Manual

Getting started

Please take a look on our Screencast Tutorial on youtube for a short introduction.

Account types explained

KisKis™ provides some basic account types for different purposes, such as “Network Accounts”, “Bank Accounts”, “Secured Files” and “Credit Cards”. However, if the attributes of them doesn't meet your needs, you can define your own account types in an easy way.

All accounts can be archived. Select the In archive? -checkbox if the account will not be used in the near future. Checked accounts will normally not be visible in the tree view. You can make them visible again with the View/Show archived items menu item.

The Apply -action will be enabled when the account was changed. Click on this button if you want to "commit" your changes.

Common properties

All account types define the following properties in common. That means they have a name, password, can expire on a specific date and collect some statistics.

Label

A simple name for the account which is used in the tree view.

The password used for this account. Normally it will be hidden, but you can display it if necessary.

You can create new passwords automatically if the password field is empty with the Create -action. Click on Create and a menu with three generators is displayed.

If a password exists you can display the password using the Show -button.

You can copy the password to the clipboard even when it is hidden with the Copy to clipboard -action from the context menu.

The Test -action checks if the password can be found in a dictionary. You can define your own dictionary to use as described in the Cracklib Options Tab .

This progress bar shows the password quality on the fly.

The tooltip shows you some more detailed information about the quality.

Expires

A password might expire on a specific date. You can enter this date here or mark the Never -checkbox if it never will expire.

Expired passwords can be found with the "Reports/Expired Accounts ..."-action from the menu bar.

History

Displays a dialog with all recent used passwords for this account.

Attachments are arbitrary files which will be encrypted and stored next to the account.

New

Shows a file selection dialog. Select a file and it will be shown in the list afterwards.

Save as

Decrypt the attachment and save it on the disc.

Delete

Delete the attachment from the account. The encrypted file will be removed as well.

All physical operations will be done when the document is saved. An Apply alone will not change any data on the disc. The source files will not be touched at all. That means you have to remove them from disc manually if necessary.

Normally you should not be bothered with the manual decryption of attachments, but here is how it works.

File attachments are stored as separate files which are associated with the password-file (e. g. c:\foo\bar\kiskis.xml.gpg ) by name for efficiency reasons. All attachments of c:\foo\bar\kiskis.xml.gpg can be found as c:\foo\bar\kiskis.xml.gpg.attachment.<i>  encrypted as separate PGP-Messages. Each attachment is encrypted with a new random key which you can find within the c:\foo\bar\kiskis.xml.gpg -file in the <Attachment>-element.

So, a typical KisKis™ -directory c:\foo\bar with a passwordfile kiskis.xml.gpg will look like:

                

gandalf@valinor-LINUX:/foo/bar/$dir insgesamt 192 -rw------- 1 gandalf gandalf 6419 2010-11-15 14:17 kiskis.xml.gpg -rw-r--r-- 1 gandalf gandalf 159 2010-11-10 18:00 kiskis.xml.gpg.attachment.1 -rw-r--r-- 1 gandalf gandalf 543 2010-11-10 15:55 kiskis.xml.gpg.attachment.2 -rw-r--r-- 1 gandalf gandalf 231 2010-11-10 15:55 kiskis.xml.gpg.attachment.5 -rw-r--r-- 1 gandalf gandalf 1223 2010-11-10 15:55 kiskis.xml.gpg.attachment.6 -rw-r--r-- 1 gandalf gandalf 326 2010-11-10 15:55 kiskis.xml.gpg.attachment.7 -rw-r--r-- 1 gandalf gandalf 492 2010-11-10 18:00 kiskis.xml.gpg.attachment.8 -rw-r--r-- 1 gandalf gandalf 159 2010-11-10 18:00 kiskis.xml.gpg.attachment.9   Each account collects some statistics. So you can see when it was used the last time and how often it has been viewed. Plain text can be added to each account using the Comment -tab. Network Account This is the most often used account type. It can be used for computer logins, mailserver authentications, internet services and so on. The network account provides additional attributes for: User name Typical use is the login name of an internet service or computer account. This might be an e-mail address as well. URL The location where the service or computer can be found. This URL can be delivered to the Build-in Application Starter , so that you can associate your preferred application to it. Therefore, you would have to click on the button Open URL . Example 1. URL with placeholders http://www.foo.de/?un=%username&pwd=%pwd or pop://mail.foo.de/ E-mail If a service wants to know an email address you can type it in here. This is very useful if you have multiple email accounts and if you want to keep track which account knows which email address, especially if you use such services like spamgourmet.com. Bank Account This account type models a typical money account on a bank. It provides some additional attributes needed for financial transactions such as “telephone pin”, “account number”, “TAN lists” and more. The bank account provides additional attributes for: Bank Name The name of the bank, e. g. "Deutsche Bank". Bank Identifier The identifier of the bank. This may be a IBAN, BLZ or something else. Telephone PIN This is a password or PIN which is used for telephone banking. Account Number This is the number that identifies the account. Notice the TAN list field for transaction numbers (TAN). It is used to define sets of TANs. Each TAN list is identified by an ID and a creation date. Within the following dialog the TANs can be added, removed or marked as used. TAN lists: New Creates a new empty TAN list. Edit Open the selected TAN list in a TAN list editor dialog. Delete Deletes the selected TAN list. TAN list dialog options: TAN list ID An identifier which is usually written on the TAN list by the bank. Created on The date when the bank created the list. TAN ID A consecutive number which identifies a TAN. Value The value of the TAN, usually a 6-digit random number. Used? Checked if used. When checked is clicked, the field "Used On"" will be updated as well. Used On The date when the TAN was used. Credit Card A “Credit Card” is usually associated with a bank and has a tiny pin used for ATMs. Though, the most interesting part is its number which can be entered as well. The credit card account provides additional attributes for: Bank Name The name of the bank, e. g. "Deutsche Bank". Credit Card Number The number written on the card. PIN The PIN needed for ATMs. Card Validation Code The card security code (CSC) provides increased protection against credit card fraud Wikipedia . Secured File Sometimes files can be opened with a passphrase only. So you can define an account which is linked to the file. This files can be opened with your preferred filemanager. You can encrypt or decrypt them with OpenPGP if you want to. The secured file account provides additional attributes for: File A relative or absolute path to an arbitrary file. This could be "project plan", "word document", "keystore" or something else. Status Shows if the file could be found or if it is a directory or if it is missing. Decrypt Decrypts the file using the password given above. It is activated only if the file is a PGP file. This is checked automatically. Encrypt Encrypts the file using the password given above. It is activated only if the file is not a PGP file. This is checked automatically. User-defined Account Template If you need some extra attributes or even simpler accounts you can define your own account templates. In the standard KisKis™ document you can find two examples. The first example is the "Password only" type, the second example is the "Complex type example" type. You can change these examples if you want to. Think about an account type as a blueprint for multiple occurences which all need some specific properties. As you can see this account type does not define any additional attributes. So, the detail area is not visible anymore. You can use this account if you need a "label/password" pair only. This account type is just an example. You can see all field types available. Look at Managing your own account templates for further information. Managing your own account templates Open the menu item “Edit/Manage account templates” to open the template overview dialog. Warning Be careful when modifying a template you have already instantiated and filled with important data. New properties aren't a problem at all. But keep in mind, that deleting a property will delete ALL associated values from the instances as well. You should also note that deleting a template will delete all instances. Here you can see all your defined account templates. In this case, two types were already defined. Note that an item is uniquely identified by its name (case-sensitive). So you cannot have a second item called “Password only” . All the templates are stored within your current datafile. New Click New and a newly created template will appear in the list. It will be initially called "new template". Edit Select an existing template and click Edit to manipulate the template. A new "template editor dialog" will appear. You can do a double-click in the list as well. Delete Select an existing template and click Delete to remove the template. If the item is currently instanciated a warning will be shown. Import You can import existing templates from other KisKis™ files with the Import -button. Select a KisKis™ file, enter the password and all the templates will be copied to the current file. In case of naming collisions you can change the template names before OK is pressed. Name your template and add some tiny properties with New . You can order the properties using the arrow buttons on the right panel. Template Name Enter a unique name for the template. There is no other constraint for the name. New Opens the property editor dialog . Edit Select an existing property and click Edit . The property editor dialog will be shown. Delete Select an existing property and click Delete . The currently selected item will be removed from the list. If the property is still used by an instance a warning will be shown. Give each property a unqiue name within the template and choose a type out of the combo-box. As you can see, the following types are supported: Date Will be rendered as a date field Password Will be rendered as a password field. String Will be rendered as a simple text field. URL Will be rendered as a URL-input field which allows you to start an associated application. RichText Will be rendered as a text area. Take a look at the Complex template example . Generating passwords automatically Secure passwords should be only known by you and the service you are using. It is not recommended to reuse passwords for multiple services. That means you need one unique password for each account which cannot be derived from another password of a different account. Therefor, KisKis™ provides multiple password generators which make it easy for you to follow these rules. Three different generators are available when you want to create a new password human readable Human readable passwords do not use sophisticated special characters. Furthermore the generator mixes consonants and vocals in a friendly manner. The passwords created should always be readable, e. g. NuHuxo770165 secure Secure passwords use all displayable characters in a complete random order. These passwords may be hard to read and comprehend but are secure, e. g. du"|]Z0ku&"E . by template This option opens a new password generator dialog. Template Enter a string, defining your template, here. A template consists of a user-defined password pattern string with a length greater than zero. Each pattern character represents a set of characters which can be placed on this position randomly.   c,C - a consonant (b, c, d, ...) v,V - a vocal (a, e, i, o, u) a,A - an alphabetic character 9 - a digit (0-9) n,N - a combination of 'a' and '9' # - a special character (+,$, %, ...)
? - any character



Example: cVCvaA99#? can generate kIFaaT40[F , wUJan042:% and so on.

Count

The number of passwords to generate. You can pick one of them out of the list.

Mix case

If upper case and lower case should be chosen randomly you can activate this box.

When you need to choose a password you may ask yourself "What is a good password and how do I know it is well chosen?". However, at first you need to know the how an intruder would try to get your password.

The easiest way to get a password is guessing or social engineering . Many people are using passwords of things or family members they can remember easily. "The name of the pet", "the childs birthday", "an anniversary" or such things are often used and can be guessed by an intruder easily. Think about all the information the web knows abaout you. Google, Facebook and Xing are a very useful source for such information. Even if you did not publish such sensitive information, the intruder might know you better than you think.

Important

You can protect yourself from those attacks easily. Do not use any information of your social environment as passwords!

An automated way to hack an account is to use a dictionary attack . Therefor a computer will try each entry of a dictionary to access your account. Those dictionaries contain millions of entries with the most common passwords used all over the world. Our fast computers do not need much time to find the right solution if the password can be found in the dictionary. Did you know that "qwertz" or "{[]}\" are often used passwords? That is the case because these character sequences constist of characters which are close to each other on the keyboard.

Important

You can protect yourself from those attacks easily. Do not use simple words or character sequences, consisting of characters which are close to each other on the keyboard, as passwords! Passwords should never be found in a dictionary!

Another way to get your password is to use a brute force attack . The algorithms are very simple. "Try each possible variation of characters and numbers up to a defined length." The longer your password and the more different characters your password contains the more variations need to be tried.

Important

You can protect yourself from those attacks easily. Use long passwords with at least 10 characters mixed with numbers, special characters, upper case and lower case!

The first is a simple password analyzer which tests the strength of your password depending on the character set used. A character set describes numbers, lower-case letters, upper-case letters, punctuation, ... The more different character sets a password uses and the longer it is, the more secure the password is because a brute force attack needs to take more possible variations into account.

As you type the password in the password element it will be checked automatically. Depending on the characters you typed the number of possible variations is computed. It is assumed, that an intruder might get the information about the character set used, i. e. if you use numbers only as a password the intruder would try numbers only in a brute force attack to reduce the number of possible variations. The tooltip shows you more information about the password quality. So you can see the number of possible variations.

The second way is a dictionary-based check using cracklib. The password is validated against a dictionary. If cracklib is able to find parts of the word in its dictionary you should use another password because a dictionary-based attack on your account could succeed with a high probability.

This dialog gives you some information about the password, e. g. if it was found in the dictionary or if it violates some other password rules.

Importing CSV files

KisKis™ provides a basic feature to import existent data via "comma-separated-value”-files (CSV). You can create CSV files easily with Microsoft Excel or OpenOffice Calc .

Open the KisKis™ file you want to add the imported accounts to and activate the menu item “File/Import” to start the procedure. A file selection dialog opens. Select the CSV file you want to import and click OK . The accounts will be added.

A CSV file must start with a header line and may contain multiple data lines. Each data line represents one account and must contain as much as fields as defined in the header.

The header with pre-defined values must be included:

Group

The name of the group. An empty group name means that the account should be append to the root. A group path can be defined using the character sequence " ## " as a path separator. A group name " Shopping##Books#My Favorite Bookstores " would result in the following tree path:

If no group path separator can be found the group will be appended to the root node.

Label

The name of the account.

User Name

The user name for the account.

Email

The e-mail address used for the account.

URL

The URL used for the account.

Created On

The creation date used for the account. The format is YYYY-MM-DD , e. g. 2010-12-01.

Expires On

The expiration date used for the account. The format is YYYY-MM-DD , e. g. 2010-12-01.

Comment

The comment used for the account. May contain linebreaks.

Example 2. CSV Example File

          
,"Account placed to the root","hhsgww2l","foo",,,,,
"Shopping","Amazon",32362187361,"amazon.foo","mail@bar.de","http://www.amazon.de",,,"amazon account"
"Newly created group","Blahblah",1234,"user@foo.bar","user@foo.bar",,,,
"Work##Job 1","Computer Job 1","secret","john.doe","john.doe@company.com","http://portal.company.com","2010-10-21",,"Another comment"
"Work##Job 2","Enterprise Password","foobar","karl.mustermann","karl@mustermann.de","Http://portal.foo.com","2009-12-24","2010-11-23","That is just a comment.
With
Multiple lines"
"##","Account placed to the root 2","ÄÖÜölöö","another@user.de","another@user.de","http://foo.bar",,,"Another comment
With multiple lines"
"Others##Invalid Accounts","Wrong Expiration date","rhiurhewf","foo","foo@bar.com",,,01.01.10,"Wrong expiration date"
"Others##Invalid Accounts","Wrong creation date","rhiurhewf","foo","foo@bar.com",,01.01.10,,"Wrong creation date"
"Others##Invalid Accounts",,,,,,,,




Notice the header in the first line and 11 different data rows. The order in the column header is not important. You don't have to provide values for each possible column. You could use the header Label, Password as well and omit the other column values ( the rest will be filled with predefined standard values). But if you have defined two columns in the header, each data row MUST provide two columns as well (but a column may be empty).

In this example the field-delimiter is ','. You can chose any other character if you want to. Put the field values in "" if the field-delimiter may be found inside the value, e. g. comments and text fields.

Get the example OpenOffice.org Calc spreadsheet and try out.

Important

Note that the imported accounts will be typed as “Network Accounts” and will be added to the opened file.

Options and preferences

Open the menu item Edit/Options... to edit your personal preferences. A new dialog will appear.

General

In the general tab you can find options for appearance and some automatisms making your life easier.

General options

Choose Look&Feel-classname

Choose a classname of an javax.swing.LookAndFeel -implementation.

The default value is the great com.incors.plaf.kunststoff.KunststoffLookAndFeel  .

You can choose a font of all available fonts which is used for the password fields.

The default is Monospaced and should be sufficient for most platforms.

Lock program after N minutes

Enter the number of minutes of inactivity here that should pass before KisKis™ will be locked. Inactivity means that KisKis™ did not receive any mouse event or key stroke, e. g. because the window is in the background. When KisKis™ is locked you need the password of the currently opened file to unlock it again. So you might leave your computer alone for a moment.

A value of 0 will disable this option.

The default is 5 minutes.

Mark items as viewed after N seconds

Enter the number of seconds here that should pass before KisKis™ will mark the currently opened account as viewed. This means, when you opened the GMail account its last viewed date and view counter will be updated after N seconds. This is useful if you want to keep track of your favorite accounts. If you switch to another account before N seconds passed these values will remain the same as before.

A value of 0 will disable this option.

The default is 10 seconds.

Should the password stay in memory as long as the password file is opened? On a single user machine this is no problem. On a multiuser server, e. g. Citrix, it would be safer to disable this option.

The default is checked .

If buffer password is enabled the buffered password can be disposed from memory automatically after N minutes. This is useful if you run KisKis™ on a multiuser platform without losing much convenience.

A value of 0 will disable this option. The password will never disposed.

The default is 0 .

This value is used when a new account is created for computation of the expiration date. The default expiration date will be today + N days.

The default is 365 days.

Export user preferences on exit

If you want to run KisKis™ from a USB-stick on multiple computers it is useful to share the preferences. Check this box and the preferences will be saved in a file \$KISKIS_HOME/kiskis.preferences . If you start KisKis™ the next time it will restore the preferences from this file.

The default is not checked .

If you want to get a short message when a new version of KisKis™ is available you need to check this box. KisKis™ will ask the server http://kiskis.sourceforge.net/download if a new version is available. No information from you will be sent to the server for this operation. This is just a simple HTTP-GET . These requests will not be saved to any logfile from the KisKis™ -authors.

The default is checked .

In this tab you can find options for the load and save operation.

Default encryption algorithm

Select your favorite encryption algorithm. OpenPGP - AES (256) is the strongest algorithm available. You can use other algorithms if you want to, even 3DES which does not use PGP at all.

The default value is OpenPGP - AES (256) . If the JCE is not installed on your machine OpenPGP - AES (128) will be the default.

Enable auto save

Enable this option if KisKis™ should save your changed password file automatically.

The default value is checked .

Save every N minutes

Tell KisKis™ how many minutes it should wait to save the document automatically after the password file has been modified.

The default value is 5 minutes.

Max. number of backup files

KisKis™ can make backups when saving the document automatically. All attachments will be backed up as well. You can find the backup files in the directory where your password file is saved. The filenames follow the simple rule <password file>.backup.<timestamp>  .

The default value is 5 backups.

Applications

You can define your own applications that shoul be used for opening URLs here. In the list you can find prefixes and regular expressions for URLs associated with commands for external applications. The list has to be read from top to bottom. The first matching prefix/regular expression for a given URL will be used to start an external application.

As you can see in the picture above three different entries exist. URLs starting with https://www.myjob.de/ will be started with firefox and all other http -URLs will be passed to the machines default browser . It is important that the more specific prefixes will be placed on top of the more general ones.

Applications options

New

Creates a new empty entry in the list. Make a double click on it to define its values.

Edit

Edit the selected entry.

Regular expression or prefix for URL

This pattern or prefix is used to match a given URL. It answers the question: Should this entry be used to open the URL X? .

Define a prefix, e .g http . You can define Java-like regular expressions [6] as well if you need more complicated patterns and logic.

Associated command

Define your command, which starts the application here. You may use placeholders as %url , %pwd and %username . These placeholders will be filled with the values of the specific account when you click Open URL .

The command <default browser> %url will use the Java-standard mechanism to detect the default browser on your machine.

Delete

Remove the selected entry.

Cracklib Dictionary

Here you can define your own dictionary that is used to check passwords if you want to. The standard dictionary contains more than 1.6 million words and typical passwords. Most of the words are in German and English.

Cracklib dictionary directory

Define the relative or absolute path to a cracklib directory here. This directory contains the dictionary which consists of three cracklib files ( cracklib.hwd , cracklib.pwd and cracklib.pwi ).

Select an existing dictionary file

Use this action to select an existing directory containing the three cracklib files . A directory selection dialog will appear. The selected directory will be validated and the absolute directory pathname is shown in the textbox afterwards. Otherwise an error message will appear.

Create a new Dictionary from wordlist

You can define your own textfiles with your own words as a dictionary. That is quite simple. Create a file wordlist.txt with a text editor (e. g. notepad on Windows). This file should look like as follows:

Example 3. Sample wordlist

                      
a
aa
aron
berta
...
julia
z
zz
zoron




Empty lines and case will be ignored.

A file selection dialog will appear if you click this action. Select the file you created first and Select . A progress indicator will appear as long as this action has not been finished.

The dictionary files will be created on the file system in the directory specified in the textbox. So, you should define the target directory in the textbox first. The import of the file cannot be cancelled and may take a while. Please be patient.

You can find the standard wordlist in the Version Control System .