Nym Setup Instructions
Instructions for setting up an nym with @mixnym.net and @is-not-my.name
Note: comments are placed within [ ] in the following header instructions.
1. Download and install Gpg4win if you don't already have it. The url is: http://www.gpg4win.org/download.html. Gpg4win is a Windows shell program that runs GnuPG. GnuPG is included within the Gpg4win download. You click on the orange box at the top to get to the download page. I suggest you not download any versions with a trailer of -rc1, -rc2, ... -rc(n).
2. Create an RSA key pair. Choose ╣4096 bit (before continuing, see '╣4096 key:' below) if option available, otherwise 3072. Where it ask for your name, reply with the nym name you want to use (lets say you choose: my-nym-name). Where it ask for an email address, reply with the email address: email@example.com or firstname.lastname@example.org, which ever nym name and nym you choose to use.
3. Copy to the clipboard the public key for mixnym.net and is-not-my.name (the key is the same for both) found at http://www.is-not-my.name/key.asc. Then start GnuPG and use the Edit/Paste menu items to import the key into the 'GNU Privacy Assistant - Key Manager' window. Then right click on the imported key, select the 'Set Owner Trust...' menu item, and set the owner trust to 'Ultimate'.
4. Replace the [Reference 2] line below with your newly created public RSA key (see #2 above). (To copy your new RSA public key for pasting, click on the key's line in the 'GNU Privacy Assistant - Key Manager' window, right click the line, and click the 'Copy' menu item.) Then send the headers with the key between [Reference 1] and [Reference 3] in QSL (QSL remailer client: http://www.quicksilvermail.net/qslite). QSL may give you a couple of error messages concerning the sending of your data, but should eventually send it correctly in the end.
Subject: No Subject
Be sure to change the 'To: email@example.com' to 'To: firstname.lastname@example.org' if you chose to use @is-not-my.name. Your nym will be automatically named with your key name (our example: email@example.com or firstname.lastname@example.org).
5. Your nym creation confirmation messages will be sent to alt.anonymous.messages. You can dig for it with a news agent and try to manually decrypt each message, or you can use the AAM hSub Interpreter program with the 'Decrypt only' option checked to look for it (33% increase in download time using this option, so should only be used to find confirmation messages). Be sure to always check the 'Decrypt only' option before every search for your confirmation message because this check box is always reset at program end. The author will be 'Anonymous' and there will be no comment line in the encrypted block. The first two lines in the encrypted block should look something like this:
-----BEGIN PGP MESSAGE-----
Be sure to start your confirmation message search by completely downloading at least 500 alt.anonymous.messages headers with the message bodies in your news agent before clicking on any single message, to prevent anyone from knowing which messages you are accessing. If you are using the AAM hSub Interpreter program with the 'Decrypt only' option to find your confirmation message, subtract 500 from the 'High watermark' box the first time you make your search.
6. After decrypting the confirmation message and finding that everything has been created correctly, you will then have to do another config to submit a secret subject that will be used to create an hsub.
Your secret subject will be created with the following line: Hsub: mysecretsubject. 'mysecretsubject' can be anything and any length you choose. Start GnuPG, click the 'Clipboard' button, and paste the secret subject line Hsub: mysecretsubject into the GNU Privacy Assistant 'Clipboard' window. Click the 'Encrypt' button, click the line containing the '14D0C447 Config mixnym...' key to highlight it, check the 'Sign' checkbox, and then click on your nym key line to highlight it. Then click the OK button, follow the password request instructions, and the encrypted block should be created. Replace the [Reference 2] line above with this encrypted block and copy the lines between [Reference 1] and [Reference 3] above into QSL. Then use the QSL remailer client to send this block (there must be a blank line after the 'Subject:' line).
QSL may give you a couple of error messages concerning the sending of your data, but should eventually send it correctly in the end.
7. Upon successfully creating your hsub, you will be able to use AAM hSub Interpreter to easily find your alt.anonymous.messages messages sent to your nym email address (you can use AAM hSub Interpreter to find the confirmation for the hsub creation if it created successfully). Place your nym name (our example: my-nym-name) in the parameter's 'Your hSub pgp key name' box and place you hsub secret subject (our example: mysecretsubject) in the 'Secret subject (hSub)' box.
8. Read the AAMhSub Help for proper use.
╣4096 key: Note A. The current version of Gpg4win will not generate a key larger that 3072. It has been recommended that everyone should use the same 4096 bit key length for maximum anonymity. It is also recommended that a key should not contain a key ID, which will always be included in a key generated by the Gpg4win program shell. A 4096 key generator that will throw the key ID can be found here: 4096KeyGenerator
╣4096 key: Note B. The current version of Gpg4win will not generate a key larger that 3072. It has been recommended that everyone should use the same 4096 bit key length for maximum anonymity. It is also recommended that a key should not contain a key ID, which will always be included in a key generated by the Gpg4win program shell. The following instructions will show you in how to manually generate a 4096 key without a key ID.
A. Create a folder named C:\C\ . Enter into this folder and create a file named C:\C\ukeygen.bat . Use a ▓text editor to open the file and paste in the following code:
%echo *** Generating an RSA key and sub key ***
%echo Keys have been generated when this window closes
%echo Name: my-nym-name
%echo Email: email@example.com
%echo Key expires: never
%echo Please wait for keys generated message...
##Name-Comment: no comment
## Leave the next %commit here, to print "Public... keys have been generated!"
%echo Public and secret keys have been generated!
B. Change all occurrences of 'my-nym-name' fields above to your chosen nym name. If you have chosen to use @is-not-my.name, change all occurrences of @mixnym.net to @is-not-my.name .
C. Enter a Passphrase of your choice in the 'Passphrase:' field.
D. Save this file again as ukeygen.bat .
E. Go to the command prompt window (In Vista, hold down the Windows key and press R) and type 'cmd' at the command prompt.
F. At the command prompt, do a 'cd c:\c'.
G. Place the following string into the clipboard after changing 'your-gpg-folder-path' to your correct GnuPG path (this should be one single string - no line breaks):
c:\your-gpg-folder-path\gpg2.exe --batch --gen-key --throw-keyids --no-default-keyring --keyring c:\c\pubring.gpg --secret-keyring c:\c\secring.gpg c:\c\ukeygen.bat
H. Right click on the dos command prompt window and click 'Paste' which should paste in the above line. Hit enter and wait a minute for your keys to be generated. The message 'Public and secret keys have been generated!' will appear when gpg is finished creating the keys.
I. Start GnuPG. Click the 'Import' button. In the left 'Places' window, click on 'Local Disk (C:)'. In the right window, double click the 'C' folder. In the right window, double click the 'secring.gpg' file. The public and secret keys will then be imported into GnuPG.
J. Get back to the 'GNU Privacy Assistant - Key Manager' window. Right click on your newly created key, click 'Set Owner Trust...', and set it to 'Ultimate'. Your 4096 key is now complete.
▓text editor: Excellent free text editor: http://notepad-plus-plus.org
__ _ __ __ _