\section{The User Interface} \label{sec:impl-ui} Currently, the Free Haven user interface must reside on a Free Haven node. The user interface consists of a perl script, called handler.pl, which is invoked through CGI. An HTML document contains the appropriate form syntax and information necessary to invoke the user interface on a particular Free Haven node. The remote execution of the user interface perl script is made possible through a web server that allows CGI execution. The Free Haven node must be running a web server configured to allow CGI requests in order for users to access Free Haven. The two necessary user interface operations are the ability to insert a document into the Free Haven system and the ability to retrieve that document from the system. These two operations require completely different actions to be taken, and thus are implemented somewhat independently of each other. \subsection{Inserting a Document} In order to insert a document into the Free Haven system, a user first brings up the appropriate form. An example form can be found at {\tt http://web.mit.edu/www/tkamin/form.html}. Using the bottom of this form, the user selects a document for upload. Note that the current implementation only allows for insertion of text files into Free Haven. The user also has the option of setting the time to expiration of the document. (The default time to expiration is 4 weeks.) By choosing the time to expiration of the document, the user is given a promise that the document will not be deleted for that amount of time. Pressing the submit button causes the time to expiration and the document to be delivered to the CGI program. The current version of this CGI program can be found at {\tt http://freehaven.net/freehaven-cgi/handler.pl}. This CGI program is a perl script running on a Free Haven node; it effectively represents the ``user interface.'' With the information provided in this ``insert'' request, the user interface perl script produces shares for insertion into Free Haven. The user interface first proceeds to split the document using Rabin's Information Dispersal Algorithm \cite{rabin-ida} into a specified number $n$ pieces with $k$ ($k < n$) being required to recreate the document. The values of $k$ and $n$ are specified in the file {\tt cgi.conf} and can be easily changed. The user interface then converts the output from the IDA program into shares according to the ``composition of shares'' specification. The expiration date is determined by adding the time to expiration and the current GMT time. Once the share is built up to the $$ tag, the user interface uses the Simplified Wrapper and Interface Generator (SWIG) \cite{swig} to invoke a method in the cryptography module that provides a unique signature. The user interface appends the signature and closes the share. Each share is placed in a separate file. By making the assumption that {\tt handler.pl} will reside on a Free Haven node, the user interface script is able to communicate with the haven module through files placed in a prespecified directory. The share files built by the user interface contain sufficient information to be uploaded directly into Free Haven. The user interface moves the files containing shares to the preconfigured directory. The haven process eventually (more precisely, each time a trade is offered) comes along and uploads these shares into the servnet. Lastly, the user interface returns to the user an HTML page containing the public key of the document and the hash of the public key of the document. (For security and anonymity purposes, we may wish to configure this script later to never notify the user of the actual public key which was used to create his shares.) The user will need to keep the hash of the public key of the document in order to retrieve the document. \subsection{Retrieving a Document} The functionality for retrieving a document is provided through the same form and perl script that is used for inserting a file. The form provides input fields for whatever information it may need to retrieve the shares of a document and deliver them to the user. In particular, the user must provide the hash of the public key of the document, some remailer reply block, and optionally some public key with which the shares can be encrypted. This information is then sent using {\tt post} to the user interface. After receiving the public hash of the file and the remailer reply block from the CGI request, the user interface script builds a message for broadcast to all of the Free Haven servnet nodes. This message includes the hash of the public key of the document and requests that all shares having matching hashes be sent to the reply block. The user interface arranges for the message to be sent to all the nodes through the comm module. The Free Haven nodes that have the requested shares are encouraged, but not required, to send their shares to the included reply block. Because shares of the document (instead of the document itself) are sent to the reply block, Free Haven will provide a script for the user to recombine a document's shares.