|
CertificatesDue to the inherent insecurity of the Internet, all sent and received messages in the AN.ON/JonDonym system are signed cryptographically.General information about certificatesCertificates are digital envelopes for cryptographic key pairs. They contain a private key, a corresponding public key and information about the owner of those keys. In the scope of digital signatures, the owner may use his private key to digitally sign messages. Other people may use the certificate to verify the public key belongs to the owner of the private key, and may then verify documents signed by the owner with the public key. The private key must be kept secret by its owner, as otherwise third parties may sign documents in his name. In the scope of Mixes, certificates are important to let the users identify the Mixes and especially their Operators. This is part of the security model of the AN.ON / JonDonym service. It prevents arbitrary, possibly malicious people from running Mixes and enables the users to choose whom they want to trust. Mix certificates In the process of configuring your Mix with the MixConfig tool, you will create a cryptographic Mix certificate that identifies your Mix and enables it to sign messages. You have to send this certificate to the Operators of your neighbouring Mixes, and you have to receive and register their certificates in your configuration to get the Mixes connected. (Please note that an automatic certificate exchange is in preparation.)Operator certificates The Operators in the AN.ON / JonDonym system may run more than one Mix. For the purpose of identifying which Mix belongs to which Operator, each Operator has to create a so-called Operator certificate. This certificate identifies the Operator as private individual or as organisation. With your Operator certificate, you may sign as many Mix certificates as you want. Trust Certificates and keys itself don't provide communication security, as anyone who has a computer is able to create them. Therefore, so-called certificate infrastructures exist: trusted authorities sign the certificates and keys of people or organisations that have proven their identity and the ownership of the certificate/key. The AN.ON / JonDonym service supports more than one of these certification authorities. For example, you may get Operator certificates signed by the TU Dresden, the JonDos GmbH and the German Privacy Foundation. Please not that your Mixes will neither be visible nor usable for clients if you do not have a valid certificate.Certificates and keys are uniquely identifyable by their hash values. Before doing a signature, certification authorities will therefore ask you to compare your certificates subject key identifier (SKI) or SHA1/MD5 fingerprint with the certificate they got from you. If you think that you got a wrong Mix certificate from another operator, you may also compare its subjekt key identifier with the one that he/she tells you. Certification Only your Operator certificate is certified by certification authorities. Please export it into a certificaion request file (.p10) and send it to the authority. You may then take the certified file from the CA and just import it "over" your current Operator certificate. Done. General certificate optionsThe certificate panels show you the status and some options to both your Mix and Operator certificate. As status, you can see an image indicating if a certificate may be verified against one of the root certificates of valid certificate authorities. You also get the subject key identifier (SKI) of each certificate as copyable character string. You should compare it with the SKIs of the certificates that your neighbour Operators got from you in case of connection problems. If you click on a certificate image, you will get even more detailed information about the certificate.
Mix short namePlease give your mix a human-readable name. show in cascade: Choose whether this name should show up in the general cascade name where the mix is located. Please note that only the first 12 characters are guaranteed to be shown. You should not set a short name longer than 16 characters if you would like to use this feature. Operator short nameHere you may set a short common name for the operator certificate. show in cascade: Choose whether this name should show up in the general cascade name where the mix is located. Please note that only the first 12 characters are guaranteed to be shown. You should not set a short name longer than 16 characters if you would like to use this feature. Mix LocationIn the text fields, you should enter information about the location of your Mix server. By creating the Mix certificate you state that this information is correct.OperatorThese fields contain information about the Mix Operator, that means you or your organisation. The Operator certificate containing this information must be signed by a certificate authority to proof that it is correct. You may only use one Operator certificate at a time for all you Mixes. Just export and import it into an other configuration. |
|
||||||||||
|
|
|||||||||||