Quick-Start Guide
-----------------

This is a quick-start guide for SKIP.  It covers installing the SKIP
binaries and setting up IP-level encryption between two hosts.

These instructions assume that only one network interface is active
on your machine.

For complete documentation, please refer to the contents of the
doc directory and the SKIP man pages.


1.  Install the binaries:

	zcat skip.tar.tar | (cd /usr; tar -xvf -)
	sh /usr/skip/install.skip

2.  Configure a secret/certificate pair.

    If you wish to use certificates from a trusted Certificate Authority,
    please see the SKIP Installation and User's Guide for instructions.

    Otherwise, generate a secret and dhpublic certificate locally by
    issuing the command:

	skiplocal keygen

3.  Add skip to your network interface

	skipif -a

4.  Reboot the machine.

5.  Enable SKIP and configure IP encryption with one other host:

	PATH=$PATH:/usr/skip/bin; export PATH

	skiphost -a default	# default IP traffic is unencrypted

	skiplocal export	# prints the skiphost command others need
				# to run to talk to us

	skiplocal export | mail Friend@remote.host

     Friend@remote.host should issue these commands as well.  Once the
     corresponding mail is received, verify out-of-band (say, over the
     telephone) that the received mail matches the mail which was sent.
     Then execute the received skiphost command.

	skiphost -o on		# enable SKIP


Is it working?
--------------

At this point encryption should be enabled with the remote host.
Traffic will be exchanged with all other hosts in the clear.

Ping the other host to make sure things are working:

	ping host

View the key manager log file to see if the the certificate
exchange and the shared secret computation succeeded:

	tail /var/log/skip.log

If you have tcpdump, etherfind, snoop, or some other packet dumping
utility, you can verify that encrypted packets are using protocol 57.


Examining the Local SKIP Configuration
--------------------------------------

	skiphost	   # list the SKIP access control entries
	skiplocal list	   # list the set of local identities
	skipdb list	   # list the certificates in our database
	skipca list	   # list the Certificate Authorities we trust

	SKIP configuration files are stored in the /etc/skip directory.

Nomadic and Network encryption
------------------------------
If you are encrypting to a network through an intermediate SKIP system see
the "Network Encryption" section of the advanced.TOPICS file.  If you are
configuring an intermediate system which will talk to hosts with dynamic
IP addresses, See the "Nomadic Support" section of the advanced.TOPICS file.

