SunScreen SKIP 1.5.1 contains support for the SolarisTM 8 operating environment and is functionally identical to SKIP 1.5.
This information is included for customers who are upgrading from older releases of SunScreen SKIP. All this information applies to SunScreenTMSKIP 1.5.1 is the upgrade for SunScreenTM SKIP 1.1.1 and SunScreenTM SKIP 1.5. The following is a list of the features for SunScreenTM SKIP 1.5.
Support for Solaris 8 32-bit and 64-bit modes and IPv4.
Support for Solaris 7 32-bit mode and 64-bit mode has been added.
RC2 Cryptor is currently only available in 32-bit mode.
The product includes numerous bug fixes and enhancements such as the support for an unlimited number of SKIP local identities as well as ACL entries and an improved random number generator.
By unlimited, read "without known intrinsic limit" of the product. SunScreen SKIP 1.5.1 is bound by the resources (CPU, memory) of the system on which it is running.
Support for 4096-bit Diffie-Hellman modulus and new DH primes has been added.
RC-128 cryptor has been developed.
End System and Key Store are packaged separately for easier integration with SunScreen 3.1.
SunScreen Skip 1.5.1 does not support ATM interfaces.
The following problem is fixed in this release:
4297271 skiptool only sees one local certificate, when there are more available.
The following features were removed from SunScreen SKIP 1.5.1:
The manual keying option for encryption/authentication modes has been removed. The ESP/AH option available is not available.
The skiptool Unauthorized System button has been removed.
No commands have changed for the SunScreen SKIP 1.5.1. Table 1-1shows the changes in commands between SunScreen SKIP1.1.1 and SunScreen SKIP 1.5.
Table 1-1 Command Changes between SunScreen Skip 1.1.1 and SunScreen Skip 1.5
Command |
New Option |
Old Option |
Description |
---|---|---|---|
skiplocal |
-a |
add |
-T slottype -t certtype -n nsid -Z secret-file -c cert-file Adds local identity to trusted CA database. |
|
-r |
rm |
[-v] -s slot-number Deletes the Local ID in specified slot number. |
|
-l |
list |
[-vV] [-s slot-number] Lists the local IDs present on the system. |
|
-i |
init |
[-qo] Initializes Local ID database. Creates the database if one does not exist. The -o option forcibly reinitializes and destroys all current identities in the database. |
|
-e |
extract |
-s slot-number Writes certificate that is in specified slot number to standard output. |
|
-k |
keygen |
[-m modulus] [-E exponent] [-L lifetime] [-pV] Generates new secret key and UDH certificate. |
|
-x |
export |
[-s slot] [-n nsid] Displays a skiphost command line that can be used to add ACL entry on remote system for the local host. |
|
-P |
passwd |
no options... Allows you to assign or change the password used to encrypt locally stored secrets. |
|
-R |
rmpasswd |
no options... Allows you to remove the password that is used to encrypt locally stored secrets. |
skipdb |
-a |
add |
-t cert-tye -n nsid -d filename Adds certificates to the certificate database. |
|
-r |
rm |
[-H handle] -n nsid -k keyid Deletes certificates from the certificate database. |
|
-l |
list |
[-vVL] [-n nsid -k keyid] Lists certificates in the certificate database. |
|
-i |
init |
no options... Initializes certificate database. If the database already exists, the contents will be deleted. |
|
-e |
extract |
[-H handle] -n nsid -k keyid Extracts certificate to standard output. |
skipca |
-a |
add |
-c ca-file Adds certificates to the trusted CA database. |
|
-r |
rm |
[-s ca-slot] Deletes CA certificates. |
|
-l |
list |
[-vVxL] [-s ca-slot] Lists certificates in the trusted CA database. |
|
-i |
init |
[qo] Initializes the trusted CA database. Creates the database if one does not exist. The -o option forcibly reinitializes and destroys all current certificates in the database. |
|
-e |
extract |
[-s ca-slot] Extracts CA certificate to standard output. |
|
-R |
revoke |
-s ca-slot -S serial-number Revokes specific CA certificates. |
|
-U |
unrevoke |
-s ca-slot -S serial-number Extracts certificate to standard output. |
For complete information, see the man pages for these commands.
You can no longer list network interface statistics using the skipstat -i command. The new command for this is skiphost -h.