Go to main content

Managing Encryption and Certificates in Oracle® Solaris 11.4

Exit Print View

Updated: May 2021
 
 

Protecting Files With the Cryptographic Framework

This section describes how to generate symmetric keys, how to create checksums for file integrity, and how to protect files from eavesdropping. System users can run the commands described in this section, and developers can write scripts that use them.

To configure your system in FIPS 140-2 mode, you must use FIPS 140-2 validated algorithms, modes, and key lengths. See FIPS 140-2 Algorithms in the Cryptographic Framework in Using a FIPS 140-2 Enabled System in Oracle Solaris 11.4.

The Cryptographic Framework can help you protect your files. The following task map points to procedures for listing the available algorithms, and for protecting your files cryptographically.

Table 3  Protecting Files With the Cryptographic Framework Task Map
Task
Description
For Instructions
Generate a symmetric key.
Generates a key of user-specified length. Optionally, stores the key in a file or in a PKCS #11 keystore.
For FIPS 140-2 approved mode, select a key type, mode, and key length that has been validated for FIPS 140-2. See FIPS 140-2 Algorithms in the Cryptographic Framework in Using a FIPS 140-2 Enabled System in Oracle Solaris 11.4.
Provide a checksum that ensures the integrity of a file.
Verifies that the receiver's copy of a file is identical to the file that was sent.
Protect a file with a message authentication code (MAC).
Verifies to the receiver of your message that you were the sender.
Encrypt a file, and then decrypt the encrypted file.
Protects the content of files by encrypting the file. Provides the encryption parameters to decrypt the file.