| OmniMix • Tutorial • Whole Message Encryption (WME) |
  
|
It's obvious to prevent your normal e-mail correspondence from being spied on by encrypting it with PGP. If the messages
include attachments, you have to encrypt those as well. But there are parts of your message you can't hide this way,
like its size, the subject, some language specific characteristics, and last, not least the fact of sending a multi-part
message. That's where OmniMix's 'Whole Message Encryption' comes to your aid.
Different from PGP frontends, which only allow to manipulate your message before being sent by the mail client, a proxy
server like OmniMix is able to alter it as a whole, as long as the result remains a compatible mail. Provided that the PGP
keys of all recipients of a mail are available, OmniMix can be advised to encrypt the entire message, including the complete
header section and some random dummy data to disguise its real size, into one single PGP message block and send it by means
of a rudimentary header, which has to contain nothing but the mail addresses and maybe some 'X-Hashcash' tokens. If it's
sent via a nym server an existing 'Nym-Commands' directive is also moved outside the WME encryption block, but for reasons
of security this doesn't matter, as the message in any case is additionally encrypted with the server's key. For an
adversary, who's allowed to become acquainted with the identity of the correspondents, the result of this procedure is
nearly worthless.
Moreover OmniMix even supports sending WME messages anonymously, which usually isn't done to hide your identity from the
recipients within your WME community, but to prevent external observers from figuring out the communication partners. Keep
in mind, that the data within the WME block aren't anonymized, but, though maybe shortened dependent on an active 'Mail
Permits' header filter list, handled like normal mail. In order to allow an unrestricted, transparent communication
without adverse effects for the participants, among other things there's still your 'From' address - which may be bogus -
and the 'Message-ID'. If the former can be found on the WME recipients list with 'Sign' activated, the resulting signature
may also expose your identity to those who are able to decrypt the message. So check what gets encrypted at the 'Data for
Whole Message Encryption' section of the 'Raw Data' list as well as the 'Log' entries to assure yourself that no sensitive
data are unintentionally revealed to the addressees! Caution: Don't send an anonymous mail to several addressees at a time
if you don't want them to become linked! In this case send a separate one to each of them.
The recipients then either have to decrypt the PGP block manually and import the result into their mail user agents, which
certainly can only be accepted in exceptional cases. On the other hand OmniMix can automatically translate the messages
back into their original state in the course of its retrieval from the POP3 server, as far as the corresponding secret PGP
key and the correct passphrase are placed at its disposal.
At the 'Dummy Load' page of the 'WME' section you're able to randomly increase the size of your mail. This measure
prevents adversaries from estimating the kind of message, whether it's about a usually shorter text or a more voluminous
data transfer. Request a message-specific dummy load by sending the desired block size range ('O-Wme-Dummy-Size-Min' and
'O-Wme-Dummy-Size-Max' header entry) with your message. Values higher than the maximum block size defined within OmniMix
are refused, as the processing of a message extreme in size may knock out your system. OmniMix now appends a random text
block to your message introduced by a line with a unique character sequence. The contents of that indicator line is added
to the message header as the argument of an 'X-Wme-Dummy-Separator' entry in order to allow the recipient's system to
restore the original message by removing the dummy load. It's important, that the dummy separator header is named equally
at the sender and recipient, as otherwise the addressee won't be able to restore the original message.
| Pros and cons of different communication methods |
|
Ordinary
Mail |
PGP |
WME |
Remailing |
Remailing
+ WME |
Nym |
Nym
+ WME |
| Contents Protection |
No |
Partial1 |
Complete1 |
No |
Complete1 |
No |
Complete1 |
| Reply Capability |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
| Anonymity towards an external observer |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
| Anonymity between the correspondents |
No |
No |
No |
Yes |
No |
Yes |
Yes |
| Latency |
Low |
Low |
Low |
Medium |
Medium |
High |
High |
| Reliability |
High |
High |
High |
Medium |
Medium |
Low2 |
Low2 |
|
1 Partial: Net data only / Complete: Data + structure |
|
2 High with AckSend
activated |
The first step to set up WME is to add all required keys to the 'WME' keyring ('WME' tab within the 'Nym Configurator'). You have
to import public keys for your correspondents and one or more public / secret keypairs for yourself. Don't use any of your very
secret PGP keys for that transmission purpose, as its passphrase has to be stored on your computer and both can be stolen by anyone
who gets access! Better create new keys and mark them with names, that point out their low-security use, e.g. by adding the
character sequence '(WME)' to the User-ID. As decryption problems can't be ruled out otherwise, it's recommended to create your
keys within OmniMix itself.
You may notice that the WME section offers a greater variety of partly more secure encryption and hash algorithms than allowed for
nym accounts. That's because there's no need to consider the capabilities of remailers and nym servers.
Next is to go to the 'WME' tab of the main window and add the mail addresses of all participants in your WME network to the list
along with the corresponding key and - if it's a private key of your own - the passphrase. Based on this list, if WME is active,
all mails, whether sent normally or by one of your nyms, are examined for the presence of corresponding encryption keys. If OmniMix
finds keys for all 'To:' and 'Cc:' recipients and there are no 'Bcc:' recipients (who would be uncovered by an encryption using their
keys), the mail gets encrypted and only header data mandatory for delivery are left outside the protected block. At request the
sender's signature is added in the course of the encryption to prove the authenticity of the sent mail.
Finally you have to tell OmniMix, who's allowed to use the single private key / password combinations to sign outgoing and decrypt
incoming WME mails. Therefore go to the 'User' tab and mark for every user the 'WME' mail addresses that belong to that account.
Now you've finished. All outgoing mails are processed dependent on the WME mode ('WME' tab, 'disabled' / 'enabled' / 'required').
If a message has to depart from that rule, then use the according header directive. 'O-WmeSend-Mode: required' e.g. rejects a
message that can't be WME encrypted, with 'O-WmeSend-Mode: disabled' you would even be allowed to send a usual anonymous mail to
someone whose key is present at the WME keys list. The 'Sign' setting within the WME participants list is binding in any case.
Therefore, if signatures are requested, the WME encryption has to fail as long as the password isn't properly set for the WME key
or the WME item isn't assigned to the user account.