Responsibilities of Mix Operators

Due to the inherent insecurity of the Internet, all sent and received messages in the AN.ON/JonDonym system are signed cryptographically.

Mix certificates

In the process of configuring your Mix with the MixConfig tool, you will create a cryptographic certificate that identifies your Mix and enables it to sign messages. This certificate must be sent to the operators of your neighbouring Mixes, and you must receive their certificates to get the Mixes connected. In a static configuration, you will have to exchange the certificates by e-mail or other means with the neighbouring Operators (an automatic exchange and verification is in preparation, however).

Operator certificates

The Operators in the AN.ON / JonDonym system may run more than one Mix. For the purpose of identifying which Mix belongs to which Operator, each Operators has to create a so-called Operator certificate. This certificate identifies the Operator as private individual or as organisation.

Trust

Certificates and keys itself don't provide communication security, as anyone who has a computer is able to create them. Therefore, so-called certificate infrastructures exist: trusted authorities sign the certificates and keys of people or organisations that have proven their identity and the ownership of the certificate/key. The AN.ON / JonDonym service supports more than one of these certification authorities. For example, you may get Operator certificates signed by the TU Dresden, the JonDos GmbH and the German Privacy Foundation. Please not that your Mixes will neither ve visible nor usable for clients if you do not have a valid certificate.

Certificates and keys are uniquely identified by their hash values, too. If you get a certificate from someone that is not signed by an authority you trust in, you can still verify if it is really his/her certificate by comparing the SHA1/MD5 fingerprint with the fingerprint he/she will tell you. This is, for example, the SHA1 fingerprint of the JAP-Team certificate:

4D CF 81 F5 92 4B 11 19 6B 44 2A CD 53 E2 46 E1 0D 9A 16 F6

Secure communication with the JAP-Team

The best way to contact us is by e-mail There is no need to encrypt messages for us, since we will not exchange any secret information. Signing your e-mails is no bad idea, though, as this will provide some transparency and reassurance in case of doubt. Here is the source of our PGP key and it's fingerprint (this key is optional and only for e-mail communication and has nothing to do with the Mix network):
If you do not know how to sign or how to check the signature of digital documents with PGP/GPG, you will find a short manual here.

If you don't trust this document itself you should confirm the key's fingerprint by some other means, e.g. calling us by phone. If you simply send us your public PGP or GPG key in an unsecured way (e.g. e-mail), we will also not trust it until it has been confirmed by some other means, like a phone call, or a signature by an authority we trust in.