Quick-Start Guide ----------------- This is a quick-start guide for SKIP. It covers installing the SKIP binaries and setting up IP-level encryption between two hosts. These instructions assume that only one network interface is active on your machine. For complete documentation, please refer to the contents of the doc directory and the SKIP man pages. 1. Install the binaries: zcat skip.tar.tar | (cd /usr; tar -xvf -) sh /usr/skip/install.skip 2. Configure a secret/certificate pair. If you wish to use certificates from a trusted Certificate Authority, please see the SKIP Installation and User's Guide for instructions. Otherwise, generate a secret and dhpublic certificate locally by issuing the command: skiplocal keygen 3. Add skip to your network interface skipif -a 4. Reboot the machine. 5. Enable SKIP and configure IP encryption with one other host: PATH=$PATH:/usr/skip/bin; export PATH skiphost -a default # default IP traffic is unencrypted skiplocal export # prints the skiphost command others need # to run to talk to us skiplocal export | mail Friend@remote.host Friend@remote.host should issue these commands as well. Once the corresponding mail is received, verify out-of-band (say, over the telephone) that the received mail matches the mail which was sent. Then execute the received skiphost command. skiphost -o on # enable SKIP Is it working? -------------- At this point encryption should be enabled with the remote host. Traffic will be exchanged with all other hosts in the clear. Ping the other host to make sure things are working: ping host View the key manager log file to see if the the certificate exchange and the shared secret computation succeeded: tail /var/log/skip.log If you have tcpdump, etherfind, snoop, or some other packet dumping utility, you can verify that encrypted packets are using protocol 57. Examining the Local SKIP Configuration -------------------------------------- skiphost # list the SKIP access control entries skiplocal list # list the set of local identities skipdb list # list the certificates in our database skipca list # list the Certificate Authorities we trust SKIP configuration files are stored in the /etc/skip directory. Nomadic and Network encryption ------------------------------ If you are encrypting to a network through an intermediate SKIP system see the "Network Encryption" section of the advanced.TOPICS file. If you are configuring an intermediate system which will talk to hosts with dynamic IP addresses, See the "Nomadic Support" section of the advanced.TOPICS file.