OpenSolaris

1. Community: OS/Net (ON)
   1. Blogs
   2. Development Process
   3. Developer's Reference
      1. Introduction
      2. Prerequisites
      3. The Source Tree, part 1
      4. The Source Tree, part 2
      5. Building OpenSolaris
      6. Installing and Testing OpenSolaris
      7. Integration Procedure
      8. Best Practices and Requirements
      9. Glossary
   4. Discussions
   5. Installation (from source) Quickstart
      1. Annotated nightly(1) Mail Example
   6. Currently Known Issues
   7. CRT
      1. Advocates & Sponsors
      2. Becoming a CRT Advocate
      3. Charter
      4. RTI nits to avoid
      5. Sponsor Tasks
      6. Becoming a Sponsor
   8. Schedule
   9. ONNV Flag Days, Heads Ups, and Project Integration History
      1. All
      2. Builds 91-95
      3. Builds 86-90
      4. Builds 81-85
      5. Builds 76-80
      6. Builds 71-75
      7. Builds 66-70
      8. Builds 61-65
      9. Builds 56-60
      10. Builds 51-55
      11. Builds 46-50
      12. Builds 41-45
      13. Builds 36-40
      14. Builds 31-35
      15. Builds 26-30
      16. Builds 21-25
   10. Leaders
   11. Observers
   12. Putback Logs
   13. Developing Solaris
       1. Quality Death Spiral
   14. wx
   15. findunref and unreferenced files
   16. Bourne/Korn Shell Coding Conventions

Heads Up: Data Encryption Kit (SUNWcry) Removal

Date: Fri, 29 Feb 2008 18:38:12 -0800 (PST)
From: Valerie Bubb Fenwick <Valerie.Fenwick at sun dot com>
To: on-all at sun dot com, onnv-gate at onnv dot sfbay dot sun dot com
Subject: Heads Up: Data Encryption Kit (SUNWcry) Removal

Executive summary:

Do NOT install SUNWcry[r] (aka the Data Encryption Kit) onto
any S10U4 or snv_85+ build.

Details:

The putback for:
6498066 PSARC/2006/610 Data Encryption Kit (SUNWcry) Removal

has obsoleted the Data Encryption Kit [1].  The stronger crypto
that was previously contained in those packages is now contained
in the core operating system.  The old module names, like
aes256 and pkcs11_softtoken_extra.so.1, will no longer exist,
as those bits have folded into the base module names, like
aes and pkcs11_softtoken.so.1.

This is not a removal of functionality, but a removal
of a nuisance - SUNWcry and SUNWcryr.

At this point in time, there is no need for the extra
media for the Data Encryption Kit. Installing these
packages from old media will cause a downgrade of your
cryptographic system and may lead to panics in the future.

For the record, Solaris 10 update 4 and forward also already
contains strong crypto, so installing the Data Encryption
Kit on those systems will also cause problems.

Unless you are using Solaris 10 Update 3 or older, like
Solaris 9, do not manually install those packages.

You must use bfu corresponding to this integration in
order for the correct things to happen on your system.
You must followup bfu by running acr.

This bfu will do the wrong thing if you try to use it
with older archives. Please use a bfu corresponding to
the archives you are installing.

[1] This does not get rid of the need for the Release
Engineering crypto dock.  That dock will still be
required for the delivery of the SUNWn2cpact.v package.

If you have any questions, feel free to contact us
at crypto-discuss at opensolaris dot org

Valerie
-- 
Valerie Fenwick, http://blogs.sun.com/bubbva
Solaris Security Technologies,  Developer, Sun Microsystems, Inc.
17 Network Circle, Menlo Park, CA, 94025. 650-786-0461