Key Management in IPsec
Security associations (SAs) require keying material for authentication and for encryption. The managing of this keying material is called key management.The Internet Key Exchange (IKE) protocol handles key management automatically.You can also manage keys manually with the ipseckey command.
SAs on IPv4 and IPv6 packets can use either method of key management.Unless you have an overriding reason to use manual key management, automatickey management is preferred. For example, to interoperate with systems otherthan Solaris systems might require manual key management.
In the current release, SMF provides the following key management servicesfor IPsec:
svc:/network/ipsec/ike:default service – Is the SMF servicefor automatic key management. The ike service runs the in.iked daemon to provide automatic key management. For a descriptionof IKE, see Chapter21, Internet Key Exchange (Overview). For more information about the in.iked daemon,see the in.iked(1M) manpage. For information about the ike service, see the IKE Service Management Facility.
svc:/network/ipsec/manual-key:default service – Is the SMF service for manual keymanagement. The manual-key service runs the ipseckey commandwith various options to manage keys manually. For a description of the ipseckey command, see Utilities for Key Generation in IPsec. For a detailed description of the ipseckey commandoptions, see the ipseckey(1M) manpage.
