IPsec uses two types of algorithms, authentication and encryption. The authentication algorithms and the DES encryption algorithms are part of core Solaris installation. If you plan to use other algorithms that are supported for IPsec, you must install the Solaris Encryption Kit, which is provided on a separate CD.
Authentication algorithms produce an integrity checksum value or digest that is based on the data and a key. The authentication algorithm man pages describe the size of both the digest and key. The following table lists the authentication algorithms that are supported in the Solaris operating environment. The table also lists the format of the algorithms when they are used as security options to the IPsec utilities and their man page names.
Table 19–1 Supported Authentication Algorithms
Algorithm Name |
Security Option Format |
Man Page |
---|---|---|
HMAC-MD5 |
md5, hmac-md5 | |
HMAC-SHA-1 |
sha, sha1, hmac-sha, hmac-sha1 |
Encryption algorithms encrypt data with a key. The algorithms operate on data in units of a block size. The encryption algorithm man pages describe the size of both the block size and the key size. By default, the DES-CBC and 3DES-CBC algorithms are installed. You must install the Solaris Encryption Kit to make the AES and Blowfish algorithms available to IPsec. The kit is available on a separate CD that is not part of the Solaris 9 installation box. The Encryption Kit Installation Guide describes how to install the Solaris Encryption Kit.
The following table lists the encryption algorithms that are supported in the Solaris operating environment. The table also lists the format of the algorithms when they are used as security options to the IPsec utilities, their man page names, and the package that contains them.
Table 19–2 Supported Encryption Algorithms
Algorithm Name |
Security Option Format |
Man Page |
Package |
---|---|---|---|
DES-CBC |
des, des-cbc |
SUNWcsr, SUNWcarx.u |
|
3DES–CBC or Triple-DES |
3des, 3des-cbc |
SUNWcsr, SUNWcarx.u |
|
blowfish, blowfish-cbc |
SUNWcryr, SUNWcryrx |
||
AES-CBC |
aes, aes-cbc |
SUNWcryr, SUNWcryrx |