Preshared Keys Files
The /etc/inet/secret directory contains the preshared keys for ISAKMP SAs and IPsec SAs. When you create preshared keys manually, the ike.preshared file contains the preshared keys for ISAKMP SAs, and the ipseckeys file contains the preshared keys for IPsec SAs. The secret directory is protected at 0700. The files in the secret directory are protected at 0600.
-
You create an ike.preshared file when you configure the ike/config file to require preshared keys. You enter keying material for ISAKMP SAs, that is, for IKE authentication, in the ike.preshared file. Because the preshared keys are used to authenticate the Phase 1 exchange, the file must be valid before the in.iked daemon starts.
-
The ipseckeys file contains keying material for IPsec SAs. See How to Manually Create IPsec Security Associations for examples of manually managing the file. The IKE daemon does not use this file. The keying material that IKE generates for IPsec SAs is stored in the kernel.
Note –
Preshared keys cannot take advantage of hardware storage. Preshared keys are generated and stored on the system.
- © 2010, Oracle Corporation and/or its affiliates