test

SunScreen SKIP User's Guide, Release 1.5.1

Upgrading From Earlier SKIP Versions

To upgrade to SunScreen SKIP 1.5.1 from an earlier SKIP version, you must first remove the old version then install the new packages.

Removing Versions Earlier than SunScreen SKIP 1.5

To remove any version of SKIP for the Solaris operating environment earlier than 1.5, become root and use the pkginfo and pkgrm packages shown in the following steps:

  1. To list the SKIP packages that were installed, type:


    #pkginfo | grep SICG

    The list of packages is displayed: 


    1 SICGbdcdr	SKIP Bulk Data Crypt 1.0.3-FCS Software
2 SICGcrc2	SKIP RC2 Crypto Module 1.0.3-FCS Software
3 SICGcrc4	SKIP RC4 Crypto Module 1.0.3-FCS Software
4 SICGes	SKIP End System 1.0.3-FCS Software
5 SICGkeymg	SKIP Key Manager Tools 1.0.3-FCS Software
6 SICGkisup	SKIP I-Support module 1.0.3-FCS Software
	(sparc) 1.0.3-FCS

  2. To remove the packages, type:


    # pkgrm package_names

  3. Answer y (yes) to questions that the pkgrm program asks. The pkgrm program ends with the statement: 


    Removal of <SICGkisup> was successful.
    Note -

    This is valid only for this example. If moduli of other sizes were used, then the last package removed will be different.

  4. To remove the /etc/opt/SUNWicg/skip directory and any configurations that were installed, type:


    # rm -rf /etc/opt/SUNWicg/skip
    Caution - Caution -

    If you want to preserve previous configurations (including certificates, and the key manager configuration file), do not remove the /etc/opt/SUNWicg/skip directory.

  5. To reboot the machine, type:

    # init 6

Removing SunScreen SKIP 1.5 or 1.5B

To remove SunScreen SKIP. Release 1.5 or Release 1.5B, for the Solaris operating environment, become root and use the pkginfo and pkgrm packages shown in the following steps:

  1. To list the SKIP packages that were installed, type:


    # pkginfo | grep -i skip

    The list of packages is displayed: 


    application SUNW3des       SKIP 3DES Crypto Module
application SUNW3desx      SKIP 3DES Crypto Module (64-bit)
application SUNWbdc        SKIP Bulk Data Crypt
application SUNWbdcx       SKIP Bulk Data Crypt (64-bit)
application SUNWdes        SKIP DES Crypto Module
application SUNWdesx       SKIP DES Crypto Module (64-bit)
application SUNWes         SKIP End System
application SUNWesx        SKIP End System (64-bit)
application SUNWkdsup      SKIP D-Support module
application SUNWkeymg      SKIP Key Manager Tools
application SUNWkusup      SKIP U-Support module
application SUNWrc2        SKIP RC2 Crypto Module
application SUNWrc4        SKIP RC4 Crypto Module
application SUNWrc4s       SKIP RC4-128 Crypto Module
application SUNWrc4sx      SKIP RC4-128 Crypto Module (64-bit)
application SUNWrc4x       SKIP RC4 Crypto Module (64-bit)
application SUNWsafe       SKIP SAFER Crypto Module
application SUNWsafex      SKIP SAFER Crypto Module (64-bit)
application SUNWsman       SKIP Man Pages

  2. To remove the packages, type


    # pkgrm package_names

  3. Answer y (yes) to questions that the pkgrm program asks. The pkgrm program ends with the statement: 


    Removal of <SUNWsman> was successful.
    Note -

    This is valid only for this example. If moduli of other sizes were used, then the last package removed would be different.

  4. To remove the /etc/opt/SUNWicg/skip directory and any configurations that were installed, type:


    # rm -rf /etc/opt/SUNWicg/skip
    Caution - Caution -

    If you want to preserve previous configurations (including certificates, and the key manager configuration file), do not remove the /etc/opt/SUNWicg/skip directory.

  5. To reboot the machine, type:

    # init 6

Installing the New Version

Follow these steps:

  1. Open a terminal window and become root.

  2. Mount the CD-ROM through the file manager or by typing:


    #  volcheck
    Note -

    If you are not using vold on your system, type: 


    # mount -F hsfs -oro /dev/dsk/c0t6d0s0/mnt

    The device name or the mount point or both depends on your local system configuration.

  3. Go to the directory on the CD-ROM for your OS:

    Solaris operating environment for the SPARC Platform:


    # cd /cdrom/cdrom0/sparc

    Solaris operating environment for the Intel Platform:


    # cd /cdrom/cdrom0/x86
    Note -

    If you have mounted the CD-ROM manually, replace /cdrom/cdrom0 with /mnt.

  4. To use the standard Solaris operating environment pkgadd command to add all packages, type:


    # pkgadd  -d .

    You are prompted with the following menu of packages:


    1 SUNW3des	SKIP 3DES
Crypto Module 
	(sparc) 1.5.1
2 SUNW3desx	SKIP 3DES Crypto Module (64-bit 
	(sparc) 1.5.1
3 SUNWbdc	SKIP Bulk Data Crypt 
	(sparc) 1.5.1
4 SUNWbdcx	SKIP Bulk Data Crypt (64-bit) 
	(sparc) 1.5.1
5 SUNWdes	SKIP DES Crypto Module 
	(sparc) 1.5.1
6 SUNWdesx	SKIP DES Crypto Module (64-bit) 
	(sparc) 1.5.1
7 SUNWes	SKIP End System 
	(sparc) 1.5.1
8 SUNWesx	SKIP End System (64-bit 
	(sparc) 1.5.1
9 SUNWkdsup	SKIP D-Support module 
	(sparc) 1.5.1
10 SUNWkeymg	SKIP Key Manager Tools 
	(sparc) 1.5.1

... 8 more menu choices to follow;
<RETURN> for more choices, <CTRL-D> to stop display:

11 SUNWrc2	SKIP RC2 Crypto Module 
	(sparc) 1.5.1
12 SUNWrc4	SKIP RC4 Crypto Module 
	(sparc) 1.5.1
13 SUNWrc4s	SKIP RC4-128 Crypto Module 
	(sparc) 1.5.1
14 SUNWrc4sx	SKIP RC4-128 Crypto Module (64-bit) 
	(sparc) 1.5.1
15 SUNWrc4x	SKIP RC4 Crypto Module (64-bit) 
	(sparc) 1.5.1
16 SUNWsafe	SKIP SAFER Crypto Module 
	(sparc) 1.5.1
17 SUNWsafex	SKIP SAFER Crypto Module (64-bit) 
	(sparc) 1.5.1
18 SUNWsman	SKIP Man Pages sparc) 1.5.1

Select package(s) you wish to process (or "all" to
process all packages). (default: all) [?,??,q]: 
Select a (all). As the prompts appear, answer questions with Y (yes)
followed with a <Return> if you wish to add the package.

  5. Select a (all) or the number of the package. As the prompts appear, answer questions with y (yes), if you wish to add the package.

  6. When you get back to the same menu of packages, type q to quit.

  7. If you want to use certificates, and the key manager configuration file from an earlier version of SKIP, type:


    # cp /etc/opt/SUNWicg/skip/* /etc/skip
    Note -

    1.x ACLs cannot be used in version 1.5.1

  8. To eject the CD-ROM from the CD-ROM drive, type:


    # cd /
# eject cdrom0

    or eject the CD-ROM through the file manager.

    Note -

    If you are not using vold on your system, unmount your CD-ROM by typing: 


    # cd / 
# umount/mnt
# eject cdrom0

  9. To add /usr/sbin to your PATH variable in the Bourne shell, type:


    PATH=/usr/sbin:$PATH
export PATH

  10. To add /usr/share/man to your MANPATH variable in the Bourne shell, type:


    MANPATH=/usr/share/man:$MANPATH 
export MANPATH

  11. It is helpful to add /usr/sbin to the PATH variable in your initialization file (such as: .profile, .cshrc, or .login file), and /usr/share/man to the MANPATH variable in the same file.

Now you are ready to generate and install SKIP Unsigned Diffie-Hellman (UDH) certificates (if you are going to use them). You can use SKIP UDH certificates and SunCA keys and certificates at the same time with SunScreen SKIP.

You are also ready to install SKIP on any new or different network interface (if you need to). Generate and install the SKIP UDH certificates ("Installing SKIP Unsigned Diffie-Hellman (UDH) Certificates") and install SunScreen SKIP ("Installing Your Network Interface") on the network interface before you reboot your system.

Note -

If you are going to use the same keys, certificates and network interface that you used in SKIP for the Solaris operating environment, Release 1.0, you only need to reboot your system and restore any ACL files that you use. This is only true if you did not remove the /etc/opt/SUNWicg/skip directory and you copied over your old files.