Protecting Files With the Cryptographic Framework
This section
describes how to generate symmetric keys, how to create checksums for file integrity,
and how to protect files from eavesdropping. System users can run the commands
described in this section, and developers can write scripts that use them.
To configure your system in FIPS 140-2 mode, you must use FIPS 140-2 validated algorithms,
modes, and key lengths. See FIPS 140-2 Algorithms in the Cryptographic Framework in Using a FIPS 140-2 Enabled System in Oracle Solaris 11.3.
The Cryptographic Framework can help you protect your files. The following task map
points to procedures for listing the available algorithms, and for protecting your
files cryptographically.
Table 2 Protecting Files With the Cryptographic Framework Task Map
|
|
|
Generate a symmetric key.
|
Generates a key of user-specified length. Optionally,
stores the key in a file, a PKCS #11 keystore, or an NSS
keystore.
|
|
Provide a checksum that ensures the integrity of a
file.
|
Verifies that the receiver's copy of a file is identical to
the file that was sent.
|
|
Protect a file with a message authentication code
(MAC).
|
Verifies to the receiver of your message that you were the
sender.
|
|
Encrypt a file, and then decrypt the encrypted file.
|
Protects the content of files by encrypting the file.
Provides the encryption parameters to decrypt the
file.
|
|
|