Before installing SunScreen SKIP, Release 1.1, be sure that you have the CD-ROM for the base software and any encryption upgrade CD-ROMs or diskettes to which you are entitled.
For the new user, this chapter tells about
Installing SunScreen SKIP. ("Installing the Software")
Generating and installing an Unsigned Diffie-Hellman (UDH) key pair, if you are using UDH. ("Installing SKIP Unsigned Diffie-Hellman (UDH) Certificates")
Installing SunScreen SKIP on your network interface. ("Installing Your Network Interface")
Rebooting your system. ("Rebooting Your System")
Protecting your locally stored secrets with a passphrase. ("Activating Your Passphrase")
For the user who is upgrading from any version of SKIP for Solaris to this release, this chapter tells about
Upgrading to SunScreen SKIP. ("Upgrading From Earlier Versions of SKIP for Solaris")
Generating and installing an Unsigned Diffie-Hellman (UDH) key pair. ("Installing SKIP Unsigned Diffie-Hellman (UDH) Certificates")
Installing SunScreen SKIP on your network interface. ("Installing Your Network Interface")
Rebooting your system. ("Rebooting Your System")
Protecting your locally stored secrets with a passphrase. ("Activating Your Passphrase" )
This section provides instructions for installing SunScreen SKIP on Solaris for SPARC Platforms, Versions 2.4, 2.5, or 2.5.1 and Solaris for the Intel Platform.
To install and run the software, you must be able to become root on your local system and know the IP address of the machine on which SKIP is to be installed. Ask your systems administrator for the IP address of your machine. To install the software for the first time or if you are installing it without saving the configurations, follow these steps:
Open a terminal window and become root.
Mount the CD-ROM through the file manager by typing
volcheck |
If you are not using vold on your system, type
# mount -F hsfs -oro /dev/dsk/c0t6d0s0 /mnt
The device name or the mount point or both depends on your local system configuration.
Go to the directory on the CD-ROM for your OS. (The examples assume a machine with only one CD-ROM.)
Solaris for the SPARC Platform:
cd /cdrom/cdrom0/sparc |
Solaris for the Intel Platform:
cd /cdrom/cdrom0/x86 |
If you have mounted the CD-ROM manually, replace /cdrom/cdrom0 with /mnt.
Type the standard Solaris operating system pkgadd command to add all packages:
pkgadd -d `pwd` |
You will be prompted with the following menu of packages to install.
1 SICGbdcdr SKIP Bulk Data Crypt 1.1-FCS Software (sparc) 1.1-FCS 2 SICGcrc2 SKIP RC2 Crypto Module 1.1-FCS Software (sparc) 1.1-FCS 3 SICGcrc4 SKIP RC4 Crypto Module 1.1-FCS Software (sparc) 1.1-FCS 4 SICGes SKIP End System 1.1-FCS Software (sparc) 1.1-FCS 5 SICGkeymg SKIP Key Manager Tools 1.1-FCS Software (sparc) 1.1-FCS 6 SICGkisup SKIP I-Support module 1.1-FCS Software (sparc) 1.1-FCS Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: |
Select a (all). As the prompts appear, answer questions with Y (yes) followed with a <Return> if you wish to add the package.
When you get back to the same menu of packages, type q followed by a <Return> to quit pkgadd.
To eject the CD-ROM from the CD-ROM drive, type
cd / eject cdrom0 |
or eject the CD-ROM from the CD-ROM drive through the file manager.
If you are not using vold on your system, unmount your CD-ROM by typing
# cd /
# umount/mnt
# eject cdrom0
To add /opt/SUNWicg/bin to your PATH variable in the Bourne shell, type
PATH=/opt/SUNWicg/bin:$PATH export PATH |
To add /opt/SUNWicg/man to your MANPATH variable in the Bourne shell, type
MANPATH=/opt/SUNWicg/man:$MANPATH export MANPATH |
It will be helpful to add /opt/SUNWicg/bin to the PATH variable in your initialization file (such as: .profile, .cshrc, or .login file), and /opt/SUNWicg/man to the MANPATH variable in the same file.
Now you are ready to generate and install SKIP Unsigned Diffie-Hellman (UDH) certificates (Section "Installing SKIP Unsigned Diffie-Hellman (UDH) Certificates") or to install SunCA certificates (Chapter 2) and to install SunScreen SKIP on your network interface (Section "Installing Your Network Interface"). After you have completed these two procedures, you must reboot your system (Section "Rebooting Your System").
You may use SKIP Unsigned Diffie-Hellman certificates and SunCA keys and certificates at the same time on SunScreen SKIP.
To remove any version of SKIP for Solaris, become root and use the pkginfo and pkgrm packages shown in the following steps.
Type
pkginfo | grep SICG |
to list the SKIP packages that were installed:
1 SICGbdcdr SKIP Bulk Data Crypt 1.0.3-FCS Software (sparc) 1.0.3-FCS 2 SICGcrc2 SKIP RC2 Crypto Module 1.0.3-FCS Software (sparc) 1.0.3-FCS 3 SICGcrc4 SKIP RC4 Crypto Module 1.0.3-FCS Software (sparc) 1.0.3-FCS 4 SICGes SKIP End System 1.0.3-FCS Software (sparc) 1.0.3-FCS 5 SICGkeymg SKIP Key Manager Tools 1.0.3-FCS Software (sparc) 1.0.3-FCS 6 SICGkisup SKIP I-Support module 1.0.3-FCS Software (sparc) 1.0.3-FCS |
Type
pkgrm SIGbdcdr SICGcrc2 SICGcrc4 SICGes SICGkeymg SICGisup |
and answer Y (yes) to questions that the pkgrm program asks. The pkgrm program ends with the statement:
Removal of <SICGkisup> was successful. |
This is valid only for this example. If moduli of other sizes were used, then the last package remove would be different.
To remove the "/etc/opt/SUNWicg/skip" directory and any configurations that were installed, type
rm -rf /etc/opt/SUNWicg/skip |
If you want to preserve previous configurations (access control list [ACL] files, certificates, and the key manager configuration file), do not remove the /etc/opt/SUNWicg/skip directory.
To reboot the machine, type
init 6 |
Become root on your local system and then follow these steps:
Open a terminal window and become root.
Mount the CD-ROM through the file manager or by typing
volcheck |
If you are not using vold on your system, type
# mount -F hsfs -oro /dev/dsk/c0t6d0s0/mnt
The device name or the mount point or both depends on your local system configuration.
Go to the directory on the CD-ROM for your OS:
Solaris for the SPARC Platform:
cd /cdrom/cdrom0/sparc |
Solaris for the Intel Platform:
cd /cdrom/cdrom0/x86 |
If you have mounted the CD-ROM manually, replace /cdrom/cdrom0 with /mnt.
To use the standard Solaris operating system pkgadd command to add all packages, type
pkgadd -d `pwd` |
You will be prompted with the following menu of packages to install.
1 SICGbdcdr SKIP Bulk Data Crypt 1.1-FCS Software (sparc) 1.1-FCS 2 SICGcrc2 SKIP RC2 Crypto Module 1.1-FCS Software (sparc) 1.1-FCS 3 SICGcrc4 SKIP RC4 Crypto Module 1.1-FCS Software (sparc) 1.1-FCS 4 SICGes SKIP End System 1.1-FCS Software (sparc) 1.1-FCS 5 SICGkeymg SKIP Key Manager Tools 1.1-FCS Software (sparc) 1.1-FCS 6 SICGkisup SKIP I-Support module 1.1-FCS Software (sparc) 1.1-FCS Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: |
Select a (all) or the number of the package. As the prompts appear, answer questions with Y (yes) followed with a <Return>, if you wish to add the package.
When you get back to the same menu of packages, type q followed by a <Return> to quit pkgadd.
When you get back to the same menu of packages, type q to quit.
To eject the CD-ROM from the CD-ROM drive, type
cd / eject cdrom0 eject cdrom0 |
or eject the CD-ROM through the file manager.
If you are not using vold on your system, unmount your CD-ROM by typing
# cd /
# umount/mnt
# eject cdrom0
Now you are ready to generate and install SKIP Unsigned Diffie-Hellman (UDH) certificates if you are going to use SKIP UDH certificates.
You may use SKIP UDH certificates and SunCA keys and certificates at the same time on SunScreen SKIP.
You are also ready to install SunScreen SKIP on any new or different network interface, if you need to. Generate and install the SKIP UDH certificates (Section "Installing SKIP Unsigned Diffie-Hellman (UDH) Certificates") and install SunScreen SKIP on the network interface (Section "Installing Your Network Interface") before you reboot your system.
If you are going to use the same keys and certificates and network interface that you used in SKIP for Solaris, Release 1.0, you only need to reboot your system according to the instructions in "Rebooting Your System". This is only true if you did not remove the /etc/opt/SUNWicg/skip directory.