can use Mixmaster, you need to update the stats. We are going to use the pinger from the Jeremy Bentham Remailer, but the process should be similar to other pingers you wish to use.

An easy way to do this securely is with curl. First, create a file called update.sh in your ~/Mix directory, with the following contents:

#!/bin/bash
export SSL_CERT_DIR=$HOME/Mix/certs
rm pubring.asc pubring.mix mlist.txt rlist.txt
curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/mlist.txt -o mlist.txt
curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/rlist.txt -o rlist.txt
curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/pubring.mix -o pubring.mix
curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/pgp-all.asc -o pubring.asc

Change the script to executable mode:

chmod +x update.sh

Next, create the ~/Mix/certs directory and add anemone.mooo.com’s certificate:

mkdir ~/Mix/certs
cd ~/Mix/certs
wget http://anemone.mooo.com/anemone.pem

Now that you have downloaded the certificate file, you can securely update your remailer stats by simply:

cd ~/Mix
./update.sh

You should update the remailer stats at least once a day when using Mixmaster.

Config File¶

Mixmaster just needs to be configured through the ~/Mix/mix.cfg file. A very simple config file could be written as follows:

CHAIN *,*,*,*,*
SMTPRELAY localhost
SMTPPORT 2525
HELONAME anonymous.invalid
REMAILERADDR anonymous@anonymous.invalid

Pre-installed Mixmaster¶

Although we encorage the use of the Mixmaster version installed with this section, improved with 4096-bit RSA (and other features), you are allowed to use any derivative of Mixmaster 3. As long as you use that version and nymphemeral is able to find both paths to the binary and config file, you are fine. Configuring these paths is explained later on [mixmaster].

Configuring nymphemeral¶

You can modify nymphemeral.cfg per your liking. We will not describe the whole file, but only the options relevant to the user that belong to the following sections:

Adding Key¶

Considering you will encrypt a message to a user whose public key is in the pkey.asc file in the home directory. You can add it to nymphemeral’s keyring with:

gpg --homedir ~/.config/nymphemeral --import ~/pkey.asc

Now you can type its UID or fingerprint when encrypting the message.

Similarly, you can also add private keys to the keyring if you expect to receive messages encrypted to a specific key you have. The GPG Agent will automatically prompt you for a passphrase and decrypt the message.

Default Keys¶

nymphemeral’s package includes the public keys of the nym.now.im server and the nymphemeral nym. By importing the former to the client keyring you are able to create and use nyms on that server, and if you need to contact us, the latter allows you to send end-to-end encrypted messages to nymphemeral@nym.now.im. In order to import them you should click Import Default Keys in the Nym Servers window (presented in Managing Servers).

The included keys can be found in the nymphemeral.keyring module as .asc files and a detached signature of nym.now.im’s public key signed by the Jeremy Bentham Remailer Admin can be used to verify the nym-now-im-server.asc file.

First Time Use¶

When you launch nymphemeral for the first time, you must import a server public key in order to create and use nyms.

Managing Servers¶

You can import the Default Keys as well as add, modify or delete any server public key whenever you want by clicking Manage Servers in the login window.

Starting Session¶

To start a session, in the login window, fill in the Address and Passhphrase fields, choose the output method that you would like to use and click Start Session. If you wish to create a nym, you can follow the same steps - nymphemeral asks if a nym is being created when the address is not found in the keyring.

Output Method¶

When Mixmaster is installed and configured, clicking the Send via Mixmaster radio button on the login screen will route all messages to the nymserv through the Mixmaster network automatically.

If you have sendmail configured and running on your machine, you can also choose to send messages to the nymserv as regular email via the Send via Email radio button automatically.

If you would rather send messages manually, select the Display Output in Message Window radio button and then copy the encrypted message from the message window for transmission. If you choose this option it is your responsibility to send the encrypted message to the server. When this last method is being used, the client assumes that the message will get to the server. Therefore, when you finish the creation process, the nym information will be written to disk right away as well as it will be deleted when you confirm to delete the nym.

Key Manager Window

Server Manager Window

Pseudonymous Name¶

The Pseudonymous Name field is the name you are going to give to the nym.

Duration¶

You must provide the duration of the nym’s key. Once the key expires, the nym expires as well. The Duration must be in the same format used by GPG (e.g. 1w, 2m, or 3y).

Ephemeral Key¶

The Axolotl Ratchet protocol derives a master key from the handshake to start a conversation. Since there is already a secure channel between you and the server (using its PGP key), the user can go ahead and send a master key to skip that extra step. That key is the Ephemeral Key you need to provide. It can be any random string since it is ephemeral and will be used only on the first round of message exchange until the ratcheting starts.

hSub Passphrase¶

Using a hashed subject (hSub) is the easiest way of setting up subject identification for your nym to retrieve messages. An hSub is made of two parts, where the first is a random number and the second is the hash of that same random number and a passphrase. As the hashing is a one-way function, no one can identify the owner of the message. However, as you know your nym’s hSub passphrase, you can hash it with the random number of every message, and if the result collides with the second part of the hSub, that message was sent to your nym. More on hSub by Zax.

Saving your hSubs allows nymphemeral to retrieve messages from all your nyms at once. You just need to know how the encryption of the hSub passphrases file works:

The first nym that you create will encrypt its hSub passphase and can only be decrypted by itself. The next nym to be created will save its hSub passphrase in plaintext and will not be able to access the encrypted file until you re-log in with the first nym. Then, it will encrypt both passphrases to both nyms and if you create a third nym, those two other nyms can encrypt the passphrases to the third one and so on.

Create Nym¶

Finally, click Create Nym. The text box will display the output message. Read it to see if the message was sent successfully. The nym will be created and the other tabs will be enabled.

Create Nym Tab

Creation Message

End-to-End Encryption¶

If someone has sent you an End-to-End Encrypted message, when you click on the message to decrypt it, after removing the encryption layers that were added by the nym server, the GPG Agent will prompt you for a passphrase if the key is found in the keyring:

GPG Agent

If the key is not found or the authentication fails, the ciphertext will be displayed, allowing you to decrypt it manually.

Optional Headers¶

In the Headers text box, other headers can be added to the message in the format:

HeaderA: InformationA
HeaderB: InformationB

Newsgroups: alt.privacy.anon-server

End-to-End Encryption¶

End-to-End Encryption

The End-to-End Encryption section enables the user to encrypt and/or sign messages. The Target and Signer fields can receive either an UID or fingerprint. If more than one key is found for that query, nymphemeral will ask the user to be more specific, to avoid ambiguity.

There is also the option to use the Throw Key IDs checkbox, so that if someone obtains the ciphertext, they will not even be able to find out whom the message was encrypted to, because the key ID was removed. Therefore, when someone receives that message, they will have to use all of their keys to attempt to decrypt it.

If the message is being signed, the GPG Agent will prompt you for a passphrase to unlock the secret key:

GPG Agent

Message Structure¶

It is important to know how the contents of your message are handled. For example, if you composed the following message:

To: recipient@domain
Subject: Foo

Bar

It would be encrypted to the server (with both asymmetric and ephemeral encryption layers) and would become the following message to be transmitted:

To: send@server

-----BEGIN PGP MESSAGE-----
<ciphertext>
-----END PGP MESSAGE-----

If someone intercepted the message, they would only learn that you sent a message to send@server, which would remail it to someone else. However, they learn nothing about the original message, because it is encrypted to the server. Now, when the server receives and decrypt it, the original message is accessed:

To: recipient@domain
Subject: Foo

Bar

That is the reason that another layer (end-to-end encryption) should be added. That way, when the server removes its encryption layer, it would only have access to the headers:

To: recipient@domain
Subject: Foo

-----BEGIN PGP MESSAGE-----
<ciphertext>
-----END PGP MESSAGE-----

It is called “end-to-end” because only the ends of the transmission (you and the recipient) can access the data. That last encryption layer must be removed by the recipient, to finally obtain the plaintext of the message. The last thing you should know is that the headers cannot be encrypted. Therefore, make sure to use non sensitive information for the subject and optional headers you might add.

nymphemeral 1.4.2, released 2016-03-21¶

• Make the login interface more intuitive and close #21
• Minor interface enhancements
• Require setuptools only
• Include default keys and close #29
• Organize imports and close #37

nymphemeral 1.4.1, released 2016-02-13¶

• Add nymphemeral’s own method to check a nym’s passphrase
• Fix issue when retrieving nyms due to a change to python-gnupg
• Enable auto-generation of ephemeral and hSub keys
• Add method to retrieve a specific nym
• Add expiration attributes to the Nym class and display the expiration date on the GUI

nymphemeral 1.4, released 2015-12-19¶

• Make a proper entry point to launch the GUI
• Close #24 by using versioneer for version management

nymphemeral 1.3.6, released 2015-12-17¶

• Fix issue #26 to format the key info of nyms without expiration
• Fix issue #30 to not crash nymphemeral when a mix chain is not found
• Add an Updating section to the docs
• Do not call the package manager to install dependencies

nymphemeral 1.3.5, released 2015-09-09¶

• Improve the logger level
• Add more information to the installation sections
• Define which attributes and methods of Client are private
• Improve the code (add constants, simplify methods, remove redundancy)
• Fix bug to save new databases in the db directory

nymphemeral 1.3.4, released 2015-07-22¶

• Improve recognition of the Mixmaster installation
• Clarify nymphemeral’s features and limitations
• Add instructions for Whonix

nymphemeral 1.3.3, released 2015-07-18¶

• Use pyaxo 0.4
• Use Python’s logging module
• Slightly improve aampy’s performance
• Improve parsing of the config file
• Improve and add more input validation
• Bug fixes and code improvements

nymphemeral 1.3.2, released 2015-05-13¶

• Add End-to-End encryption
  • Encrypt
  • Throw key IDs
  • Sign
  • Support GPG agent
• Redesign aampy

nymphemeral 1.3.1, released 2015-03-03¶

• Create client module
• Modify the GUI to be a layer between the user and the client

nymphemeral 1.2.3, released 2015-02-14¶

• Remove dependency links processing from pip install

nymphemeral 1.2.2.1, released 2014-11-14¶

• Remember the output method being used

nymphemeral 1.2.1, release 2014-11-10¶

• Append date to the title of the messages in the ‘inbox’
• Encrypt hSub passphrases
• Support headers added by the user at the top of the message being composed
• Add the ‘In-Reply-To’ header to the reply