System Administration Guide, Volume 3

Manual Keying Program

You use the ipseckey(1M) command to manually manipulate the security association databases with the ipsecah(7P) and ipsecesp(7P) network security services. You can also use the ipseckey command to set up security associations between communicating parties when automated key management is not available.

While the ipseckey command has only a limited number of general options, it supports a rich command language. You can specify that requests should be delivered by means of a programmatic interface specific for manual keying. See the pf_key(7P) man page for additional information. When you invoke ipseckey with no arguments, it enters an interactive mode that displays a prompt enabling you to make entries. Some commands require an explicit security association (SA) type, while others permit you to specify the SA type and act on all SA types.

Security Considerations

The ipseckey command handles sensitive cryptographic keying information. It enables a privileged user to enter cryptographic keying information. If an adversary gains access to this information, the adversary can compromise the security of IPsec traffic. You should take the following issues into account when using the ipseckey command:

  1. Is the TTY going over a network (interactive mode)?

    • If it is, then the security of the keying material is the security of the network path for this TTY's traffic. You should avoid using ipseckey(1M) over a clear-text telnet or rlogin session.

    • Even local windows might be vulnerable to attacks by a concealed program that reads window events.

  2. Is the file accessed over the network or readable to the world (-f option)?

    • An adversary can read a network-mounted file as it is being read. You should avoid using a world-readable file with keying material in it.

    • If your source address is a host that can be looked up over the network, and your naming system is compromised, then any names used are no longer trustworthy.

Security weaknesses often lie in misapplication of tools, not the tools themselves. You should be cautious when using ipseckey. Use a console for the safest mode of operation, or other hard-connected TTY.