How do I start up WebFunds?

Index

Back to the WebFunds page or the FAQ index or the Ricardo page.

Where can I get WebFunds?

Watch the new WebFunds Site for instructions on downloading the WebFunds source.

How will I know if my version of WebFunds has not been tampered with?

Downloading any software over the Internet leaves you with the chance (however small) that the software has somehow been tampered en route. For those technically adept people with this concern you can confirm the integrity of your version of WebFunds by comparing the signature on the WebFunds installation file *** with the public key found at http://webfunds.org/keys/webfunds.asc. NAI Inc. is a supplier of software which will allow you to verify file signatures.

For those who do not wish to download WebFunds from the Internet you may want to contact your currency issuer to see if they can provide WebFunds to you through some other means. The name and contact number of your issuer can be seen in your currency contract. See How do I look at my currency contract? for more information.

What should I watch out for, who should I trust?

Trust only yourself. As a user of WebFunds you are encouraged to take a responsible role in protecting yourself. Encryption software is an extremely powerful tool for on-line commerce when used correctly. However, like most tools it can become ineffective when used improperly. This means that before you use WebFunds you should take the time to learn about how WebFunds operates and the issues you should be aware of for your own protection. As with all electronic commerce and security software you should treat all claims with skepticism. Ascertain for yourself whether you would like to put your trust in WebFunds.

The source code is available for your perusal (see Are there any guarantees? below). Also, Warnings and Golden Rules is one good place to start. Although there is some good preliminary information here in the helpfile you are encouraged to read additional resources. There is a tremendous amount of information available on the Internet and elsewhere see section 6.8 for a list of additional resources.

Be sure you get your version of WebFunds from a trusted party, then learn how to use it in a way which will not compromise the security of your transactions.

Are there any guarantees?

No, unfortunately there are no guarantees. While best efforts have been made to provide a secure transaction system based on powerful strong encryption there is no way that your transactions can be guaranteed by the developers. Please read the Issuer's terms and conditions for WebFunds for a further explanation. What you can do is become an informed user of WebFunds. The protocols and algorithms used for WebFunds are published and available for inspection. You can see the Cryptix Mirror page for the source to all strong crypto used. Or, alternatively, you can reverse compile your own version of WebFunds and examine the code for yourself. A thorough evaluation of the algorithms yourself is an excellent to establish faith in WebFunds.

What kind of computer(s) and operating systems will WebFunds work on?

The current version of WebFunds is only delivered for an IBM compatible PC running the Microsoft Windows95 operating system. Because WebFunds was written in Java it is anticipated that future versions will install on other machines and operating systems. WebFunds was designed with portability in mind and the complete source for WebFunds is available if you would like to get it working on another platform or operating system. If you have undertaken a port we would be happy to provide you with any help which you may require. You can write to the WebFunds development team.

Do I need any other software in order to run WebFunds?

Yes, you do. Some versions of Windows 95 will require that you install the Java runtime compiler which is likely also available at the same place you downloaded WebFunds. Also, in order to fully appreciate all the features of Webfunds such as point-and-click purchasing you will also need a current copy of a web-browser such as Netscape 2.0 or later or Microsoft Internet Explorer 3.0 or later (other browsers will also work but the configuration procedures may differ slightly).

What programming language is WebFunds written in?

For maximum cross-platform compatibility the latest version of WebFunds has been written in Java. The current version is designed for computers using Win95 but other versions may become available. If you are interested in porting the software to another platform please do not hesitate to contact. the WebFunds development team.

How do I install WebFunds on my computer?

This section describes installation on Windows 95 only.

Steps to Installing WebFunds

Here is a quick checklist to install WebFunds on your PC:

  1. For your own protection please ensure that your computer system does not have a virus infection. A number of excellent commercial virus checkers are available at a reasonable cost and there are also shareware or freeware virus checkers available on the Internet as well.

  2. Obtain a trusted version of WebFund (see How will I know if my version of WebFunds has not been tampered with?) by either downloading it or approaching your issuer directly for a copy.

  3. Read this documentation which is available through the helpfile of WebFunds once the installation is complete or which is available on-line at the WebFunds Page

  4. Close down all other programs on your computer and run the WebFunds installation file called "webfunds.exe".

  5. You will be asked for a directory in which to install WebFunds. Choose your directory of preference; this should not be externally accessible (i.e., a network drive might be a bad choice).

  6. When prompted set up a desktop icon for WebFunds.

  7. The first time your run WebFunds you will be asked for both a username and pass-phrase. These are extremely important! Before you enter your pass-phrase please make sure you read What is a pass-phrase for your own protection and an explanation of what this entails. If WebFunds does not work at this point do not panic. It is likely that you will need to download another piece of software for WebFunds to work on your particular machine. Please see Troubleshooting for a more detailed explanation.

  8. Once you have entered your username and pass-phrase you can generate your key: move the mouse in and out of the coloured box until the counter goes to zero. Them click on Generate.

    Make sure you read what is a key, keeping your key safe, below.

    Depending on the speed of your computer (and how lucky your computer is at searching during key generation) the process could take anywhere from a few minutes in most cases to as long as an hour in exceptional circumstances. Please be patient because you will only have to do this once.

  9. Once your key has been generated you can now test to see if your WebFunds is installed correctly by Cycling a Transaction.

  10. Once your key has been generated you must now set up your browser to allow you to make point-and-click purchases using WebFunds. See Point & Click Shopping for a detailed explanation of how to do this.

  11. Now that you're ready to run WebFunds it's a good idea to read your currency contract so that you know what you're getting into before you use electronic cash for online purchases. See How do I look at my currency contract? for instructions.

  12. Now that WebFunds is set up correctly you can start WebFunds any time by clicking on the WebFunds icon.

  13. Now that you're ready to make purchases you will require one more thing... electronic cash. See Where do I get electronic currency for details.

Congratulations! It's time to hit the superhighway and go shopping! A list of WebFunds compatible shops will be made available online in the future.

What is a key and how do I make one?

In order to use WebFunds every user of WebFunds must generate a secret key. Your secret key is what will allow you to digitally sign payment transfers and communicate securely over the Internet. As you imagine, once your secret key is created it is EXTREMELY valuable. Anyone who has your secret key can do as they wish with WebFunds. The possessor of your secret key can transfer and accept funds or commitments on your behalf. You must therefore protect it as you would any item which is extremely valuable. Do not lend it to anyone and keep an extra copy for emergencies. Your key IS your WebFunds account. If you lose it then you lose the access to the money you have in WebFunds. The importance of your secret key cannot be overstated, guard it carefully and make backups! See the section in the WebFunds FAQ titled Key and KHID Management for more information.

In addition to a secret key which you keep to yourself there you also have a second key called a public key. Your public key is what will allow people to identify you. If you sign a document electronically then your public key is what your signature will be compared against to verify your signature. The details of encryption, digital signatures and public key cryptography are all important topics too vast to be covered in this short amount of space. However, we suggest you read up on these topics if you wish to have a better idea of the security mechanisms behind WebFunds. A good place to start is by looking at the Key and KHID Management section of the WebFunds FAQ. There is also a great deal of information which can be found on these subjects using the Internet as well.

When you first run WebFunds you will be required to have a secret key. If you already have a PGP-compatible key then you can use your existing secret key by importing it into WebFunds. If you do not have a secret key then WebFunds allows you to create a new one. Before you create your key WebFunds will ask you to choose a size for your key. Several keysizes are offered ranging from 384 (for tests) to 1024 (for military grade). The greater your keysize the safer your transactions. However, the greater your keysize the longer it will take for you to generate your secret key, so high security will take patience. Cryptographic literature such as the paper entitled "Minimal Key Lengths for Symmetric Cipher to Provide Adequate Commercial Security" (Matt Blaze et.al.) suggests that keylengths of greater than 75 bits for symmetric cyphers are safe even from well-funded intelligence agencies. Multiplying this by a factor of 10 for a public key cypher suggests that keys of 768 bits and more begin to reach very high levels of security.

Once you have chosen the keysize for the key you wish to create, WebFunds will help you generate it. To generate your key you must first generate a series of random numbers which help to make your key more difficult to guess. To create the random numbers required WebFunds will ask you to move your mouse randomly in and out of the blue box which appears on your screen. Once you are finished WebFunds then performs the mathematics necessary to generate your secret and public keys. Depending on the length of the key you have chosen and the degree of luck your computer has in searching for your keys the process could take anywhere from less than a minute to as long as an hour in exceptional circumstances. You will be notified when the process is completed... be patient, this step can be lengthy, but is critical to ensuring the security of your transactions.

How do I keep my key safe: backups?

Your secret key is extremely valuable and you must ensure that it is not lost. If it is lost then so is the access to your account. It is thus extremely important to back up your secret key and keep it in a safe place where it can be accessed in case of emergency. For more information on the importance of keys see the section on Key and KHID Management in the WebFunds FAQ.

It is quite easy to make a backup of your secret key. You simply look in the directory where you installed WebFunds using a program such as Windows Explorer (InWin95 click on START ... PROGRAMS ... WINDOWS EXPLORER) and find the directory in which you installed WebFunds. Once you are in that directory open the folder "user" and then the subfolder "userkeys". The file "secring.pgp" is the file which contains your secret key. Backing up this file will ensure that even in the event of a hard-drive failure your electronic money will still not be lost. It goes without saying that that your secret-key backup should be stored in a place which is both safe and inaccessible to others (a safety deposit box is one example).

What is a pass-phrase and how should I keep it safe?

Any given machine can often be accessed by more than one person. For this reason, storing something as important as a secret key on a computer could be a risky proposition if other people could use it. This is the reasoning behind the use of a pass-phrase. A pass-phrase is like a pin number for your secret key. Your secret key cannot be used unless you have it. This prevents other users of your machine from using your version of WebFunds to make purchases on your behalf. Unless they use your pass-phrase they will be unable to make transactions using your secret key.

A pass-phrase is a balance between convenience and security. If you choose a very short pass-phrase then anyone who manages to make a copy of your secret key may be able to use software which will decrypt your key given enough time. If your password is too long, it becomes more difficult to remember and is less convenient to type in each time. The length of your pass-phrase should be a function of how valuable the account you're protecting is, and the ease with which others have access to your machine.

As a general rule it is best to create a pass-phrase which is as random as possible. Use of both upper and lower case, numbers and symbols all make your pass-phrase more difficult to decipher. If words and/or phrases are used then quirky spellings or unusual combinations will also help. The more random a pass-phrase the less vulnerable it will be to techniques such as dictionary attacks. Always remember that overkill will never hurt here. A well-chosen pass-phrase dramatically reduces the possibility of a secret-key compromise. The algorithms used to protect your transactions are extremely strong, creating a very simple or easy to guess pass-phrase compromises this security dramatically. If you want more information on pass-phrase security and generation there is a list of answers to Frequently Asked Questions (FAQ) posted at: http://www.stack.nl/~galactus/remailers/passphrase-faq.html

In an ideal situation, it would be best to keep your pass-phrase in your head. However, there is the risk that it will be forgotten. Pass-phrases which are either quite long or are used infrequently compound the problem. If you forget your pass-phrase you are in the same position as someone who has lost their secret key... you completely lose the ability to access your account! For this reason it may be a good idea to write down your pass-phrase in case of emergency. A written pass-phrase should never be stored in a place where other people will have access to it.

Point & Click Shopping Through my Browser

Normally, you would use WebFunds to make point-and-click purchases through your web browser. To do this, you will have to configure your browser by setting up what is called a proxy. The following examples illustrate how to do this with two popular browsers, Netscape Navigator 2.0 and Microsoft Internet Explorer 3.0.

Netscape Navigator 2.0 and 3.0

  1. With Netscape already running click the "options" selection on your menu bar which should bring down a pull-down menu.
  2. Within the pull-down menu click on the "Network Preferences" selection.
  3. A dialog box with several selection tabs will appear. Click on the tab marked "proxies".
  4. Select the "manual proxy configuration" radio-button then click on the button marked "view".
  5. Approximately half-way down the new dialog box will be a label saying "HTTP proxy" in the space directly to the right of that label enter the word "localhost" (without quotes).
  6. To the right of the field where you entered "localhost" is another field labeled "Port", enter the number "8080" in this field.
  7. Click the "OK" button to continue.
  8. Click the "OK" button again in this dialog box to confirm the settings you just created.
  9. Your web browser is now configured to use WebFunds for purchasing.

Microsoft Internet Explorer 3.0

  1. With Microsoft Internet Explorer running click the "view" selection on your menu bar which should bring down a pull-down menu.
  2. Within the pull-down menu click on the "Options..." selection.
  3. A dialogue box labeled "Options" should appear with several selection tabs. Click on the tab marked "Connection".
  4. Near the bottom of the dialog box there should be a checkbox marked "Connect through a proxy server". Click this box to ensure that a check-mark appears there.
  5. Click the adjacent button marked "Settings"
  6. At the top of the new dialog box which appears is a label marked "HTTP:". To the right of this label (under the heading "Address of proxy to use") enter the word "localhost" (without the quotes).
  7. To right of the field in which you entered "localhost" is a slightly smaller field which appears under the heading "Port". Enter the number "8080" here (again without quotes).
  8. Click the "OK" button at the bottom of the dialog box.
  9. Click "OK" again to confirm these settings.
  10. Your browser is now configured to use WebFunds!

WebFunds is always running

From now on, WebFunds makes an external conduit (called a proxy) through which your browser communicates with the Internet. One thing to be aware of is that once local proxies have been set in this manner your browser will not work normally unless WebFunds is also running. If you wish to browse the World Wide Web without WebFunds running simply un-checking the "proxy" item in the browser menu will allow you to browse normally; otherwise just leave WebFunds and your browser running simultaneously. If you have deselected the "proxy" option simply reselect it if you would like to use WebFunds to make purchases again.

Where do I get electronic currency for WebFunds?

Before you can spend electronic cash on the Internet you will need to purchase your electronic cash first. This is simply an exchange of the currency you currently use for an electronically denominated one. Your issuer should be able to take care of that exchange for you.

Your issuer should have information on their web page which will provide you with the appropriate instructions for acquiring electronic currency. If you would like to know the location of your issuer's web site or how you can contact them you can look at the File/About Menu option on WebFunds.

Troubleshooting

Cycling a Transaction

One easy way to test WebFunds is to cycle a transaction through the entire system. You can do this by writing a payment and depositing it back into WebFunds. WebFunds will deposit the payment, which will be settled immediately, because it causes no change to the amount of value. That means you can even do this type of transaction when you have no cash! This is how we do it:

  1. Select File from the main window and then Export.

  2. A Cut&Paste Dialog will pop up. Enter an amount in the box below. Any positive amount will work, but avoid zero, and avoid large numbers if you have some real cash there.

  3. Hit the Export button. After a brief moment to prepare a signature, a payment will appear inside the C&P box. It will say something to the effect of "This is a payment for some amount."

    Note that:

    If the export occurred, then your balance will go down by the amount exported, and it may even go negative!

  4. Now use your mouse to highlight the contents of the box (the entire payment might not be immediately visible so you may have to drag the mouse down past the bottom of the box) and Copy or Cut the contents to the windows buffer. In Windows 95 you will need to hit Control-C once the text is highlighted.

  5. Now bring up the Import dialog by selecting File from the main window and then Import.

  6. Paste the contents into the Import C&P box by clicking in with the mouse and hitting Control-V. The text of the payment should appear in the box.

  7. Now hit the Import button. Note that WebFunds does not especially expect this, so it will attempt to deposit the payment as normal. When complete, your balance will reflect the deposit, and will be back to where you started from.

The balance will actually rectify itself some time (maybe 30 seconds) after the transaction is cleared, as a separate confirmation is needed from the Issuer that it is good (this is the receipt for the transaction).

Further Help

If you experience problems, please try everything you reasonably can to determine the scope of the problem. Note exactly what you have done and what the problem seems to be. If you are unable to figure it out yourself using the supplied documentation then visit the web site of your issuer and contact them for further assistance, or by using the contact information listed in your currency contract.