If you are entering keys manually, the keying material should be random. The format for keying material is hexadecimal.
If your site has a random number generator, use that generator. Otherwise, you can use the od command with the /dev/random Solaris device as input. For more information, see the od(1) man page.
Generate random numbers in hexadecimal format.
% od -x|-X -A n file |
Displays the octal dump in hexadecimal format. Hexadecimal format is useful for keying material. The hexadecimal is printed in 4-character chunks.
Displays the octal dump in hexadecimal format. The hexadecimal is printed in 8-character chunks.
Removes the input offset base from the display.
Serves as a source for random numbers.
For example, the following commands print hexadecimal numbers.
% od -X -A n /dev/random | head -2 d54d1536 4a3e0352 0faf93bd 24fd6cad 8ecc2670 f3447465 20db0b0c c83f5a4b % od -x -A n /dev/random | head -2 34ce 56b2 8b1b 3677 9231 42e9 80b0 c673 2f74 2817 8026 df68 12f4 905a db3d ef27 |
Combine the output to create a key of the appropriate length.
Remove the spaces between the numbers on one line to create a 32-character key. A 32-character key is 128 bits. For a security parameter index (SPI), you can use an 8-character key.