Mount the CD-ROM and type
volcheck |
If you are not using vold on your system, type
# mount -F hsfs -oro /dev/dsk/c0t6d0s0/mnt
The device name or the mount point or both depends on your local system configuration.
Go to the directory on the CD-ROM for your OS
Solaris for the SPARC Platform:
cd /cdrom/cdrom0/sparc |
Solaris for the Intel Platform:
cd /cdrom/cdrom0/x86 |
If you have mounted the CD-ROM manually, replace /cdrom/cdrom0 with /mnt.
Use the standard Solaris operating system pkgadd command to add all packages
pkgadd -d `pwd` |
Add /opt/SUNWicg/bin to your PATH variable
PATH=/opt/SUNWicg/bin:$PATH export PATH |
Generate a secret and a public certificate locally by issuing the command
skiplocal keygen |
Add SKIP to your network interface by issuing the command
skipif -a |
Reboot the machine.
Enable SKIP and configure IP encryption with one other host
PATH=$PATH:/opt/SUNWicg/bin; export PATH skiphost -a default default IP traffic is unencrypted skiplocal export prints the skiphost command others need to run to talk to us skiplocal export | mail Friend@remote.host |
Friend@remote.host should issue these commands as well. Once the corresponding mail is received, verify out-of-band (for example, over the telephone) that the received mail matches the mail that was sent. Then execute the received skiphost command.
skiphost -o on enable SKIP |
At this point, encryption should be enabled with the remote host. Traffic will be exchanged with all other hosts in the clear.
ping the other host to make sure everything is working
ping host |
View the key manager log file to see if the certificate exchange and the shared-secret computation succeeded
tail /var/log/skip.log |
If you have snoop, tcpdump, etherfind, or some other packet dumping utility, you can verify that encrypted packets are using protocol 57.
skiphost |
list the SKIP access control entries |
skiplocal list |
list the set of local identities |
skipdb list |
list the certificates in our database |
skipca list |
list the Certificate Authorities we trust |
SKIP configuration files are stored in the /etc/opt/SUNWicg/skip directory.