My Oracle Support Banner

Why ipseckeys dump displays encryption keys different from those saved in the file? (Doc ID 1471495.1)

Last updated on OCTOBER 13, 2019

Applies to:

Solaris Operating System - Version 10 9/10 U9 and later
Information in this document applies to any platform.

Goal

I wish to understand why ipseckeys dump displays encryption keys different from those saved in the file.

Snippet: of /etc/inet/secret/ipseckeys and ipsec dump

cat /etc/inet/secret/ipseckeys


# from us to mainframe
#                 9996
add esp spi 0x0000270C \
    src xx.xx.xx.xx \
    dst xx.xx.xx.xx \
    encr_alg 3des \
    auth_alg md5 \
    encrkey 0xdeb862ad2646d288889bb876378f24346b331103790a6888 \
    authkey 0x4bcb619379dd3dfd5ff127ebed9f3675

 

ipseckey> dump
Base message (version 2) type DUMP, SA type ESP.
Message length 168 bytes, seq=1, pid=29617.
SA: SADB_ASSOC spi=0x270c, replay window size=0, state=MATURE
SA: Authentication algorithm = hmac-md5
SA: Encryption algorithm = 3des-cbc
SA: flags=0x8000 < X_OUTBOUND >
SRC: Source address (proto=0/<unspecified>)
.......

.........
AKY: Authentication key.
AKY: 4bcb619379dd3dfd5ff127ebed9f3675/128
EKY: Encryption key.
EKY: dfb962ad2646d389899bb976378f25346b321002790b6889/192
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.