test

SunScreen SKIP User's Guide, Release 1.5.1

Passphrase Protection

SKIP includes a feature that allows you to protect your locally stored secrets with a passphrase. A passphrase differs from a password in that it is longer and capitalization counts. This passphrase is used to encrypt all of your SKIP secret values. Your passphrase should be one that you can remember, but that is hard to guess. You can change the passphrase or delete it at any time. After you set, change, or delete your passphrase, you should run skipd_restart to reinitialize your key manager.

Note -

Once you have protected your secret values with a passphrase, each time that you reboot you will not be able to run SKIP-encrypted connections because your system cannot get to your locally stored secrets with the passphrase. You must run skipd_restart which will then prompt you for your passphrase.

Caution - Caution -

If you forget your passphrase, there is no way to discover it or recover it. Your protected locally stored secrets will no longer be available. If you do not know the passphrase and you want to reinstall or upgrade the software, you must first remove the old software and its locally stored secrets. See "Upgrading From Earlier SKIP Versions". The old locally stored secrets will remain encrypted with the old passphrase and will be unavailable.

Once you set a passphrase, you are prompted for it each time you add a new local identity (through skiplocal -a) or generate a new key (through skiplocal -k).

Activating Your Passphrase

To activate your passphrase, use the following procedure:

  1. Type:


    skiplocal -P

  2. You are prompted as follows:


    You are now assigning
a global passphrase which will be used to encrypt all of your SKIP
secret values. Please choose a passphrase which you will remember,
but will be hard for someone else to guess
New global passphrase:	<type a new passphrase>
again: <type the new passphrase>

  3. To reinitialize your key manager, type:


    skipd_restart
Changing Your Passphrase

To change your passphrase, use the following procedure:

  1. Type:


    skiplocal -P

  2. You are prompted as follows:


    You are now changing
the global passphrase which is used to encrypt your SKIP secrets
Global passphrase:	<type a old passphrase>
New Passphrase:	<type a new passphrase>
again:	<type the new passphrase>

  3. To reinitialize your key manager, type


    skipd_restart
Removing Your Passphrase

To remove your passphrase, use the following procedure:

  1. Type:


    skiplocal -R

  2. You are prompted as follows:


    You are now removing
the global passphrase which will be used to encrypt all of your
SKIP secrets.
Global passphrase:	<type your passphrase>

    If it matches, all locally stored secrets are decrypted and stored and the passphrase feature is disabled.

  3. To reinitialize your key manager, type:


    skipd_restart