man pages section 4: File Formats

Exit Print View

Updated: July 2014
 
 

ike.preshared(4)

Name

ike.preshared - pre-shared keys file for IKE

Synopsis

/etc/inet/secret/ike.preshared

Description

The /etc/inet/secret/ike.preshared file contains secret keying material that two IKE instances can use to authenticate each other. Because of the sensitive nature of this data, it is kept in the /etc/inet/secret directory, which is only accessible by root.

Pre-shared keys are delimited by open-curly-brace ({) and close-curly-brace (}) characters. There are five name-value pairs required inside a pre-shared key:

Name
Value
Example
localidtype
IP
localidtype IP
remoteidtype
IP
remoteidtype IP
localid
IP-address
localid 10.1.1.2
Subnet/Prefix
localid 10.1.1.0/24
remoteid
IP-address
remoteid 10.1.1.3
Subnet/Prefix
remoteid 10.1.1.0/24
key
hex-string
1234567890abcdef
hex-string
1234567890abcdef
hex-string
0x1234567890abcdef
ASCII-string
"This is my preshared key"

Comment lines with # appearing in the first column are also legal.

An ASCII-string can consist of any valid ASCII character except for NEWLINE. A backslash (\) is considered an escape character when it precedes a double quote or itself. Otherwise a backslash is taken literally.

Files in this format can also be used by the ikeadm(1M) command to load additional pre-shared keys into a running an in.iked(1M) process.

Examples

Example 1 A Sample ike.preshared File

The following is an example of an ike.preshared file:

  
#
# Two pre-shared keys between myself, 10.1.1.2, and two remote
# hosts.  Note that names are not allowed for IP addresses.     
#
# A decent hex string can be obtained by performing:
#           od -x </dev/random | head
#

{
    localidtype IP
    localid 10.1.1.2
    remoteidtype IP
    remoteid 10.21.12.4
    key 4b656265207761732068657265210c0a 
}
{
    localidtype IP
    localid 10.1.1.2
    remoteidtype IP
    remoteid 10.21.13.0/24
    key "str!ng 0f my ch01c3"
}

{
   localidtype IP
   localid 10.1.1.2
   remoteidtype IP
   remoteid 10.9.1.25
   key 536f20776572652042696c6c2c2052656e65652c20616e642043687269732e0a
}

Security

If this file is compromised, all IPsec security associations derived from secrets in this file will be compromised as well. The default permissions on ike.preshared are 0600. They should stay this way.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/core-os

See also

od(1), ikeadm(1M), in.iked(1M), ipseckey(1M), attributes(5), random(7D)