To Install Keys in the Client OBP
You can assign key values to OBP network boot argument variables before you boot the client. These keys can then be used for future WAN boot installations of the client.
To install keys in the client OBP, follow these steps.
If you want to assign key values to OBP network boot argument variables, follow these steps.
-
Assume the same user role as the web server user on the WAN boot server.
-
Display the key value for each client key.
# wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=key-type
- net-ip
-
The IP address of the client's subnet.
- client-ID
-
The ID of the client you want to install. The client ID can be a user-defined ID or the DHCP client ID.
- key-type
-
The key type you want to install on the client. Valid key types are 3des, aes, or sha1.
The hexadecimal value for the key is displayed.
-
Repeat the previous step for each type of client key you want to install.
-
Bring the client system to run level 0.
# init 0
The ok prompt is displayed.
-
At the client ok prompt, set the value for the hashing key.
ok set-security-key wanboot-hmac-sha1 key-value
- set-security-key
-
Installs the key on the client
- wanboot-hmac-sha1
-
Instructs OBP to install a HMAC SHA1 hashing key
- key-value
-
Specifies the hexadecimal string that is displayed in Step 2.
The HMAC SHA1 hashing key is installed in the client OBP.
-
At the client ok prompt, install the encryption key.
ok set-security-key wanboot-3des key-value
- set-security-key
-
Installs the key on the client
- wanboot-3des
-
Instructs OBP to install a 3DES encryption key. If you want to use an AES encryption key, set this value to wanboot-aes.
- key-value
-
Specifies the hexadecimal string that represents the encryption key.
The 3DES encryption key is installed in the client OBP.
After you install the keys, you are ready to install the client. See Installing the Client for instructions about how to install the client system.
-
(Optional) Verify that the keys are set in the client OBP.
ok list-security-keys Security Keys: wanboot-hmac-sha1 wanboot-3des -
(Optional) If you need to delete a key, type the following command.
ok set-security-key key-type
Example 12–2 Installing Keys in the Client OBP
The following example shows how to install a hashing key and an encryption key in the client OBP.
Display the key values on the WAN boot server.
# wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 # wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 |
The previous example uses the following information.
- net=192.168.198.0
-
Specifies the IP address of the client's subnet
- cid=010003BA152A42
-
Specifies the client's ID
- b482aaab82cb8d5631e16d51478c90079cc1d463
-
Specifies the value of the client's HMAC SHA1 hashing key
- 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04
-
Specifies the value of the client's 3DES encryption key
If you use an AES encryption key in your installation, change wanboot-3des to wanboot-aes to display the encryption key value.
Install the keys on the client system.
ok set-security-key wanboot-hmac-sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 ok set-security-key wanboot-3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 |
The previous commands perform the following tasks.
-
Installs the HMAC SHA1 hashing key with a value of b482aaab82cb8d5631e16d51478c90079cc1d463 on the client
-
Installs the 3DES encryption key with a value of 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 on the client
If you use an AES encryption key in your installation, change wanboot-3des to wanboot-aes.
Continuing the WAN Boot Installation
After you install keys on your client, you are ready to install the client over the WAN. For instructions, see Installing the Client.
See Also
For more information about how to display key values, see the man page wanbootutil(1M).
- © 2010, Oracle Corporation and/or its affiliates