SunScreen SKIP includes a new, optional feature that allows you to protect your locally stored secrets with a passphrase. A passphrase differs from a password in that it is longer and capitalization counts. It permits you to assign a global passphrase that will be used to encrypt all of your SKIP secret values. Your passphrase should be one that you can remember, but that is hard to guess. You can change the passphrase or delete it at any time. After you set, change, or delete your passphrase, you should run
skipd_restart |
to reinitialize your key manager.
Once you have protected your secret values with a passphrase, each time that you reboot you will not be able to run SunScreen SKIP-encrypted connections because your system cannot get to your locally stored secrets with the passphrase. You must run
# skipd_restart
which will then prompt you for your passphrase.
If you forget your passphrase, there is no way to discover it or recover it. Your protected locally stored secrets will no longer be available. If you do not know the passphrase and you want to reinstall or upgrade the software, you must first remove the old software and its locally stored secrets. See Section 2.2.2 Upgrading the Software. The old locally stored secrets will remain encrypted with the old passphrase and will be unavailable.
Once you set a passphrase, you will be prompted for it each time you add a new local identity (through skiplocal add or skiplocal keygen).
To activate your passphrase, use the following procedure:
Type
skiplocal passwd |
You will be prompted as follows:
You are now assigning a global passphrase which will be used to encrypt all of your SKIP secret values. Please choose a passphrase which you will remember, but will be hard for someone else to guess New global passphrase: <type a new passphrase> again: <type the new passphrase> |
To reinitialize your key manager, type
skipd_restart |
To change your passphrase, use the following procedure:
Type
skiplocal passwd |
You will be prompted as follows:
You are now changing the global passphrase which is used to encrypt your SKIP secrets Global passphrase: <type a old passphrase> New Passphrase: <type a new passphrase> again: <type the new passphrase> |
To reinitialize your key manager, type
skipd_restart |
To remove your passphrase, use the following procedure:
Type
skiplocal rmpasswd |
You will be prompted as follows:
You are now removing the global passphrase which will be used to encrypt all of your SKIP secrets Global passphrase: <type your passphrase> |
If it matches, all locally stored secrets are decrypted and stored and the passphrase feature is disabled.
To reinitialize your key manager, type
skipd_restart |
You can use delpasswd as an alias for rmpasswd.