System Administration Guide: IP Services
Previous Next

ipsecalgs Command

The Solaris cryptographic framework provides authentication and encryption algorithms to IPsec. You use the ipsecalgs command to query and modify the list of protocols and the list of algorithms that IPsec supports. The ipsecalgs command stores this information in tabular format in the IPsec protocols and algorithms file, /etc/inet/ipsecalgs. This file must never be edited manually.

The valid IPsec protocols and algorithms are described by the ISAKMP domain of interpretation (DOI), which is covered by RFC 2407. In a general sense, a DOI defines data formats, network traffic exchange types, and conventions for naming security-relevant information. Security policies, cryptographic algorithms, and cryptographic modes are examples of security-relevant information.

Specifically, the ISAKMP DOI defines the naming and numbering conventions for the valid IPsec algorithms and for their protocols, PROTO_IPSEC_AH and PROTO_IPSEC_ESP. Each algorithm is associated with exactly one protocol. These ISAKMP DOI definitions are in the /etc/inet/ipsecalgs file. The algorithm and protocol numbers are defined by the Internet Assigned Numbers Authority (IANA). The ipsecalgs command makes the list of algorithms for IPsec extensible.

For more information on the algorithms, refer to the ipsecalgs(1M) man page. For more information on the Solaris cryptographic framework, see Chapter 12, Solaris Cryptographic Framework (Overview), in System Administration Guide: Security Services.

Previous Next