test

SunScreen SKIP User's Guide, Release 1.1

Installing SKIP Binaries

  1. Mount the CD-ROM and type


    volcheck
    Note -

    If you are not using vold on your system, type

    # mount -F hsfs -oro /dev/dsk/c0t6d0s0/mnt

    The device name or the mount point or both depends on your local system configuration.

  2. Go to the directory on the CD-ROM for your OS

    Solaris for the SPARC Platform:


    cd /cdrom/cdrom0/sparc

    Solaris for the Intel Platform:


    cd /cdrom/cdrom0/x86
    Note -

    If you have mounted the CD-ROM manually, replace /cdrom/cdrom0 with /mnt.

  3. Use the standard Solaris operating system pkgadd command to add all packages 


    pkgadd  -d `pwd`

  4. Add /opt/SUNWicg/bin to your PATH variable


    PATH=/opt/SUNWicg/bin:$PATH
export PATH

  5. Generate a secret and a public certificate locally by issuing the command


    skiplocal keygen

  6. Add SKIP to your network interface by issuing the command


    skipif -a

  7. Reboot the machine.

  8. Enable SKIP and configure IP encryption with one other host


    PATH=$PATH:/opt/SUNWicg/bin; export PATH
skiphost -a default default IP traffic is unencrypted
skiplocal export	prints the skiphost command
  	              others need to run to talk to us
skiplocal export | mail Friend@remote.host

    Friend@remote.host should issue these commands as well. Once the corresponding mail is received, verify out-of-band (for example, over the telephone) that the received mail matches the mail that was sent. Then execute the received skiphost command.


    skiphost -o on	enable SKIP

Is It Working?

At this point, encryption should be enabled with the remote host. Traffic will be exchanged with all other hosts in the clear.

  1. ping the other host to make sure everything is working


    ping host

  2. View the key manager log file to see if the certificate exchange and the shared-secret computation succeeded


    tail /var/log/skip.log

  3. If you have snoop, tcpdump, etherfind, or some other packet dumping utility, you can verify that encrypted packets are using protocol 57.

Examining the Local SKIP Configuration

skiphost

list the SKIP access control entries 

skiplocal list

list the set of local identities 

skipdb list

list the certificates in our database 

skipca list

list the Certificate Authorities we trust 

SKIP configuration files are stored in the /etc/opt/SUNWicg/skip directory.