install_skip_keys: Installing Keys and Certificates From a Certificate Authority

install_skip_keys installs keys received from a key server (default) or from the SunCA (if -icg is specified). If you are installing a key package from a key server, the filename specifies the name of that package. The key file is a pretty good privacy (PGP) or an encoded file containing: a Diffie-Hellman private key, a Diffie-Hellman signed public key, the common Diffie-Hellman parameters used by the certificate issuer, the certificate issuer's signed public key, and a MD5 checksum of the other four files. The filename is an encoded tar file usually received from a key server or other certificate issuer.

If you are installing a SunCA certificate, the filename is the name of the directory that contains the files. This is usually a diskette, so the path will often be similar to

/floppy/floppy0

install_skip_keys verifies the MD5 checksums of the individual files with the checksum file. If they match, the files are copied into place.

The key manager must be restarted (see skipd_restart) in order for it to recognize the new keys.

Currently, the name of the certificate is hard coded into the code. Certificates are expected to come from the SKIP experimental Zero Assurance Certificate Issuer or the SunCA. Even if they do not, the certificate will have to be called ZeroAssurance_Cert. This release does not support multiple certificate issuers.