test

SunScreen SKIP User's Guide, Release 1.1

Installation Procedure

Before installing SunScreen SKIP, Release 1.1, be sure that you have the CD-ROM for the base software and any encryption upgrade CD-ROMs or diskettes to which you are entitled.

For the new user, this chapter tells about

  1. Installing SunScreen SKIP. ("Installing the Software")

  2. Generating and installing an Unsigned Diffie-Hellman (UDH) key pair, if you are using UDH. ("Installing SKIP Unsigned Diffie-Hellman (UDH) Certificates")

  3. Installing SunScreen SKIP on your network interface. ("Installing Your Network Interface")

  4. Rebooting your system. ("Rebooting Your System")

  5. Protecting your locally stored secrets with a passphrase. ("Activating Your Passphrase")

For the user who is upgrading from any version of SKIP for Solaris to this release, this chapter tells about

  1. Upgrading to SunScreen SKIP. ("Upgrading From Earlier Versions of SKIP for Solaris")

    • Removing any old version of SKIP for Solaris

    • Preserving or removing previous configurations

    • Installing SunScreen SKIP

  2. Generating and installing an Unsigned Diffie-Hellman (UDH) key pair. ("Installing SKIP Unsigned Diffie-Hellman (UDH) Certificates")

  3. Installing SunScreen SKIP on your network interface. ("Installing Your Network Interface")

  4. Rebooting your system. ("Rebooting Your System")

  5. Protecting your locally stored secrets with a passphrase. ("Activating Your Passphrase" )

Installing the Software for the First Time

This section provides instructions for installing SunScreen SKIP on Solaris for SPARC Platforms, Versions 2.4, 2.5, or 2.5.1 and Solaris for the Intel Platform.

To install and run the software, you must be able to become root on your local system and know the IP address of the machine on which SKIP is to be installed. Ask your systems administrator for the IP address of your machine. To install the software for the first time or if you are installing it without saving the configurations, follow these steps:

  1. Open a terminal window and become root.

  2. Mount the CD-ROM through the file manager by typing


    volcheck
    Note -

    If you are not using vold on your system, type

    # mount -F hsfs -oro /dev/dsk/c0t6d0s0 /mnt

    The device name or the mount point or both depends on your local system configuration.

  3. Go to the directory on the CD-ROM for your OS. (The examples assume a machine with only one CD-ROM.)

    Solaris for the SPARC Platform:


    cd /cdrom/cdrom0/sparc

    Solaris for the Intel Platform:


    cd /cdrom/cdrom0/x86
    Note -

    If you have mounted the CD-ROM manually, replace /cdrom/cdrom0 with /mnt.

  4. Type the standard Solaris operating system pkgadd command to add all packages: 


    pkgadd  -d `pwd`

  5. You will be prompted with the following menu of packages to install. 


     1 SICGbdcdr	SKIP Bulk Data Crypt 1.1-FCS Software
 	(sparc) 1.1-FCS
 2 SICGcrc2	SKIP RC2 Crypto Module 1.1-FCS Software
 	(sparc) 1.1-FCS
 3 SICGcrc4 	SKIP RC4 Crypto Module 1.1-FCS Software
 	(sparc) 1.1-FCS
 4 SICGes	SKIP End System 1.1-FCS Software
 	(sparc) 1.1-FCS
 5 SICGkeymg	SKIP Key Manager Tools 1.1-FCS Software
 	(sparc) 1.1-FCS
 6 SICGkisup	SKIP I-Support module 1.1-FCS Software
 	(sparc) 1.1-FCS
 Select package(s) you wish to process (or 'all' to process all
packages). (default: all) [?,??,q]:

    Select a (all). As the prompts appear, answer questions with Y (yes) followed with a <Return> if you wish to add the package.

  6. When you get back to the same menu of packages, type q followed by a <Return> to quit pkgadd.

  7. To eject the CD-ROM from the CD-ROM drive, type 


    cd / eject cdrom0

    or eject the CD-ROM from the CD-ROM drive through the file manager.

    Note -

    If you are not using vold on your system, unmount your CD-ROM by typing

    # cd /

    # umount/mnt

    # eject cdrom0

  8. To add /opt/SUNWicg/bin to your PATH variable in the Bourne shell, type


    PATH=/opt/SUNWicg/bin:$PATH
export PATH

  9. To add /opt/SUNWicg/man to your MANPATH variable in the Bourne shell, type


    MANPATH=/opt/SUNWicg/man:$MANPATH
export MANPATH

  10. It will be helpful to add /opt/SUNWicg/bin to the PATH variable in your initialization file (such as: .profile, .cshrc, or .login file), and /opt/SUNWicg/man to the MANPATH variable in the same file.

    Now you are ready to generate and install SKIP Unsigned Diffie-Hellman (UDH) certificates (Section "Installing SKIP Unsigned Diffie-Hellman (UDH) Certificates") or to install SunCA certificates (Chapter 2) and to install SunScreen SKIP on your network interface (Section "Installing Your Network Interface"). After you have completed these two procedures, you must reboot your system (Section "Rebooting Your System").

    You may use SKIP Unsigned Diffie-Hellman certificates and SunCA keys and certificates at the same time on SunScreen SKIP.

Upgrading From Earlier Versions of SKIP for Solaris

Removing the Earlier Versions of the Software

To remove any version of SKIP for Solaris, become root and use the pkginfo and pkgrm packages shown in the following steps.

  1. Type


    pkginfo | grep SICG

    to list the SKIP packages that were installed:


     
 1 SICGbdcdr	SKIP Bulk Data Crypt 1.0.3-FCS Software
 	(sparc) 1.0.3-FCS
 2 SICGcrc2	SKIP RC2 Crypto Module 1.0.3-FCS Software
 	(sparc) 1.0.3-FCS
 3 SICGcrc4	SKIP RC4 Crypto Module 1.0.3-FCS Software
 	(sparc) 1.0.3-FCS
 4 SICGes	SKIP End System 1.0.3-FCS Software
 	(sparc) 1.0.3-FCS
 5 SICGkeymg	SKIP Key Manager Tools 1.0.3-FCS Software
 	(sparc) 1.0.3-FCS
 6 SICGkisup	SKIP I-Support module 1.0.3-FCS Software
 	(sparc) 1.0.3-FCS

  2. Type


    pkgrm SIGbdcdr SICGcrc2 SICGcrc4 SICGes SICGkeymg SICGisup

    and answer Y (yes) to questions that the pkgrm program asks. The pkgrm program ends with the statement:


    Removal of <SICGkisup> was successful.
    Note -

    This is valid only for this example. If moduli of other sizes were used, then the last package remove would be different.

  3. To remove the "/etc/opt/SUNWicg/skip" directory and any configurations that were installed, type


    rm -rf /etc/opt/SUNWicg/skip
    Caution - Caution -

    If you want to preserve previous configurations (access control list [ACL] files, certificates, and the key manager configuration file), do not remove the /etc/opt/SUNWicg/skip directory.

  4. To reboot the machine, type


    init 6

Installing the Software

Become root on your local system and then follow these steps:

  1. Open a terminal window and become root.

  2. Mount the CD-ROM through the file manager or by typing


     volcheck
    Note -

    If you are not using vold on your system, type

    # mount -F hsfs -oro /dev/dsk/c0t6d0s0/mnt

    The device name or the mount point or both depends on your local system configuration.

  3. Go to the directory on the CD-ROM for your OS:

    Solaris for the SPARC Platform:


    cd /cdrom/cdrom0/sparc

    Solaris for the Intel Platform:


    cd /cdrom/cdrom0/x86
    Note -

    If you have mounted the CD-ROM manually, replace /cdrom/cdrom0 with /mnt.

  4. To use the standard Solaris operating system pkgadd command to add all packages, type 


    pkgadd  -d `pwd`

  5. You will be prompted with the following menu of packages to install.


     1 SICGbdcdr	SKIP Bulk Data Crypt 1.1-FCS Software
 	(sparc) 1.1-FCS
 2 SICGcrc2	SKIP RC2 Crypto Module 1.1-FCS Software
 	(sparc) 1.1-FCS
 3 SICGcrc4 	SKIP RC4 Crypto Module 1.1-FCS Software
 	(sparc) 1.1-FCS
 4 SICGes	SKIP End System 1.1-FCS Software
 	(sparc) 1.1-FCS
 5 SICGkeymg	SKIP Key Manager Tools 1.1-FCS Software
 	(sparc) 1.1-FCS
 6 SICGkisup	SKIP I-Support module 1.1-FCS Software
 	(sparc) 1.1-FCS
Select package(s) you wish to process (or 'all' to process all
packages). (default: all) [?,??,q]:

    Select a (all) or the number of the package. As the prompts appear, answer questions with Y (yes) followed with a <Return>, if you wish to add the package.

    When you get back to the same menu of packages, type q followed by a <Return> to quit pkgadd.

  6. When you get back to the same menu of packages, type q to quit.

  7. To eject the CD-ROM from the CD-ROM drive, type


    cd /
eject cdrom0
eject cdrom0

    or eject the CD-ROM through the file manager.

    Note -

    If you are not using vold on your system, unmount your CD-ROM by typing

    # cd /

    # umount/mnt

    # eject cdrom0

    Now you are ready to generate and install SKIP Unsigned Diffie-Hellman (UDH) certificates if you are going to use SKIP UDH certificates.

    You may use SKIP UDH certificates and SunCA keys and certificates at the same time on SunScreen SKIP.

    You are also ready to install SunScreen SKIP on any new or different network interface, if you need to. Generate and install the SKIP UDH certificates (Section "Installing SKIP Unsigned Diffie-Hellman (UDH) Certificates") and install SunScreen SKIP on the network interface (Section "Installing Your Network Interface") before you reboot your system.

    Note -

    If you are going to use the same keys and certificates and network interface that you used in SKIP for Solaris, Release 1.0, you only need to reboot your system according to the instructions in "Rebooting Your System". This is only true if you did not remove the /etc/opt/SUNWicg/skip directory.