DSNlink NE (No Encryption) Version 3.0 for Tru64 UNIX Readme First 27-December-2000 Dear Customer, This letter contains a brief description of DSNlink NE Version 3.0 for Tru64[TM] UNIX. It also lists the DSNlink files and explains what to do after you copy the kit to your system. These are the topics in this letter: 1.0 About DSNlink NE Version 3.0 for Tru64 UNIX 2.0 File Names and Descriptions 3.0 After You Copy the Files DSNlink NE Version 3.0 for Tru64 UNIX (where "NE" means no en- cryption), is a special kit for customers who cannot install DSNlink Version 3.0, which encrypts all communications. Although DSNlink NE Version 3.0 does not encrypt communications or con- tain encryption software, it does have all other new features and bug fixes that are in DSNlink Version 3.0. Customers who want DSNlink Version 3.0, which encrypts communi- cations, can order a copy on CD-ROM. Contact your local Compaq office to place the order. The part number for DSNlink Version 3.0 (with encryption) is as follows: QA-6FRAB-H8 - DSNlink Version 3.0 for Tru64 UNIX 1 Improved Authentication When either your system or the Compaq host initiates a con- nection, the systems first perform authentication. The goal of the process is for the customer and host systems to verify their identities to each other before establishing a communi- cation connection. The systems must successfully authenticate themselves before messages are exchanged. Authentication has been enhanced with the addition of stronger, hash-based message authentication code (HMAC) functions. During the authentication process, DSNlink NE Version 3.0 combines a message with your authentication key and processes the result with industry-standard secure hash functions to generate a hash-based message authentication code (HMAC) for the digital signature. The HMAC algorithm follows RFC 2104 guidelines. 1 The HMAC functions in DSNlink NE Version 3.0 are: o MD5_V3 uses the MD5 cryptographic hash function to produce a 128-bit signature. o RMD160 uses the cryptographic hash function RIPEMD-160 to produce a 160-bit signature. o SHA1 uses the cryptographic hash function SHA-1 to produce a 160-bit signature. o SR160 uses both of the RIPEMD-160 and SHA-1 cryptographic hash functions to produce a 160-bit signature. The advantage of this method is that an adversary would have to break both the SHA-1 and RIPEMD-160 functions to break the signature. This is the default authentication method. The older MD5 authentication method, which produces a 128-bit signature, was used in earlier versions of DSNlink. Your system will use MD5 if the host system is running DSNlink Version 2.2 instead of Version 3.0. This method does not follow RFC 2104 guidelines and is not as secure as the HMAC methods mentioned above. 1.1 New Authentication Key Previously, DSNlink used only MD5 to authenticate all connec- tions. Both your system and the Compaq host had identical MD5 keys. In DSNlink NE Version 3.0, a key that is compatible with the HMAC functions is required for authentication. It is a single key for the MD5, SHA-1, and RIPEMD authentication methods. It has this location and file name format: /usr/lib/dsn/keys/HMAC-DIGITAL-access_number If you install DSNlink NE Version 3.0 on a system with an ear- lier version of DSNlink, the installation renames the existing MD5-DIGITAL-access_number keys to HMAC-DIGITAL-access_number. The contents of the MD5 key are not changed, just the file name. If you install DSNlink NE Version 3.0 on a system without an earlier version of DSNlink, the installation prompts you for the authentication key. You can use the DSNlink authentication key from another of your DSNlink systems. If you have no previous versions of DSNlink, Compaq provides an authentication key for you to enter at the installation prompt for a key. 2 If new or existing customers request an authentication key, the HMAC key they receive is 16 characters longer than the MD5 keys. Customers are encouraged to request the key because it is harder for an adversary to break. For more information, contact Compaq. 2 File Names and Descriptions Table 1 lists the files for DSNlink NE Version 3.0. Note that text, PDF, and PostScript documentation files are included in the DSNANE300.tar file. Therefore, you do not have to copy the documentation files from the docs directory unless you want the HTML files that appear only in this CD-ROM kit. Make sure your system has enough free disk space before copying the files. The kit takes about 22 MB. ________________________________________________________________ Table 1: File Names ________________________________________________________________ File Name Description ________________________________________________________________ DSNANE300.tar DSNlink NE Version 3.0 for Tru64 UNIX kit dsna300_iguide.pdf DSNlink V3.0 Installation Guide dsna300_iguide.txt dsna300_iguide.html[1] dsnane300_readme.pdf This Readme letter dsnane300_readme.txt dsnane300_readme.html dsna300_relnotes.pdf DSNlink V3.0 Release Notes dsna300_relnotes.txt dsna300_relnotes.html[2] dsna300_servtooldes.pdf DSNlink V3.0 Service Tool Descrip- dsna300_servtooldes.txt tion dsna300_servtooldes.html dsna300_quickrefcard_ DSNlink V3.0 Quick Reference Card 8x11.ps (8.5 x 11-inch paper) dsna300_quickrefcard_ a4.ps (A4 paper size) ________________________________________________________________ [1]The HTML version has muliple files with the format dsna300_ iguide_*.html, where the * is a an identifier such as 001 or index. Copy all the files that begin with dsna300_iguide. [2]The HTML version has muliple files with the format dsna300_ relnotes_*.html, where the * is a an identifier such as 001 or contents. Copy all the files that begin with dsna300_relnotes. 3 ________________________________________________________________ Table 1: (Cont.) File Names ________________________________________________________________ File Name Description ________________________________________________________________ dsna300_users_guide.ps DSNlink V3.0 User's Guide for the dsna300_users_guide.pdf Motif Interface ________________________________________________________________ 3 After You Copy the Files, Follow These Instructions 1. Become root and create a kit area on your disk by making a kit directory and extracting the kit archive. For example: # mkdir kit # cd kit # tar xvf ../DSNANE300.tar . . . 2. Print or display the DSNlink Version 3.0 for Tru64 UNIX Installation Guide. These are the file names: dsna300_iguide.pdf - display with Adobe Acrobat dsna300_iguide.txt - a text file dsna300_iguide.ps - a PostScript file 3. Before you begin the installation, be sure to deinstall any previous DSNlink subsets on your system. The subsets you must remove are listed in the Deinstalling DSNlink Kits section of the DSNlink Version 3.0 for Tru64 UNIX Installation Guide. 4. Install DSNlink using setld. Refer to the instructions in the installation guide. 5. Complete the appropriate postinstallation tasks as described in the installation guide. Thank you for using DSNlink! For further assistance, please contact your Customer Support Center. DSNlink Program Office Compaq Customer Support Center _________ © 1989, 2000 Compaq Computer Corporation. Compaq and the Compaq logo Registered in U.S. Patent and Trade- mark Office. Tru64 is a trademark of Compaq Information Tech- nologies Group, L.P. in the United States and other countries. 4 Motif and UNIX are trademarks of The Open Group. All other prod- uct names mentioned herein may be trademarks of their respective companies. Compaq shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for Compaq products are set forth in the express limited warranty statement accom- panying such products. Nothing herein should be construed as constituting an additional warranty. 5 [EOB]