ickey(1M)ickey(1M)NAME
ickey - install a client key for WAN boot
SYNOPSIS
/usr/lib/inet/wanboot/ickey [-d] [-o type=3des]
/usr/lib/inet/wanboot/ickey [-d] [-o type=aes]
/usr/lib/inet/wanboot/ickey [-d] [-o type=sha1]
The ickey command is used to install WAN boot keys on a running UNIX system so that they can be used the next time the system is installed.
You can store three different types of keys: 3DES and AES for encryption and an HMAC SHA-1 key for hashed verification.
ickey reads the key from standard input using getpassphrase(3C) so that it does not appear on the command line. When installing keys on a
remote system, you must take proper precautions to ensure that any keying materials are kept confidential. At a minimum, use ssh(1) to pre-
vent interception of data in transit.
Keys are expected to be presented as strings of hexadecimal digits; they can (but need not) be preceeded by a 0x or 0X.
The ickey command has a single option, described below. An argument of the type -o type=keytype is required.
The ickey command the following option.
-d
Delete the key specified by the keytype argument.
On success, ickey exits with status 0; if a problem occurs, a diagnostic message is printed and ickey exits with non-zero status.
/dev/openprom
WAN boot key storage driver
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWwbsup |
+-----------------------------+-----------------------------+
|Interface Stability |Unstable |
+-----------------------------+-----------------------------+
ssh(1), openprom(7D), attributes(5)
7 May 2003 ickey(1M)
Check Out this Related Man Page
wanboot_keygen(1M) System Administration Commands wanboot_keygen(1M)NAME
wanboot_keygen - create and display client and server keys for WAN booting
SYNOPSIS
/usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=3des
/usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=aes
/usr/lib/inet/wanboot/keygen -m
/usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=sha1
/usr/lib/inet/wanboot/keygen -d -m
/usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=keytype
DESCRIPTION
The keygen utility has three purposes:
o Using the -c flag, to generate and store per-client 3DES/AES encryption keys, avoiding any DES weak keys.
o Using the -m flag, to generate and store a "master" HMAC SHA-1 key for WAN install, and to derive from the master key per-client
HMAC SHA-1 hashing keys, in a manner described in RFC 3118, Appendix A.
o Using the -d flag along with either the -c or -m flag to indicate the key repository, to display a key of type specified by key-
type, which must be one of 3des, aes, or sha1.
The net and cid arguments are used to identify a specific client. Both arguments are optional. If the cid option is not provided, the key
being created or displayed will have a per-network scope. If the net option is not provided, then the key will have a global scope. Default
net and code values are used to derive an HMAC SHA-1 key if the values are not provided by the user.
OPTIONS
The following options are supported:
-c Generate and store per-client 3DES/AES encryption keys, avoiding any DES weak keys. Also generates and stores per-client HMAC SHA-1
keys. Used in conjunction with -o.
-d Display a key of type specified by keytype, which must be one of 3des, aes, or sha1. Use -d with -m or with -c and -o.
-m Generate and store a "master" HMAC SHA-1 key for WAN install.
-o Specifies the WANboot client and/or keytype.
EXAMPLES
Example 1 Generate a Master HMAC SHA-1 Key
# keygen -m
Example 2 Generate and Then Display a Client-Specific Master HMAC SHA-1 Key
# keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
# keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
Example 3 Generate and Display a 3DES Key with a Per-Network Scope
# keygen -c -o net=172.16.174.0,type=3des
# keygen -d -o net=172.16.174.0,type=3des
EXIT STATUS
0 Successful operation.
>0 An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWwbsup |
+-----------------------------+-----------------------------+
|Interface Stability |Obsolete |
+-----------------------------+-----------------------------+
SEE ALSO attributes(5)SunOS 5.11 18 Apr 2003 wanboot_keygen(1M)