Protecting Files With the Cryptographic Framework

Language:

This section describes how to generate symmetric keys, how to create checksums for file integrity, and how to protect files from eavesdropping. System users can run the commands described in this section, and developers can write scripts that use them.

To configure your system in FIPS 140-2 mode, you must use FIPS 140-2 validated algorithms, modes, and key lengths. See FIPS 140-2 Algorithms in the Cryptographic Framework in Using a FIPS 140-2 Enabled System in Oracle Solaris 11.3.

The Cryptographic Framework can help you protect your files. The following task map points to procedures for listing the available algorithms, and for protecting your files cryptographically.

Table 2 Protecting Files With the Cryptographic Framework Task Map

Task	Description	For Instructions
Generate a symmetric key.	Generates a key of user-specified length. Optionally, stores the key in a file, a PKCS #11 keystore, or an NSS keystore. For FIPS 140-2 approved mode, select a key type, mode, and key length that has been validated for FIPS 140-2. See FIPS 140-2 Algorithms in the Cryptographic Framework in Using a FIPS 140-2 Enabled System in Oracle Solaris 11.3.	How to Generate a Symmetric Key by Using the pktool Command
Provide a checksum that ensures the integrity of a file.	Verifies that the receiver's copy of a file is identical to the file that was sent.	How to Compute a Digest of a File
Protect a file with a message authentication code (MAC).	Verifies to the receiver of your message that you were the sender.	How to Compute a MAC of a File
Encrypt a file, and then decrypt the encrypted file.	Protects the content of files by encrypting the file. Provides the encryption parameters to decrypt the file.	How to Encrypt and Decrypt a File