Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   6284 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

INET6(4)		    BSD Programmer's Manual		      INET6(4)

NAME
     pfkeys - Key management database entry file format

DESCRIPTION
     The pfkeys file is used primarily as an input into key(8).	 It is a file
     containing security association information.  There is one security asso-
     ciation entry per line, and it has the following format:

     [type] [spi] [src] [dst] [transform] [key] <iv>

     where:

     [type]	  Type of security association.	 Can either be ah or esp.

     [spi]	  Security parameters index.  An unsigned 32-bit decimal inte-
		  ger value.

     [src]

     [dst]	  Source and destination addresses.  Can either be names,
		  IPv4, or IPv6 addresses.  Both most be of the same type
		  (i.e. cannot have IPv4 has source, and IPv6 as destina-
		  tion.).

     [transform]  Type of algorithm used.  For esp the only available value
		  currently is ``des-cbc'' , for ah the only available value
		  currently is ``md5''.

     [key]	  The key used.	 An unsigned variable-length hexadecimal inte-
		  ger value.  (Although for ah with md5, it is usually 16
		  bytes, and for esp with DES, it is usually 8 bytes.)

     [iv]	  Optional initialization vector.  Currently used for esp with
		  DES.	An unsigned 32-bit or 64-bit integer.

EXAMPLE ENTRIES
     # Sample pfkeys file.  Note that like most files of this sort, the
     # '#' character is a comment.

     ah	     2112 ::1 ::1	    md5	    9876543210abcdef0123456789abcdef
     esp     5150 eddie alex	    des-cbc abcdef0123456789 deadbeef
     ah	    90125 10.0.2.7 10.0.2.1 md5	    abcdef98765432100123456789fedcba

FILES
     /etc/pfkeys  Ideally, the pfkeys file resides in /etc.

SEE ALSO
     ipsec(4),	pfkey(8)

HISTORY
     The pfkeys file first appeared in NRL's 4.4BSD IPv6 networking distribu-
     tion.

     The IPv6 extensions were written by Ran Atkinson, Dan McDonald, Craig
     Metz, and Bao Phan of the U. S. Naval Research Laboratory.

 NRL-IPv6			October 1, 1995				     1

                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 

Vote for polarhome