I just tried to create a nym on mixmin and got the following error:

>Your request to modify or create alias <mynymtest@nym.mixmin.net> could
>not be performed.  The following error(s) were encountered:
>
>Invalid signature  (when checking against the publickey in your message)

I made the key with pgp 6.5.8, using RSAv4 and default values.  Any clues
why I got that error msg?

Since this is only a test nym and will be deleted, here's the creation msg
also:
(made with JBN2 (latest Panta mod)

=====nym creation msg====
Config:
From: mynymtest
Nym-Commands: create? +acksend -signsend +cryptrecv +fixedsize +fingerkey
+nobcc -disable name="test nym"
Public-Key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: N/A

 mQELBEbFJGkBCADd3qhjuWwSirtDDxrT1UKWn0II
AI1MWuFUR01mPRnlP8Hn+IJ7
jCUxZU+D8XIFa7c8UXTBSzF/ t9YgApdknURmmND4t669hy8s+dsC6KQD4fmp1ipg

/ dI3k3CReIOUIW5zSp65yw6J2VAjMVNUVdU7a9KB8
CDX40aTHhMy3sYQLfJOkVuh
Ivm/ 8vEETTWPfq34AxnbP1Ax3aENrlhjJe9++BkLZ5Uu
zaPkTENPPw4k0QtPOk2d
jhCYKgT5X2GqSrfCtffYWdPfiHqctQp/YGUoj9me3eOzLogkOuiYWVgnDE9M9rTW
 JDKs+8CrcG474erkC9xQP9ERRQRUWyOnVGvXAAUR
tCNUZXN0IE55bSA8bXlueW10
 ZXN0QG55bS5taXhtaW4ubmV0PokBKAQQAQIAEgUC
RsUkaQgLBAoJCAcDAgIZAQAK
 CRCOu8wy+4T6bm7OCACJQHcnkfFB6vSAbWbKcJpu
lQdr37tyj3iYAnHusg5oQX8F
 pUEthptBO6bkb+m3tGG8gGm+qmjLCyoi0UrQ2OjB
bugo59TQ947rPy1gez33sa9X
2rZ/ VpvGKetoorPy8DnLmP1uMriPionxpt7DKaYT4aHQ
GhsN+05rRuXmATzN1IVw
 UCelOAKzmSckvQZN2g50OUJ8QLqHkmhoXjoKeh94
oXcsExOZ16PyzlCYGYR7v5DZ
xsuhJfdP6zV9A1IGaAhEYhk9vks4cQ/cFLbe1cQ1xi0de8DAT2s/7Vp/TsGWWalP
6R1LS/ltHlzf/WWhGERkgKvFC0JDpM/VlqF6X+Er
=pCSK
-----END PGP PUBLIC KEY BLOCK-----
Reply-Block:
::
Anon-To: mixmaster@remailer.cyberiade.it
Encrypt-Key: jYSw0AH7ejnVRLatCD6icKcRH
Latent-Time: +0:00

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

hQCMA3grDDB9/sG5AQP7B5hnUULAbXjKN/ZsmarxrBYmKmr9fAL5GT4EFNUNu/2N
LWStn3pwvO+SLVB2HjPPX4UBzvW6HXWY5fom/KIQtSvV+T9s2RYfgQ5dr4EWZXry
 Lka94HhcVHASFQ5Eat7nUzOiUjqdmWX+M+64TXTs
z9u36mTNoapdSpqPAZEQOqGk
 9z6MzQam6SECkX0NmZXzYyCX9z2j47YKPcPT1ynj
S4c2V0ZGCU9ZcYYL9sA6IdT0
 xS6aL080VC+9qX1JtS5qVbduGm02SckbX4MQCIcR
pPeMnzbFbVsC9sslnD2SRS3U
f/ qCigONA1axPy4HgvY5Y3XJHdjfWTobBcXaENMvMe
6EwrbOSTx4e2lWzOBCF070
 qy4rskDVMvfUaLIBr3QcuRD3WyaaykNmpqFqwXZt
zgEom1FI62mml8pqGSErFeVY
6xUWb7L5AEKy1yQpXGZMYr7FImtaCPq3YVwO/QEvQA/j/8xeZ9/aHIiXld40jd56
RDlxhYah1J8=
=gcVU
-----END PGP MESSAGE-----

**

ReplyBlockTag: 68JQC21NYJ
Reply-Block:
::
Anon-To: remailer@dizum.com
Encrypt-Key: X5tIAkuFHsyELNZL6ZcJ+GGDJ
Latent-Time: +0:00

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: N/A

hQCMAx8q6DIxI0s3AQP/UwG3CdCUmH71yENom/eSaOPMqO1TJvCMgWaYeNc+WxYP
 7R88nWFtccD1MHNLb2Sn8TUxal3zgCJOsGJlFode
oHqadh1TZwKvPTKJ9zhWOurf
 QcyIJetV+VKSbT0Fye3rkKuL75P2IJpzjnmNE5Xj
4QTBpMe6HxRvG7FNuHwmqjyk
 2ZLlTKu3at23LuhXpouIuRhS+tAnC9c44ZtIPGmv
hsoC8Xxy3eLQXVcOYz062kBw
 blXXF0+i4meGMT1Oc88BRWT2ej4Ysr59uU0jRbXB
2hd6i+CFIb/Zbcko/s8zfHxC
xW5lAS64yNi5t5Ji/ F88BhBs6m31VQtDQGlbXYZF2V9ySiyRBSRupqXPC
ATW/2Lm
 I1bnOJfqjFTdoerv4oJOgGjB1Zt8KQ8DrATn4vu8
Evb+AAUmNjxUM/urmNNXq4N5
rhM1nkfWgX8UnWjqVyFnEyUMjMXeMbcrUpw=
=P+QU
-----END PGP MESSAGE-----

**

ReplyBlockTag: VL5BNCQ19W

[ Post a follow-up to this message ]

In article <cbe107b14d0783c619b0e7a624484b4e@pseudo.borked.net>
Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote:
>
> I made the key with pgp 6.5.8, using RSAv4 and default values.  Any clues
> why I got that error msg?

Yeah, there is an option in JBN2, in Window/Books Config, called "Alter
PGP Timestamp".

Because PGP signatures contain the time of signing, the nym-server can
see when the message was created, and can infer when it was mailed. This
is a potential traffic analysis weakness. If you check Alter PGP
Timestamp, JBN will set your system clock to midnight GMT just before
creating a signed PGP message, and set it back immediately after PGP has
run. This effectively alters the time of the signature to 00:00 GMT.

The problem is that you created your PGP key today, but the timestamp
of your signed message will actually appear to be *before* the PGP key
was created (as it will say midnight) so it gets rejected.

It took me ages to find this out a few months ago 

Solution: disable that feature in the options for now. You can enable
it again tomorrow when it won't cause any more problems.

[ Post a follow-up to this message ]

> Solution: disable that feature in the options for now. You can enable
> it again tomorrow when it won't cause any more problems.

AFAICS Omnimix modifies the key creation and message signing
timestamps independently, but how to set those values at the Gpg-Time
tab to get proper results?

[ Post a follow-up to this message ]

>AFAICS Omnimix modifies the key creation and message signing
>timestamps independently, but how to set those values at the Gpg-Time
>tab to get proper results?

I've set key creation to Mnt-2 and message encryption to Day-0. Too
bad that this is deactivated by default which reveals sensitive
information.

[ Post a follow-up to this message ]

Hi!
 
>
>I've set key creation to Mnt-2 and message encryption to Day-0. Too
>bad that this is deactivated by default which reveals sensitive
>information.

With current GnuPG versions a timestamp modification can only be
achieved by changing the system time for the period GnuPG does its
work. As this means a severe intervention in the computer system it
would be irresponsible to activate it by default. Timestamps of files
may no longer be accurate and Tor for example reacts to immediate time
changes by dropping the allegedly outdated circuit and building a new
one.

Fortunately Werner Koch promised me to add an option for defining key
creation and signature timestamps to the next GnuPG release, which
will allow to always activate such timestamp manipulations, in the end
an important security improvement.

Kind regards

Christian
--
OmniMix .. protect your privacy
http://www.danner-net.de/om.htm

[ Post a follow-up to this message ]