Kiwi Quick Start

Index

About this document
Files included with Kiwi
Example of using Kiwi

About this document

This is a quick start guide, geared towards experienced users of the Unix operating system. More detailed instructions are in the file Start.html.

Files included with Kiwi

This is a basic description of some of the files in the kiwi package, and how to use them.

config.h
This file needs to be edited before compiling anything with 'make' You need to tell it whether you have a sendmail or qmail system, the location of your mail spool and/or the address you want to forward "good" mail to, the log file to use, the encryption key, and the password so friends can email you without needing to know an encrypted cookie. You also need to decide on whether to forward "good" mail on, or append it to a mailbox you specify.
secpass
Located in the directory tools, secpass is used to generate a random key for the encryption, to be placed in the KEY field in config.h (using cut and paste). This program will only run on an operating system with /dev/random support, and with a copy of the perl interpreter in /usr/bin/perl. Any modern Linux distribution will have /dev/random support and perl located at /usr/bin/perl.
cryptday
When run, this gives us a 35-bit (32 bits of data + 3 bits of parity) "cookie" which has a 90-day timeout. If you send out an email with the return address name+cookie@domain.com (or name-cookie@domain.com on Qmail systems), the email address will time out and become invalid in 90 days.
ipcrypt
This will encrypt an IP address. You can either set up the 'REMOTE_ADDR' environmental variable (or run it as a SSI on most web servers) or give it an IP on the command line. Details on using ipcrypt on an SSI-enabled web browser are in the file Webmailto.html.
decode
This will tell you the contents of a given cookie. To use, simply run it, type in the cookie and hit return.
ftpplace
This is used for people who need a moving directory, such as a directory containing export-controlled cryptographic software, or software people need to register before they can access it. ftpplace spits out a cookie that changes every hour or so. If you use it in an email address, any mail using an ftpplace cookie will be discarded.
infilter
This is the program you would place in .forward (or .qmail and .qmail-default on qmail systems) that determines if a message was sent to a valid cookie (or has the correct password in the email address), and if so, either appends your mailbox with the message in question, or forwards it to another email address you have. If the cookie was rejected, then it discards the message and makes a note in your maillog file.

A cookie will be rejected if the cookie does not decrypt to valid data (a randomly generated cookie has a 1 in 113 chance of being considered valid data), or if the time stamp in the decrypted cookie has expired.

If PASSWORD is defined in config.h, and someone sends mail with the password in place of the encrypted cookie in the address, the message will be accepted. This is useful for giving personal friends an easy to remember email address. Care must be taken that the email address with the password does not fall in to spammers' hands.

wrapper
This is a sendmail wrapper, which will append a 90-day timeout cookie to your return address in all outgoing mail you send. The procedure for using this wrapper to send out mail instead of sendmail depends on your client. If using Pine, add a line like this to your .pinerc file:
sendmail-path=/home/your_username/.wrapper -t
msgcrypt
This program can be used to encrypt a five-letter message, typically used for subscribing to announce mailing lists, or to give to people of marginal trust.

Example of using Kiwi

Example of using Kiwi:
$ cd ../src
$ ../tools/secpass
If it pauses here, please type some random text to replenish the random seed
Random password with 96 bits of entropy: jzsmGA.Mtep7-tDD
[Paste the password generated by secpass (Not the above example password), and put it in the KEY field when you edit config.h]
$ pico -w config.h
[edit the config.h file]
$ make
[you will get a number of compiling messages]
$ ./cryptday
fmx2v6v
[The exact text needs to be different on your system]
$ ./ipcrypt 127.0.0.1
eqjq2b4
[The exact text needs to be different on your system]
$ ./decode
fmx2v6v
[Use the text you got from cryptday above]
Data type: Long timeout
Message: 905972880, or Wed Sep 16 12:08:00 1998
[Your date will be different]
$ ./decode
eqjq2b4
[Use the text you got from ipcrypt above]
Data type: Truncated IP
Message: 127.0.0.0-16