Installing Quicksilver Lite in Whonix and creating a Mixmin nym

These are instructions for creating a nym at mixnym.net, using Quicksilver Lite (QSL) in Whonix. QSL is Windows software, so it needs Wine to run in Whonix (based on Debian).

For background, please see Wikipedia, e.g. -https://en.wikipedia.org/wiki/Pseudonymous_remailer.

This is a first draft, so there may be mistakes. But I wanted to get it up as background reading. I'll update it ASAP after getting confirmation from mixnym.net that my nym was created. And then I'll post a tutorial for installing and configuring QSA in Whonix.

Work in Tails or your current VPN/Tor setup if you want privacy.
Download Whonix VMs from -http://sourceforge.net/p/whonix/wiki/Download/.
Import gateway and workstation with VirtualBox.
Edit gateway VM configuration:
...By default, network adapter 1 is NAT.
...If you're using router VMs, change to appropriate internal network.

Change root and user passwords in gateway VM from default "changeme".
Change root and user passwords in workstation VM from default "changeme".

Work from here on in Whonix workstation.

Tweak Kickoff | Favorites as desired.

Run in Terminal:
...sudo apt-get update
...sudo apt-get install wine
...sudo apt-get install unzip

Choose a pseudonymous email address at mixnym.
...Pick something that's not likely to have been already taken.
...Pick something that's not associated with you or other pseudonyms.
...It could be a random string, or something more memorable.
...I'm using "jtofawley@mixnym.net" for this, so you can test with me.

Run "gpg --key-gen" and create 4,096-bit key pair for jtofawley@mixnym.net.
...Pick appropriate name ... here I'm "Jude Fawley" with comment "T.O.".

In KGpg, highlight your key, and:
...Right click, and select "Set as Default Key".
...Right click, and select "Export Public Key".

Download latest QSL from -https://www.quicksilvermail.net/qslite/.
Download latest QSA from -https://www.quicksilvermail.net/qsaam/.

Get mixnym key 0x14D0C447 from -https://www.sks-keyservers.net/i/.
Save as 14D0C447.asc.

In KGpg:
...Import mixnym key 0x14D0C447.
...Sign it using the key that you just created.
...Set owner [your] trust for it.
......Use button in KGpg "Key Properties", and choose at least "Marginally".

Unzip QSL and QSA in Download folder, autodetecting archive folders.

Run Wine configuration and click OK to create /home/.wine.
Click "Show Hidden Files" in File Manager (Dolphin) | View.
In /home/user/.wine/drive_c/, create folder "QS".

Copy all QSA files to /home/user/.wine/drive_c/QS/.
Copy all QSL files to /home/user/.wine/drive_c/QS/ [check "Apply to All" and click "Skip"].

In /home/user/.wine/drive_c/QS/, create folder gpg-links.

Open Terminal and create links to allow QSL and QSA to use Debian gpg:
...Run "cd .wine/drive_c/QS/gpg-links".
...Run "link '/home/user/.gnupg/pubring.gpg' '/home/user/.wine/drive_c/QS/gpg-links/pubring.gpg'".
...Run "link '/home/user/.gnupg/secring.gpg' '/home/user/.wine/drive_c/QS/gpg-links/secring.gpg'".

In File Manager, go to /home/user/.wine/drive_c/QS/.
...Double click qsa.exe, and create Desktop link.
...Close QSA windows, and check top link ... delete ".lnk" link.
...Copy link, and paste as "QuickSilver Lite.desktop".
...Edit "QuickSilver Lite.desktop".
......Rename as "QuickSilver Lite".
......Open Properties.
.........Check that name in General tab is "QuickSilver Lite".
.........Go to Application tab.
............Change Comment to "QuickSilver Lite".
.........In Command tab, change "...C:\\QS\\qsa.exe" to "...C:\\QS\\qsl.exe".

Double click Desktop QuickSilver Lite link and click "Setup".
Draw randomly in window until "Ok" appears ... click "Ok".
Paste your new email address in "Email Address" and click "Next".
...I'm using jtofawley@mixnym.net for this demo.
Now you'll configure the SMTP server for QSL.
For SMTP Server aka Host, use Mixnym's hidden service "gbhpq7eihle4btsn.onion".
...Accept other defaults and click "Next".
Now you'll configure the proxies that QSL uses, in this case Tor.
...For SMTP Proxy, check "Enable" and "TOR".
...Specify "192.168.0.10" as Proxy Server.
...Specify 9100 as Port.
...Accept other defaults and click "Next".
Do the same for HTTP Proxy.
Review configuration summary and accept.
Open Tools | Options.
...In General tab:
......Under "User Mode", check "Expert".
......Under "On Start-up", check "Open Template Dialog".
...In PGP tab:
......Check "PGP Public Key Encryption".
......For "Private Keyring", use "C:\QS\gpg-links\secring.gpg".
......For "Public Keyring", use "C:\QS\gpg-links\pubring.gpg".
......Click "Default key" and select it (will be just your new one).
......If desired, choose to cache private-key passphrases for five minutes or so.
...In Mix tab:
......Select "once a day" for "Update remailer stats".
...Click "Ok" to finish.
Open Tools | Stats manager.
...Click "Update".
...When you see "done!" click "Ok".
...If it stalls, there's something wrong with your Tor setup.
......Check with Firefox, and also check Tor config in Tools | Proxies.
Open Tools | Allpingers manager.
...Click "Update".
...When you see "done!" click "Ok".

Now you'll configure the message that QSL uses to create a Mixnym nym.
In the main compose pane, paste the following, in place of the default text:

Code:

Fcc: nyms
Pgp: encrypt=0x14D0C447; sign=0x87B39720;
Host: gbhpq7eihle4btsn.onion
From: nobody@nowhere.net
Chain: *,*,austria; copies=3;
To: config@mixnym.net
Subject: none

hsub: New Mail For Jude!

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFFP2l4BEACXJDUM6SxyjUk8K+MJ4fRJ5VMaE6hSsAD6n8eO04l9HMzSx26X
<snip>
wnOpR4sYYD9MFLura6+YiHWtT8ih
=ndP9
-----END PGP PUBLIC KEY BLOCK-----

~~

In the above:
...Replace the key ID in "sign=0x87B39720;" with yours.
......The mixnym server will only accept signed configuration requests.
...Replace "Jude" in "hsub: New Mail For Jude!" with your fake first name.
...Replace the public key block with your public key that you exported above.
...Be very careful near line ends ... Unix vs DOS newline can be buggy here.
...The "~~" at the bottom, preceeded by two blank lines, is crucial!
Save as "mixnym create template".
...You can reuse it with edits for creating other nyms.
Now click "Send" and enter your key passphrase when prompted.
After it finishes, you should see:

Code:

0 in message queue
0 in problem queue
3 sent

All mail sent!

If it worked, the next step is configuring QSA.
If it hangs, cancel out and go back through everything looking for errors.
Close QSL when you're done (and ignore the crash error that you may see).

You can't get a reply from the mixnym server until you configure QSA.
But that may take about a day, so there's no rush.
If you get no reply, the nym may already be taken, so try again with another.

[to be continued]

Edit: I'm manually adding my new signature.

mirimir <mirimir@riseup.net>
GnuPG Key ID: 0x17C2E43E
Fingerprint: BF24 D19E 7B33 536E 7512 BA47 620D 6551 17C2 E43E
Tutorials: http://vimeo.com/mirimir/

 

Great. Just linked from the Whonix e-mail wiki page to this thread.

 

Thanks And thanks too for linking from my first post about this.

So, are you going to test it?

You and Richard Christman would be awesome testers

 

interesting ill check this out and see if its something to be added to the arsenal

so ive been reading the wiki on this

as much as ive understood it makes your emails untraceable but your allowed to have a username to identify eachother including the proper and safely confirmed pgp keys on your keychain for authentication , its kinda like regular pgp encryption on regular email

 

You're on the right track for sure, but nyms are much stronger than that.

The initial nym config request to the nymserver is done through a series of Mixmaster remailer chains. One would probably include Tor and a good VPN in the delivery mechanism as well.

The nymserver quite literally has no ability to know anything about you. Mixmaster itself, being highly resistant to a powerful adversary makes your messages impossible to trace.

Among the major differences between a nym and regular PGP encrypted email is this: An email is delivered to your machine. A nym message is delivered to a shared message pool which is: alt.anonymous.messages.
Contents are encrypted. The subject line itself, is also encrypted, and can only be decrypted by the nym holder. Delivery can never be traced back to your machine. Major plausible deniability.

A further difference is this: Nym messages are wrapped in multiple layers of encryption. Not just one. A nym message is first encrypted to the nymserver's key. The user may then further encrypt the message body itself, to the key of the intended recipient. So what you really have is: A message that is untraceable, and a message that is unreadable, except by your recipient.

What one has simultaneously achieved is: Both compete anonymity and privacy.

 

Thanks Mir! Will revisit and read this later.

PD

 

Thanks for the explanation, The_Scour. Can I steal some of your language in the final version? I'll acknowledge you, of course

Yes, the setup that I posted uses Tor hidden services for both SMTP (outgoing messages) and NNTP (incoming messages from Usenet newsgroup alt.anonymous.messages aka a.a.m). You're isolated from the SMTP server (gbhpq7eihle4btsn.onion) by Tor. The SMPT server sends your nym configuration request to config@mixnym.net through chains of three Mixmin remailers. That's serious isolation!

Then config@mixnym.net sends the reply to a.a.m, rather than directly to you. And the NNTP server that you use to get messages from a.a.m is also a Tor hidden service. So you're well isolated on the receiving end as well.

There have been deanonymization attacks on Mixmaster itself using message flooding. But using a.a.m as the inbox, and doing everything via Tor hidden services, eliminates that threat, I believe.

Right.

Right.

Right.

Well, I'm impressed, and that's why I posted it

I used this system for a while about 15 years ago. But it was much harder then. Finding your messages in a.a.m was extremely tedious. While this implementation is undeniably more complicated than using Thunderbird with Enigmail, it's quite usable once you become familiar with how it works.

 

Great post, mirimir.

IMHO, this is important stuff.

Feel free to tear off pieces of language, as appropriate if it serves the cause.
I'm just an average Joe trying to learn, just like everyone else.

Yes, Nyms are technically challenging. But it's much easier today than in days of yore. And especially in this day and age, of increasing surveillance and monitoring, they are more important than ever.

Before getting lost in a sea of technical details, it may be important to understand something of the Mixmaster protocol, as an overview, and what it accomplishes:

http://tools.ietf.org/html/draft-sassaman-mixmaster-03

"This document describes a mail transfer protocol designed to protect
electronic mail against traffic analysis. Most e-mail security
protocols only protect the message body, leaving useful information
such as the identities of the conversing parties, sizes of messages
and frequency of message exchange open to adversaries.

Message transmission can be protected against traffic analysis by the
mix-net protocol. A mix (remailer) is a service that forwards
messages, using public key cryptography to hide the correlation
between its inputs and outputs. If a message is sent through a
sequence of mixes, one trusted mix is sufficient to provide anonymity
and unobservability of communications against a powerful adversary.
Mixmaster is a mix-net implementation for electronic mail.

Viewed from a high level, Mixmaster is like a packet network, where
each node in the network is known as a "remailer." The original
content is split into pieces, and an independent path is determined
for each piece, with the only requirement that all paths must end at
the same remailer. Each piece is multiply encrypted so that any
intermediate remailer can only decrypt enough information to
determine the next hop in the path. When all pieces have arrived at
the final remailer, the original content is re-created and sent to
its final destination."

This is the system that delivers nym messages.

It's perhaps important to note that like Tor, Mixmaster is a system of distrust.
Mixmaster assumes that there may be colluding adversaries on the wire, yet with one secure
Mix, anonymity and privacy are preserved.

Like every other anonymity system such as Tor, i2P, Mixmaster is subect to theoretical attacks.

Nonetheless, it is a powerful system and quite worthy of consideration.