OmniMix • Tutorial • Whole Message Encryption (WME) PreviousTopNext

It's obvious to prevent your normal e-mail correspondence from being spied on by encrypting it with PGP. If the messages include attachments, you have to encrypt those as well. But there are parts of your message you can't hide this way, like its size, the subject, some language specific characteristics, and last, not least the fact of sending a multi-part message. That's where OmniMix's 'Whole Message Encryption' comes to your aid.

Different from PGP frontends, which only allow to manipulate your message before being sent by the mail client, a proxy server like OmniMix is able to alter it as a whole, as long as the result remains a compatible mail. Provided that the PGP keys of all recipients of a mail are available, OmniMix can be advised to encrypt the entire message, including the complete header section and some random dummy data to disguise its real size, into one single PGP message block and send it by means of a rudimentary header, which has to contain nothing but the mail addresses and maybe some 'X-Hashcash' tokens. If it's sent via a nym server an existing 'Nym-Commands' directive is also moved outside the WME encryption block, but for reasons of security this doesn't matter, as the message in any case is additionally encrypted with the server's key. For an adversary, who's allowed to become acquainted with the identity of the correspondents, the result of this procedure is nearly worthless.

Moreover OmniMix even supports sending WME messages anonymously, which usually isn't done to hide your identity from the recipients within your WME community, but to prevent external observers from figuring out the communication partners. Keep in mind, that the data within the WME block aren't anonymized, but, though maybe shortened dependent on an active 'Mail Permits' header filter list, handled like normal mail. In order to allow an unrestricted, transparent communication without adverse effects for the participants, among other things there's still your 'From' address - which may be bogus - and the 'Message-ID'. If the former can be found on the WME recipients list with 'Sign' activated, the resulting signature may also expose your identity to those who are able to decrypt the message. So check what gets encrypted at the 'Data for Whole Message Encryption' section of the 'Raw Data' list as well as the 'Log' entries to assure yourself that no sensitive data are unintentionally revealed to the addressees! Caution: Don't send an anonymous mail to several addressees at a time if you don't want them to become linked! In this case send a separate one to each of them.

The recipients then either have to decrypt the PGP block manually and import the result into their mail user agents, which certainly can only be accepted in exceptional cases. On the other hand OmniMix can automatically translate the messages back into their original state in the course of its retrieval from the POP3 server, as far as the corresponding secret PGP key and the correct passphrase are placed at its disposal.

At the 'Dummy Load' page of the 'WME' section you're able to randomly increase the size of your mail. This measure prevents adversaries from estimating the kind of message, whether it's about a usually shorter text or a more voluminous data transfer. Request a message-specific dummy load by sending the desired block size range ('O-Wme-Dummy-Size-Min' and 'O-Wme-Dummy-Size-Max' header entry) with your message. Values higher than the maximum block size defined within OmniMix are refused, as the processing of a message extreme in size may knock out your system. OmniMix now appends a random text block to your message introduced by a line with a unique character sequence. The contents of that indicator line is added to the message header as the argument of an 'X-Wme-Dummy-Separator' entry in order to allow the recipient's system to restore the original message by removing the dummy load. It's important, that the dummy separator header is named equally at the sender and recipient, as otherwise the addressee won't be able to restore the original message.

Pros and cons of different communication methods
Ordinary
Mail
PGP WME Remailing Remailing
+ WME
Nym Nym
+ WME
Contents Protection No Partial1 Complete1 No Complete1 No Complete1
Reply Capability Yes Yes Yes No Yes Yes Yes
Anonymity towards an external observer No No No Yes Yes Yes Yes
Anonymity between the correspondents No No No Yes No Yes Yes
Latency Low Low Low Medium Medium High High
Reliability High High High Medium Medium Low2 Low2
1 Partial: Net data only / Complete: Data + structure
2 High with AckSend activated

The first step to set up WME is to add all required keys to the 'WME' keyring ('WME' tab within the 'Nym Configurator'). You have to import public keys for your correspondents and one or more public / secret keypairs for yourself. Don't use any of your very secret PGP keys for that transmission purpose, as its passphrase has to be stored on your computer and both can be stolen by anyone who gets access! Better create new keys and mark them with names, that point out their low-security use, e.g. by adding the character sequence '(WME)' to the User-ID. As decryption problems can't be ruled out otherwise, it's recommended to create your keys within OmniMix itself.

You may notice that the WME section offers a greater variety of partly more secure encryption and hash algorithms than allowed for nym accounts. That's because there's no need to consider the capabilities of remailers and nym servers.


Next is to go to the 'WME' tab of the main window and add the mail addresses of all participants in your WME network to the list along with the corresponding key and - if it's a private key of your own - the passphrase. Based on this list, if WME is active, all mails, whether sent normally or by one of your nyms, are examined for the presence of corresponding encryption keys. If OmniMix finds keys for all 'To:' and 'Cc:' recipients and there are no 'Bcc:' recipients (who would be uncovered by an encryption using their keys), the mail gets encrypted and only header data mandatory for delivery are left outside the protected block. At request the sender's signature is added in the course of the encryption to prove the authenticity of the sent mail.

Finally you have to tell OmniMix, who's allowed to use the single private key / password combinations to sign outgoing and decrypt incoming WME mails. Therefore go to the 'User' tab and mark for every user the 'WME' mail addresses that belong to that account.

Now you've finished. All outgoing mails are processed dependent on the WME mode ('WME' tab, 'disabled' / 'enabled' / 'required'). If a message has to depart from that rule, then use the according header directive. 'O-WmeSend-Mode: required' e.g. rejects a message that can't be WME encrypted, with 'O-WmeSend-Mode: disabled' you would even be allowed to send a usual anonymous mail to someone whose key is present at the WME keys list. The 'Sign' setting within the WME participants list is binding in any case. Therefore, if signatures are requested, the WME encryption has to fail as long as the password isn't properly set for the WME key or the WME item isn't assigned to the user account.

PreviousTopNext