SunScreen SKIP, Release 1.5.1, Release Notes

SunScreen SKIP, Release 1.5.1 Release Notes

This document contains information that was not available when the SunScreenTM SKIP User's Guide, Release 1.5.1, was printed. These release notes are the companion to that manual.

This document contains the following information:

What is New in This Release

SunScreen SKIP 1.5.1 contains support for the SolarisTM 8 operating environment and is functionally identical to SKIP 1.5.

Features in SunScreen SKIP 1.5.1

This information is included for customers who are upgrading from older releases of SunScreen SKIP. All this information applies to SunScreenTMSKIP 1.5.1 is the upgrade for SunScreenTM SKIP 1.1.1 and SunScreenTM SKIP 1.5. The following is a list of the features for SunScreenTM SKIP 1.5.

ATM Limitation in SunScreen SKIP 1.5.1

SunScreen Skip 1.5.1 does not support ATM interfaces.

Fixed in SunScreen SKIP 1.5.1

The following problem is fixed in this release:

Features Removed from SunScreen SKIP 1.5.1

The following features were removed from SunScreen SKIP 1.5.1:

Command Changes in SunScreen SKIP 1.5.1

No commands have changed for the SunScreen SKIP 1.5.1. Table 1-1shows the changes in commands between SunScreen SKIP1.1.1 and SunScreen SKIP 1.5.

Table 1-1 Command Changes between SunScreen Skip 1.1.1 and SunScreen Skip 1.5

Command 

New Option 

Old Option 

Description 

skiplocal

-a

add

-T slottype -t certtype -n nsid -Z secret-file -c cert-file

Adds local identity to trusted CA database. 

 

-r

rm

[-v] -s slot-number

Deletes the Local ID in specified slot number. 

 

-l

list

[-vV] [-s slot-number]

Lists the local IDs present on the system. 

 

-i

init

[-qo]

Initializes Local ID database. Creates the database if one does not exist. The -o option forcibly reinitializes and destroys all current identities in the database.

 

-e

extract

-s slot-number

Writes certificate that is in specified slot number to standard output. 

 

-k

keygen

[-m modulus] [-E exponent] [-L lifetime] [-pV]

Generates new secret key and UDH certificate. 

 

-x

export

[-s slot] [-n nsid]

Displays a skiphost command line that can be used to add ACL entry on remote system for the local host. 

 

-P

passwd

no options... 

Allows you to assign or change the password used to encrypt locally stored secrets. 

 

-R

rmpasswd

no options... 

Allows you to remove the password that is used to encrypt locally stored secrets. 

skipdb

-a 

add 

-t cert-tye -n nsid -d filename

Adds certificates to the certificate database. 

 

-r 

rm 

[-H handle] -n nsid -k keyid

Deletes certificates from the certificate database. 

 

-l 

list 

[-vVL] [-n nsid -k keyid]

Lists certificates in the certificate database. 

 

-i 

init 

no options... 

Initializes certificate database. If the database already exists, the contents will be deleted. 

 

-e 

extract 

[-H handle] -n nsid -k keyid

Extracts certificate to standard output. 

skipca

-a

add

-c ca-file

Adds certificates to the trusted CA database. 

 

-r

rm

[-s ca-slot]

Deletes CA certificates. 

 

-l

list

[-vVxL] [-s ca-slot]

Lists certificates in the trusted CA database. 

 

-i

init

[qo]

Initializes the trusted CA database. Creates the database if one does not exist. The -o option forcibly reinitializes and destroys all current certificates in the database.

 

-e

extract

[-s ca-slot]

Extracts CA certificate to standard output. 

 

-R

revoke

-s ca-slot -S serial-number

Revokes specific CA certificates. 

 

-U

unrevoke

-s ca-slot -S serial-number

Extracts certificate to standard output. 

For complete information, see the man pages for these commands.


Note -

You can no longer list network interface statistics using the skipstat -i command. The new command for this is skiphost -h.


SKIP Manuals on Product CD

This release contains HTML and PDF version of the SunScreen SKIP User's Guide, Release 1.5.1, at the following locations:

Upgrading to SunScreen SKIP 1.5.1

If you are upgrading from an earlier release of SKIP to SKIP 1.5 or SKIP 1.5.1, you cannot use an acl.interface_name file from the earlier version because it contains incorrect commands.

Encryption Strengths and Export Information

Encryption is 56 bits and offers a 128-bit SKIP upgrade to increase the encryption strength. This product is subject to the following export and import restrictions.

Export and Import Laws

This product is subject to United States export laws and may be subject to export and import laws of other countries. Customers will strictly comply with all such laws and obtain licenses to export, re-export, or import as may be required. Unless authorized by the United States Government, Customers will not, directly or indirectly, export or re-export products or services, nor direct products therefrom, to Afghanistan, Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, Syria, or to any embargoed or restricted country identified in the United States export laws, including but not limited to the Export Administration Regulations (15 C.F.R. Parts 730-774).

In addition, the 128-bit version of this product may only be exported or re-exported to individuals, commercial firms, and non-government end users unless otherwise authorized by the United States Government.

Customers must not be identified on any United States Government export exclusion lists. Customers will not use this product for nuclear, missile, chemical-biological weaponry, or other weapons of mass destruction.