Due to the inherent insecurity of the Internet, all sent and received messages in the AN.ON/JonDonym system are signed cryptographically.

General information about certificates

Certificates are digital envelopes for cryptographic key pairs. They contain a private key, a corresponding public key and information about the owner of those keys. In the scope of digital signatures, the owner may use his private key to digitally sign messages. Other people may use the certificate to verify the public key belongs to the owner of the private key, and may then verify documents signed by the owner with the public key. The private key must be kept secret by its owner, as otherwise third parties may sign documents in his name.

In the scope of Mixes, certificates are important to let the users identify the Mixes and especially their Operators. This is part of the security model of the AN.ON / JonDonym service. It prevents arbitrary, possibly malicious people from running Mixes and enables the users to choose whom they want to trust.

Mix certificates

In the process of configuring your Mix with the MixConfig tool, you will create a cryptographic Mix certificate that identifies your Mix and enables it to sign messages. You have to send this certificate to the Operators of your neighbouring Mixes, and you have to receive and register their certificates in your configuration to get the Mixes connected. (Please note that an automatic certificate exchange is in preparation.)

Operator certificates

The Operators in the AN.ON / JonDonym system may run more than one Mix. For the purpose of identifying which Mix belongs to which Operator, each Operator has to create a so-called Operator certificate. This certificate identifies the Operator as private individual or as organisation. With your Operator certificate, you may sign as many Mix certificates as you want.


Certificates and keys itself don't provide communication security, as anyone who has a computer is able to create them. Therefore, so-called certificate infrastructures exist: trusted authorities sign the certificates and keys of people or organisations that have proven their identity and the ownership of the certificate/key. The AN.ON / JonDonym service supports more than one of these certification authorities. For example, you may get Operator certificates signed by the TU Dresden, the JonDos GmbH and the German Privacy Foundation. Please not that your Mixes will neither be visible nor usable for clients if you do not have a valid certificate.

Certificates and keys are uniquely identifyable by their hash values. Before doing a signature, certification authorities will therefore ask you to compare your certificates subject key identifier (SKI) or SHA1/MD5 fingerprint with the certificate they got from you. If you think that you got a wrong Mix certificate from another operator, you may also compare its subjekt key identifier with the one that he/she tells you.


Only your Operator certificate is certified by certification authorities. Please export it into a certificaion request file (.p10) and send it to the authority. You may then take the certified file from the CA and just import it "over" your current Operator certificate. Done.

General certificate options

The certificate panels show you the status and some options to both your Mix and Operator certificate. As status, you can see an image indicating if a certificate may be verified against one of the root certificates of valid certificate authorities. You also get the subject key identifier (SKI) of each certificate as copyable character string. You should compare it with the SKIs of the certificates that your neighbour Operators got from you in case of connection problems.

If you click on a certificate image, you will get even more detailed information about the certificate.

  • Import
    This option allows you to import private certificates that contain both your private key for signing and the corresponding public key for verifying your signatures, or a public certificate that fits to your private one and may be signed by yourself or by a certificate authority, from a file. To import a public certificate (which contains your public key and some information about your Mix or organisation and the signer) you always need the corresponding private certificate.
  • Export
    The export button is used to save either the public (.cer) oder both the private and the public part (.pfx) of a certificate. If you want to give a certificate to a certificate authority for signing or to another mix for building a connection, you always have to export the public certificate only. But remind this: NEVER give your private (PKCS12) certificates away! They contain your secrets keys that must be kept private.
  • Remove
    Deletes the certificate. Please make sure you either have a backup of the certificate or that you really don't need it any more.
  • Create
    Creates a new DSA certificate. You may enter a validity and a password. The creation process itself may take some seconds. Currently, only certificates with the DSA algorithm may be created. Support for RSA and elliptic curves, and even for more than one certificate chain are close at hand.
  • Sign
    This option is only available for your Mix certificate. The Mix certificate should always be signed with your Operator certificate. If this is, for some reason, not the case, you can sign it by using this button.
  • (Change) Password
    This button allows you to set, remove or change the password fora certificate. To delete a password, just let the feals for the new password empty. You should choose strong passwords for your certificates, so that an unnoticed loss of your certificate data will not endanger the security of your Mixes. If others get your certificates, they might fake the connection to your Mix and thereby trap users. While this scenario is not very probable, it might nevertheless happen if all Operators would be careless with their certificates.

Mix short name

Please give your mix a human-readable name.

show in cascade: Choose whether this name should show up in the general cascade name where the mix is located. Please note that only the first 12 characters are guaranteed to be shown. You should not set a short name longer than 16 characters if you would like to use this feature.

Operator short name

Here you may set a short common name for the operator certificate.

show in cascade: Choose whether this name should show up in the general cascade name where the mix is located. Please note that only the first 12 characters are guaranteed to be shown. You should not set a short name longer than 16 characters if you would like to use this feature.

Mix Location

In the text fields, you should enter information about the location of your Mix server. By creating the Mix certificate you state that this information is correct.


These fields contain information about the Mix Operator, that means you or your organisation. The Operator certificate containing this information must be signed by a certificate authority to proof that it is correct. You may only use one Operator certificate at a time for all you Mixes. Just export and import it into an other configuration.



Stable Version

Beta Version


Status of available AN.ON services and information about them.

Aktuell / News

Restrictions for the Dresden (JAP) anonymisation servers
After careful consideration we have decided to restrict the size of downloads over the Dresden (JAP) mixes a little. The reason is to allow a more fair use of scarce resources of our servers especially for users who simply want to surf the Web. more...