Encryption and Decryption

An unencrypted message is called a plaintext message. An encrypted message is called a ciphertext message.

Digital encryption algorithms work by manipulating the content of a plaintext message mathematically, using an encryption algorithm and a digital key to produce a ciphertext version of the message. The sender and recipient can communicate securely if the sender and recipient are the only ones who know the key.

Encryption is important to SunScreen because it provides a mechanism for protecting the privacy of communications and authenticating the identities of the sender and receiver. Encryption technology enables you to authenticate systems and users. As a result, you can define rules that control access according to specific cryptographic identities rather than according to general IP addresses.

SunScreen uses either IPsec/IKE (Internet Protocol Security Architecture/Internet Key Exchange) or SKIP (SunScreen Simple Key Management for Internet Protocols) as the basis for its encryption technology. Both IKE and SKIP provide secure, encrypted communication between a remote Administration Station and a Screen and between a Screen and a remote host. SunScreen also provides for the use of tunneling and VPNs.

SunScreen incorporates cryptography at the network (IP) layer to provide privacy and authentication over insecure public networks such as the Internet. For full descriptions of SKIP, IPsec, and the Sun Certification-Authority-issued keys and certificates, see the SunScreen SKIP User's Guide, Release 1.5.1, "Overview of IPv6" in System Administration Guide, Volume 3, and "Overview of IPsec" in System Administration Guide, Volume 3.

You can use the skiptool GUI, IKE GUI, or the command line to set up an Adminstration Station to encrypt administration commands that travel from a remote Administration Station over a potentially insecure network to a Screen.