Manualshelf

HP-UX Reference (11i v1 00/12) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals
231232233234235236237238239240
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man4/!!!intro.4
________________________________________________________________
___ ___
p
ppp.Keys(4) ppp.Keys(4)
NAME
ppp.Keys - PPP encryption keys le format
RESTRICTIONS
Encryption is not available in software exported from the USA. The HP’s pppd command does not support
gw-crypt option, customer may contact sales@progressive-systems.com to obtain encryption functional-
ity.
DESCRIPTION
The keys file named in the gw-crypt option on the pppd command line contains key values used by HP
PPP’s implementation of link-level encryption. Before transmission, packets with source and destination
addresses matching the endpoints on a keys file line are encrypted using DES with the key specified on that
keys file line. Upon reception, packets with source and destination addresses matching those on a keys file
line are decrypted using DES with the key specified on that keys file line.
Format
Each key specification is on its own single line of up to 1023 characters. Comments in the keys le begin
with a ‘#’ and extend to the end of the line; blank lines, or lines beginning with a ‘#’, are ignored. Fields are
separated by horizontal white space (blanks or tabs).
The first two words on a key line are compared with the source and destination addresses of each packet to
be transmitted and each received packet. The endpoint address specifications may contain either host or
network names, or host or network addresses. If a network is specified, either by name or by address, then
the corresponding network mask must also be specified if it is of a different size than the default for that
class of network. The mask is separated from the network name or address by a slash (‘/’), and may be
specified either as a series of decimal numbers separated by periods, or as a single 32-bit hexadecimal
number, optionally with a C-style ‘0x’ prefix.
The remainder of the key line is a 56 bit (14 digit) hexadecimal number (without the C-style ‘0x prefix),
used as the DES key between the specified pair of hosts or networks. The digits may be separated by hor-
izontal white space for readability. If the key contains fewer or more than 14 hexadecimal digits, the line is
ignored. If the key is weak or semi-weak, a warning message will be printed in the log file and the
specified key will be used for encryption anyway.
EXAMPLE
The following keys file provides pppd with keys for use when encrypting or decrypting traffic between the
indicated pairs of hosts or networks:
#
# Keys - PPP encryption keys file
#
# Format:
#endpoint endpoint key
frobozz.foo.com glitznorf.baz.edu feed face f00d aa
147.225.0.0 38.145.211.0/0xffffffc0 b1ff a c001 d00d 1
128.49.16.0/0xffffff00 198.137.240.100 0123456789abcd
193.124.250.136 143.231.1.0/0xffffff00 e1c3870e1c3870
RECOMMENDATIONS
Avoid using weak or semi-weak keys. These are weak DES keys:
00000000000000
FFFFFFFFFFFFFF
1E3C78F1E3C78F
E1C3870E1C3870
These are semi-weak DES keys:
01FC07F01FC07F
FE03F80FE03F80
1FC07F00FE03F8
E03F80FF01FC07
01C007001E0078
E003800F003C00
1FFC7FF0FFC3FF
Section 4222 1 HP-UX Release 11i: December 2000
___
___