ppp.Keys.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ppp.Keys(4) ppp.Keys(4)

NAME

ppp.Keys - PPP encryption keys ﬁle format

RESTRICTIONS

Encryption is not available in software exported from the USA. The HP

pppd command does not support

the

gw-crypt option; customers may contact sales@progressive-systems.com

to obtain encryp-

tion functionality.

DESCRIPTION

The keys ﬁle named in the

gw-crypt

option on the pppd command line contains key values used by HP

PPP’s implementation of link-level encryption. Before transmission, packets with source and destination

addresses matching the endpoints on a keys ﬁle line are encrypted using DES with the key speciﬁed on

that keys ﬁle line. Upon reception, packets with source and destination addresses matching those on a

keys ﬁle line are decrypted using DES with the key speciﬁed on that keys ﬁle line.

Format

Each key speciﬁcation is on its own single line of up to 1023 characters. Comments in the keys ﬁle begin

with a "#" and extend to the end of the line; blank lines, or lines beginning with a "#", are ignored. Fields

are separated by horizontal white space (blanks or tabs).

The ﬁrst two words on a key line are compared with the source and destination addresses of each packet

to be transmitted and each received packet. The endpoint address speciﬁcations may contain either host

or network names, or host or network addresses. If a network is speciﬁed, either by name or by address,

then the corresponding network mask must also be speciﬁed if it is of a different size than the default for

that class of network. The mask is separated from the network name or address by a slash (

/), and may

be speciﬁed either as a series of decimal numbers separated by periods, or as a single 32-bit hexadecimal

number, optionally with a C-style

0x preﬁx.

The remainder of the key line is a 56 bit (14 digit) hexadecimal number (without the C-style

0x preﬁx),

used as the DES key between the speciﬁed pair of hosts or networks. The digits may be separated by hor-

izontal white space for readability. If the key contains fewer or more than 14 hexadecimal digits, the line

is ignored. If the key is weak or semi-weak, a warning message will be printed in the log ﬁle and the

speciﬁed key will be used for encryption anyway.

EXAMPLES

The following keys ﬁle provides

pppd with keys for use when encrypting or decrypting trafﬁc between the

indicated pairs of hosts or networks:

# Keys - PPP encryption keys file

# Format:

#endpoint endpoint key

frobozz.foo.com glitznorf.baz.edu feed face f00d aa

147.225.0.0 38.145.211.0/0xffffffc0 b1ff a c001 d00d 1

128.49.16.0/0xffffff00 198.137.240.100 0123456789abcd

193.124.250.136 143.231.1.0/0xffffff00 e1c3870e1c3870

RECOMMENDATIONS

Avoid using weak or semi-weak keys. These are weak DES keys:

00000000000000

FFFFFFFFFFFFFF

1E3C78F1E3C78F

E1C3870E1C3870

These are semi-weak DES keys:

01FC07F01FC07F

FE03F80FE03F80

1FC07F00FE03F8

E03F80FF01FC07

01C007001E0078

E003800F003C00

1FFC7FF0FFC3FF

FE3FF8FFE1FF87

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
ppp.Keys(4) ppp.Keys(4) NAME ppp.Keys - PPP encryption keys file format RESTRICTIONS Encryption is not available in software exported from the USA. The HP pppd command does not support the gw-crypt option; customers may contact sales@progressive-systems.com to obtain encryption functionality. DESCRIPTION The keys file named in the gw-crypt option on the pppd command line contains key values used by HP PPP’s implementation of link-level encryption.
PAGE 2
ppp.Keys(4) ppp.Keys(4) 003C00F001C007 1E007800E00380 E1FF87FF1FFC7F FFC3FF0FFE3FF8 SECURITY CONCERNS The keys file should be mode 600 or 400, and owned by root. Packets’ IP headers are not encrypted, though their TCP, UDP, or ICMP headers are encrypted along with the user data portion. This allows encrypted packets to traverse normal internetworks, but permits snoopers to analyze traffic by its endpoints.