IPsec uses two types of algorithms, authentication and encryption. The authentication algorithms and the DES encryption algorithms are part of core Solaris installation. If you plan to use other algorithms that are supported for IPsec, you must install the Solaris Encryption Kit. The Solaris Encryption Kit is provided on a separate CD.
Authentication algorithms produce an integrity checksum value or digest that is based on the data and a key. The man pages for authentication algorithms describe the size of both the digest and key. The following table lists the authentication algorithms that are supported in the Solaris operating environment. The table also lists the format of the algorithms when the algorithms are used as security options to the IPsec utilities and their man page names.
Table 1–1 Supported Authentication Algorithms
Algorithm Name |
Security Option Format |
Man Page |
---|---|---|
HMAC-SHA-1 |
Encryption algorithms encrypt data with a key. The algorithms operate on data in units of a block size. The man pages for encryption algorithms describe the block size and the key size for each algorithm. By default, the DES–CBC and 3DES-CBC algorithms are installed.
The AES and Blowfish algorithms are available to IPsec when you install the Solaris Encryption Kit. The kit is available on a separate CD that is not part of the Solaris 9 installation box. The Solaris 9 Encryption Kit Installation Guide describes how to install the Solaris Encryption Kit.
The following table lists the encryption algorithms that are supported in the Solaris operating environment. The table lists the format of the algorithms when the algorithms are used as security options to the IPsec utilities. The table also lists their man page names, and lists the package that contains the algorithm.
Table 1–2 Supported Encryption Algorithms
Algorithm Name |
Security Option Format |
Man Page |
Package |
---|---|---|---|
DES-CBC |
des, des-cbc |
SUNWcsr, SUNWcarx.u |
|
3DES–CBC or Triple-DES |
3des, 3des-cbc |
SUNWcsr, SUNWcarx.u |
|
blowfish, blowfish-cbc |
SUNWcryr, SUNWcryrx |
||
AES-CBC |
aes, aes-cbc |
SUNWcryr, SUNWcryrx |