.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "macutil 8"
.TH macutil 8 "2018-10-09" "Mail Avenger 0.8.5" "Mail Avenger 0.8.5"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
macutil, sendmac \- Message Authentication Code utility
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
macutil \-\-gen [\fIoptions\fR]
.PP
macutil \-\-sender [\fItemplate\fR] [\-\-from \fIname\fR] [\fIoptions\fR]
.PP
macutil \-\-check [\fIoptions\fR] \fIcode\fR
.PP
macutil [\fIoptions\fR] \-\-sendmail [\fIsendmail-options\fR]
.PP
sendmac [\fIsendmail-options\fR]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
macutil generates and checks the validity of codes that can be
embedded in temporary email addresses.  The codes are calculated using
a secret passphrase stored in a file.  Thus, someone who does not know
the passphrase cannot easily generate a valid code.  Each code has a
configurable expiration time after which it becomes invalid.
.PP
To use macutil, you must create a file containing a passphrase.  The
default location of this file is \fI\f(CI$HOME\fI/.avenger/.macpass\fR, though
the location can be overridden with the \fB\s-1MACUTIL_PASSFILE\s0\fR
environment variable or \fB\-\-passfile=\fR command-line option.  The file
should contain a passphrase followed by a newline.  The maximum
allowed length of the passphrase is 64 characters.  \fBDo not use your
Unix login password or any password you have used for a sensitive
application, as macutil's password will be stored in cleartext and
thus be relatively easy to compromise.\fR
.PP
Running \fBmacutil \-\-gen\fR generates a new \fIcode\fR and writes it to
standard output.
.PP
Running \fBmacutil \-\-check\fR \fIcode\fR checks the validity of \fIcode\fR.  If
the code is valid and has not expired, macutil exits with status 0.
If the code is invalid or has expired, macutil prints a message to
standard error and exits with a non-zero exit code.
.PP
The following options affect macutil's behavior:
.IP "\fB\-\-gen\fR (\fB\-g\fR)" 4
.IX Item "--gen (-g)"
Generates a code, as described above.
.IP "\fB\-\-sender\fR \fItemplate\fR (\fB\-s\fR \fItemplate\fR)" 4
.IX Item "--sender template (-s template)"
This option is like \fB\-\-gen\fR, but outputs a complete email address,
instead of just a code.  The address is formatted based on
\&\fItemplate\fR.  \fItemplate\fR should contain an email address with a \f(CW\*(C`*\*(C'\fR
character.  The \f(CW\*(C`*\*(C'\fR will be replaced by a code.  For example, if
\&\fBtemplate\fR is \f(CW\*(C`myname+bounces+*\*(C'\fR, running \f(CW\*(C`macutil \-\-sender\*(C'\fR might
output:
.Sp
.Vb 1
\&    myname+bounces+zjkifk8kuvsy7rubu7vqadmwnn
.Ve
.Sp
Don't forget to quote the \f(CW\*(C`*\*(C'\fR character when invoking macutil from a
shell.
.IP "\fB\-\-from\fR \fIname\fR (\fB\-f\fR \fIname\fR)" 4
.IX Item "--from name (-f name)"
This option, in conjunction with \fB\-\-sender\fR, produces output more
suitable for the \f(CW\*(C`From:\*(C'\fR field in an email message header.  For
example, if \fBname\fR is set to \f(CW\*(C`Mail Avenger\*(C'\fR, running \f(CW\*(C`macutil
\&\-\-sender \*(Aqmyname+tmp+*host\*(Aq \-\-from \*(AqMail Avenger\*(Aq\*(C'\fR might output:
.Sp
.Vb 1
\&    Mail Avenger <myname+tmp+zjkifk8kuvsy7rubu7vqadmwnn@host>
.Ve
.Sp
Note that if the \fB\s-1MACUTIL_SENDER\s0\fR environment variable has been set,
this will be used as a default value for the \fB\-\-sender\fR option if you
invoke \fBmacutil \-\-from\fR and don't specify a \fB\-\-sender\fR.
.IP "\fB\-\-fromexp\fR \fIphrase\fR" 4
.IX Item "--fromexp phrase"
In conjunction with the \fB\-\-from\fR option, this option includes an
expiration time for the address in a comment.  For example, supplying
a \fIphrase\fR of \f(CW\*(C`address expires\*(C'\fR would result in output like this:
.Sp
.Vb 2
\&    Mail Avenger (address expires 07 Dec 2004)
\&        <myname+tmp+zjkifk8kuvsy7rubu7vqadmwnn@host>
.Ve
.IP "\fB\-\-check\fR (\fB\-c\fR)" 4
.IX Item "--check (-c)"
Checks a code, as described above.  Exits 0 on success; exits non-zero
with a message to standard error if the code is invalid.
.IP "\fB\-\-passfile=\fR\fIfile\fR (\fB\-p\fR \fIfile\fR)" 4
.IX Item "--passfile=file (-p file)"
Specify the passphrase file to use.
.Sp
Note that if \fIfile\fR contains multiple passphrases, one per line,
\&\fB\-\-gen\fR always uses the first passphrase in the file.  \fB\-\-check\fR,
however, will try all passphrases until one succeeds, and only output
failure if they all fail.  In this way, you can change your
passphrase, but keep accepting the old one for a time by leaving it as
the second line of the file.
.IP "\fB\-\-expire=\fR\fIdate\fR" 4
.IX Item "--expire=date"
Specify the expiration date for the code.  \fIdate\fR can be an absolute
number of seconds since midnight, Jan 1, 1970, \s-1GMT.\s0  Alternatively
(and perhaps more usefully), it can be expressed relative to the
current time, as:
.RS 4
.IP "\fB+\fR\fInum\fR\fBh\fR" 4
.IX Item "+numh"
.PD 0
.IP "\fB+\fR\fInum\fR\fBD\fR" 4
.IX Item "+numD"
.IP "\fB+\fR\fInum\fR\fBW\fR" 4
.IX Item "+numW"
.RE
.RS 4
.PD
.Sp
to specify \fInum\fR hours, days, or weeks in the future.  The full range
of suffixes allowed is \fBs\fR, \fBm\fR, \fBh\fR, \fBD\fR, \fBW\fR, \fBM\fR, and \fBY\fR,
which designate seconds, minutes, hours, days, weeks, months, and
years, respectively.  The default expiration time is 21 days
(\f(CW\*(C`+21D\*(C'\fR).
.RE
.IP "\fB\-\-aux=\fR\fIstring\fR" 4
.IX Item "--aux=string"
Permutes the algorithm using \fIstring\fR.  You must specify the same
\&\fB\-\-aux\fR argument when both generating and checking codes.  This
allows you to re-use the same password for different sets of codes.
For example, you might require tokens generated with \f(CW\*(C`macutil \-\-gen
\&\-\-aux=list1\*(C'\fR to be embedded in recipient addresses for one mailing
list, and \f(CW\*(C`macutil \-\-gen \-\-aux=list2\*(C'\fR to be embedded in recipient
addresses for another.  Someone who has an address that is valid for
one list will still not be able to send to the other.
.IP "\fB\-\-date=\fR\fIdate\fR" 4
.IX Item "--date=date"
Run as if the current time were \fIdate\fR.  As with \fB\-\-expire\fR, \fIdate\fR
can be an absolute number or can be relative to the current time.  Use
\&\fB\-\fR instead of \fB+\fR to specify a time in the past (e.g.,
\&\fB\-\fR\fInum\fR\fIh\fR or \fB\-\fR\fInum\fR\fID\fR).
.IP "\fB\-\-sendmail\fR" 4
.IX Item "--sendmail"
This option must be the last sendmac option.  It tells macutil to run
sendmail with the remaining arguments you have specified, but to
insert the options \fB\-f\fR \fIaddress\fR at the beginning of the argument
list, where \fIaddress\fR is generated as with the \fB\-\-sender\fR option.
You must specify an address template, either through explicit use of
the \fB\-\-sender\fR option, or by setting the
\&\fB\s-1MACUTIL_SENDER\s0\fR environment variable.
.Sp
For example, if \fB\s-1MACUTIL_SENDER\s0\fR is \f(CW\*(C`myname+bounces+*\*(C'\fR, running
\&\f(CW\*(C`macutil \-\-sendmail friend@domain.com\*(C'\fR might run the command:
.Sp
.Vb 3
\&    sendmail \-f \e
\&        myname+bounces+zjkifk8kuvsy7rubu7vqadmwnn \e
\&        friend@domain.com
.Ve
.Sp
Note that if invoke the macutil program as \f(CW\*(C`sendmac\*(C'\fR (or as any other
name you link it to beginning with the four letters \f(CW\*(C`send\*(C'\fR), it will
automatically behave as though there were an extra first argument of
\&\fB\-\-sendmail\fR.  (In this case, you cannot specify any sendmac options,
but you can still control sendmac's behavior through the environment
variables listed below.)
.SH "ENVIRONMENT"
.IX Header "ENVIRONMENT"
.IP "\fB\s-1MACUTIL_EXPIRE\s0\fR" 4
.IX Item "MACUTIL_EXPIRE"
Sets the expiration time if not explicitly overwritten by the
\&\fB\-\-expire\fR flag.  If \fB\s-1MACUTIL_EXPIRE\s0\fR is not set, macutil uses a
default value of \f(CW\*(C`+21D\*(C'\fR (21 days).
.IP "\fB\s-1MACUTIL_FROMEXP\s0\fR" 4
.IX Item "MACUTIL_FROMEXP"
If this option is set to \fIphrase\fR, then the output of \f(CW\*(C`sendmac
\&\-\-from\*(C'\fR will always behave as though an extra \fB\-\-fromexp\fR \fIphrase\fR
argument had been supplied.
.IP "\fB\s-1MACUTIL_PASSFILE\s0\fR" 4
.IX Item "MACUTIL_PASSFILE"
Specifies a passphrase file other than the default of
\&\fI\f(CI$HOME\fI/.avenger/.macpass\fR.
.IP "\fB\s-1MACUTIL_SENDER\s0\fR" 4
.IX Item "MACUTIL_SENDER"
Specifies a template sender address to use as a default value of
\&\fB\-\-sender\fR with the \fB\-\-sendmail\fR and \fB\-\-from\fR options.  See the
descriptions of the \fB\-\-sendmail\fR and \fB\-\-from\fR options above for more
information.
.IP "\fB\s-1MACUTIL_SENDMAIL\s0\fR" 4
.IX Item "MACUTIL_SENDMAIL"
Specifies the path to sendmail for the \fB\-\-sendmail\fR option.  The
default is just \fIsendmail\fR.
.SH "FILES"
.IX Header "FILES"
\&\fI\f(CI$HOME\fI/.avenger/.macpass\fR
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBavenger\fR\|(1)
.PP
The Mail Avenger home page: <http://www.mailavenger.org/>.
.SH "BUGS"
.IX Header "BUGS"
macutil is designed to provide casual security against people trying
to guess a valid temporary email address.  Don't use it where stronger
authentication is required.  In particular, for any given passphrase,
a random code will be valid (at least on some date) with probability 1
in 2^64.  While these are tough odds to beat, cryptographers generally
prefer a margin of safety closer to 1 in 2^128 for high-security
applications (though that would require longer codes).
.PP
Someone who sees a valid code can mount an off-line dictionary attack
against your passphrase.  In other words, while it is hard recover
your passphrase outright, given a valid code, it is is easy to verify
whether a particular guess of your passphrase is correct.  By guessing
every word in the dictionary, an attacker can recover weak
passphrases.
.PP
Technically, the cryptographic operation performed on the keys is
encryption, not a message authentication code (or \s-1MAC\s0).  Hence, one
could argue the utility is misnamed.
.SH "AUTHOR"
.IX Header "AUTHOR"
David Mazie\*`res