INET6(4) BSD Programmer's Manual INET6(4)NAMEpfkeys - Key management database entry file format
DESCRIPTION
The pfkeys file is used primarily as an input into key(8). It is a file
containing security association information. There is one security asso-
ciation entry per line, and it has the following format:
[type] [spi] [src] [dst] [transform] [key] <iv>
where:
[type] Type of security association. Can either be ah or esp.
[spi] Security parameters index. An unsigned 32-bit decimal inte-
ger value.
[src]
[dst] Source and destination addresses. Can either be names,
IPv4, or IPv6 addresses. Both most be of the same type
(i.e. cannot have IPv4 has source, and IPv6 as destina-
tion.).
[transform] Type of algorithm used. For esp the only available value
currently is ``des-cbc'' , for ah the only available value
currently is ``md5''.
[key] The key used. An unsigned variable-length hexadecimal inte-
ger value. (Although for ah with md5, it is usually 16
bytes, and for esp with DES, it is usually 8 bytes.)
[iv] Optional initialization vector. Currently used for esp with
DES. An unsigned 32-bit or 64-bit integer.
EXAMPLE ENTRIES
# Sample pfkeys file. Note that like most files of this sort, the
# '#' character is a comment.
ah 2112 ::1 ::1 md5 9876543210abcdef0123456789abcdef
esp 5150 eddie alex des-cbc abcdef0123456789 deadbeef
ah 90125 10.0.2.7 10.0.2.1 md5 abcdef98765432100123456789fedcba
FILES
/etc/pfkeys Ideally, the pfkeys file resides in /etc.
SEE ALSOipsec(4), pfkey(8)HISTORY
The pfkeys file first appeared in NRL's 4.4BSD IPv6 networking distribu-
tion.
The IPv6 extensions were written by Ran Atkinson, Dan McDonald, Craig
Metz, and Bao Phan of the U. S. Naval Research Laboratory.
NRL-IPv6 October 1, 1995 1