Managing Encryption and Certificates in Oracle® Solaris 11.2

Exit Print View

Updated: September 2014

Protecting Files With the Cryptographic Framework

This section describes how to generate symmetric keys, how to create checksums for file integrity, and how to protect files from eavesdropping. The commands in this section can be run by regular users. Developers can write scripts that use these commands.

To setup your system in FIPS 140 mode, you must use FIPS-validated algorithms, modes, and key lengths. Refer to FIPS 140 Algorithm Lists and Certificate References for Oracle Solaris Systems in Using a FIPS 140 Enabled System in Oracle Solaris 11.2 .

The Cryptographic Framework can help you protect your files. The following task map points to procedures for listing the available algorithms, and for protecting your files cryptographically.

Table 3-1  Protecting Files With the Cryptographic Framework Task Map
For Instructions
Generate a symmetric key.
Generates a key of user-specified length. Optionally, stores the key in a file, a PKCS #11 keystore, or an NSS keystore.
For FIPS 140-approved mode, select a key type, mode, and key length that has been validated for FIPS. See FIPS 140 Algorithms in the Cryptographic Framework in Using a FIPS 140 Enabled System in Oracle Solaris 11.2 .
Provide a checksum that ensures the integrity of a file.
Verifies that the receiver's copy of a file is identical to the file that was sent.
Protect a file with a message authentication code (MAC).
Verifies to the receiver of your message that you were the sender.
Encrypt a file, and then decrypt the encrypted file.
Protects the content of files by encrypting the file. Provides the encryption parameters to decrypt the file.