Encryption Kit Installation Guide

This document includes the following sections:

• Broken Link (Target ID: CD-2)

• Broken Link (Target ID: CD-3)

• Broken Link (Target ID: CD-4)

• Broken Link (Target ID: CD-5)

• Broken Link (Target ID: CD-9)

About Encryption

The Solaris^TM Encryption Kit contains encryption algorithms. The Encryption Kit contains kernel modules which implement various forms of encryption for IPsec and Kerberos. The kit also contains utilities for encrypting files from the command line, and libraries with functions that are called by application programs for encryption.

The Encryption Kit includes the following algorithms:

• AES (128, 192, and 256-bit key lengths) for IPsec

• Blowfish (32 to 448-bit key lengths, in 8-bit increments) for IPsec

• Kerberos mechanisms for GSS-API, which provide privacy (encryption) of user data

The Encryption Kit also replaces the default encryption libraries in the Solaris operating environment. After you install the Encryption Kit, commands that use encryption access the encryption libraries that were installed by the Encryption Kit. For example, the vi, ed, and makekey commands use encryption.

Regulations on the export of encryption software are subject to change. For current information, please follow the links to Export Information at http://www.sun.com/solaris/binaries.

Before You Begin

The Encryption Kit installs on two types of hardware, or platforms—SPARC^TM and IA. The information in this document pertains to both platforms unless called out in a special example.

The Encryption Kit installation requires a Solaris system with a CD-ROM device. In all cases, you must insert the Encryption Kit disc into the CD-ROM drive before you begin the install procedure.

This document covers:

• Installing the Encryption Kit CD on a local system

• Installing the Encryption Kit CD from a remote system that has a CD-ROM drive

Local Installation

This procedure describes how to install the Encryption Kit on a Solaris system with a local CD-ROM drive.

To Install on a Local System Using the pkgadd Command

1. Insert the CD into the CD-ROM drive.
2. Become superuser or assume an equivalent role:

   % su
   Password:  Type superuser password
   #

3. As superuser or in an equivalent role, add the packages in the Encryption Kit.

   • SPARC: Use the following pkgadd command:

     # pkgadd -d /cdrom/solaris_9_crypt_sparc/Encryption_9/sparc/Packages
       The following packages are available:
       1  SUNWcrman     Encryption Kit On-Line Manual Pages
                        7.0,REV=1
       2  SUNWcry       Crypt Utilities
                        (sparc) 11.9.0,REV=2002.04.06.15.27
       3  SUNWcry64     Prototype package for Crypt Library (64-bit)
                        (sparc) 11.9.0,REV=2002.04.06.15.27
       4  SUNWcryr      Solaris Root Crypto
                        (sparc) 11.9.0,REV=2002.04.06.15.27
       5  SUNWcryrx     Solaris Root Crypto (64-bit)
                        (sparc) 11.9.0,REV=2002.04.06.15.27
       6  SUNWk5ok.u    sun4u optimized, kernel Krb5 plug-in 
                              w/auth+privacy (32-bit)
                        (sparc) 11.9.0,REV=2002.04.06.15.27
       7  SUNWk5okx.u   sun4u optimized, kernel Krb5 plug-in 
                              w/auth+privacy (64-bit)
                        (sparc) 11.9.0,REV=2002.04.06.15.27
       8  SUNWk5pk      kernel Kerberos V5 plug-in w/auth+privacy (32-bit)
                        (sparc) 11.9.0,REV=2002.04.06.15.27
       9  SUNWk5pkx     kernel Kerberos V5 plug-in w/auth+privacy (64-bit)
                        (sparc) 11.9.0,REV=2002.04.06.15.27
      10  SUNWk5pu      user Kerberos V5 gss mechanism w/auth+privacy (32-bit)
                        (sparc) 11.9.0,REV=2002.04.06.15.27
      11  SUNWk5pux     user Kerberos V5 gss mechanism w/auth+privacy (64-bit)
                        (sparc) 11.9.0,REV=2002.04.06.15.27
      
     Select package(s) you wish to process (or 'all' to process
     all packages). (default: all) [?,??,q]: all

     ---

     Note - In your terminal window, the package descriptions of SUNWk5ok.u and SUNWk5okx.u occupy two lines. The preceding sample display uses three lines.

     ---

   • IA: Use the following pkgadd command:

     # pkgadd -d /cdrom/solaris_9_1202_crypt_ia/Encryption_9/i386/Packages
       The following packages are available:
       1  SUNWcrman     Encryption Kit On-Line Manual Pages
                        7.0,REV=1
       3  SUNWcry       utilities for software encryption and decryption
                        (i386) 11.9.0,REV=2002.04.06.13.11
       4  SUNWcryr      Solaris kernel root software encryption and decryption
                        (i386) 11.9.0,REV=2002.04.06.13.11
       5  SUNWk5pk      kernel Kerberos V5 plug-in w/auth+privacy (32-bit)
                        (i386) 11.9.0,REV=2002.04.06.13.11
       6  SUNWk5pu      user Kerberos V5 gss mechanism w/auth+privacy (32-bit)
                        (i386) 11.9.0,REV=2002.04.06.13.11
      
     Select package(s) you wish to process (or 'all' to process
     all packages). (default: all) [?,??,q]: all

Remote Installation

If the system on which you want to install the Encryption Kit does not have a CD-ROM drive, you can mount the CD-ROM drive of a remote system.

The remote system must be running the Solaris operating environment.

To Install From a Remote System

1. On the remote system, insert the CD into the CD-ROM drive.
2. Become superuser or assume an equivalent role:

   % su
   Password:  Type superuser password
   #

3. Determine whether the nfsd and mountd daemons are running:

   # ps -ef | grep mountd
   root  2426   497  0 10:26:30 pts/4    0:00 grep mountd
   
   # ps -ef | grep nfsd
   root  2428   497  0 10:27:50 pts/4    0:00 grep nfsd

   If the daemons are running, the system returns more lines than the grep command:

   root  2426   497  0 10:26:30 pts/4    0:00 grep mountd
   root  1810     1  0   Apr 30 ?        0:14 /usr/lib/nfs/mountd 
   root  2427   497  0 10:27:50 pts/4    0:00 grep nfsd
   root  1812     1  0   Apr 30 ?        6:19 /usr/lib/nfs/nfsd

   • If the daemons are not running, start the daemons by typing:

     # /usr/lib/nfs/nfsd -a 8
     # /usr/lib/nfs/mountd

     Repeat the ps -ef | grep daemon commands to confirm that the daemons are running.

   • If the mount daemons are running, go to Broken Link (Target ID: CD-SHARE-5).

4. Share the CD-ROM:

   # share -F nfs -o ro cdpath

   • SPARC: Use /cdrom/solaris_9_crypt_sparc for cdpath

   • IA: Use /cdrom/solaris_9_1202_crypt_ia for cdpath

5. On the system where you plan to install the Encryption Kit, become superuser or assume an equivalent role:

   % su
   Password: Type superuser password
   # 

6. Mount the remote CD-ROM drive:

   # mkdir cdpath
   # mount -F nfs cd-host:cdpath cdpath

   • SPARC: Use /cdrom/solaris_9_crypt_sparc for cdpath

   • IA: Use /cdrom/solaris_9_1202_crypt_ia for cdpath

7. Install the Encryption Kit as described in Broken Link (Target ID: CD-PKGADD-1) of Broken Link (Target ID: CD-4).

How to Get Help

If you have problems when you install the Solaris Encryption Kit, call your service representative.

Be prepared to give the dispatcher the following information about your system:

• Model number

• Serial number

• Encryption Kit release number

• SunOS^TM release number

• To find the SunOS release number, use the uname command with the -r option:

  % uname -r
  5.9