Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Security Services Oracle Solaris 10 8/11 Information Library |
1. Security Services (Overview)
Authentication With Encryption
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Controlling Access to Devices (Tasks)
5. Using the Basic Audit Reporting Tool (Tasks)
6. Controlling Access to Files (Tasks)
7. Using the Automated Security Enhancement Tool (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
Part IV Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Oracle Solaris Secure Shell (Tasks)
20. Oracle Solaris Secure Shell (Reference)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Oracle Solaris Auditing
28. Oracle Solaris Auditing (Overview)
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
Cryptography is the science of encrypting and decrypting data. Cryptography is used to insure integrity, privacy, and authenticity. Integrity means that the data has not been altered. Privacy means that the data is not readable by others. Authenticity for data means that what was delivered is what was sent. User authentication means that the user has supplied one or more proofs of identity. Authentication mechanisms mathematically verify the source of the data or the proof of identity. Encryption mechanisms scramble data so that the data is not readable by a casual observer. Cryptographic services provide authentication and encryption mechanisms to applications and users.
Cryptographic algorithms use hashing, chaining, and other mathematical techniques to create ciphers that are difficult to break. Authentication mechanisms require that the sender and the receiver compute an identical number from the data. Encryption mechanisms rely on the sender and the receiver sharing information about the method of encryption. This information enables only the receiver and the sender to decrypt the message. Oracle Solaris provides a centralized cryptographic framework, and provides encryption mechanisms that are tied to particular applications.
Oracle Solaris Cryptographic Framework – A central framework of cryptographic services for kernel-level and user-level consumers that is based on the following standard: RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki). Uses include passwords, IPsec, and third-party applications. The framework centralizes hardware and software sources for encryption. The PKCS #11 library provides an API for third-party developers to plug in the cryptographic requirements for their applications. See Chapter 13, Oracle Solaris Cryptographic Framework (Overview).
Encryption mechanisms per application –
For the use of DES in Secure RPC, see Overview of Secure RPC.
For the use of DES, 3DES, AES, and ARCFOUR in the Kerberos service, see Chapter 21, Introduction to the Kerberos Service.
For the use of RSA, DSA, and ciphers such as Blowfish in Secure Shell, see Chapter 19, Using Oracle Solaris Secure Shell (Tasks).
For the use of cryptographic algorithms in passwords, see Changing the Password Algorithm (Task Map).
Starting in the Solaris 10 8/07 release, the Key Management Framework (KMF) provides a central utility for managing public key objects, including policy, keys, and certificates. KMF manages these objects for OpenSSL, NSS, and PKCS #11 public key technologies. See Chapter 15, Oracle Solaris Key Management Framework.