Oracle Solaris 11.3 provides client support for Key Management Interoperability Protocol (KMIP) version 1.1. KMIP clients can communicate with KMIP-compliant servers such as the Oracle Key Vault (OKV). PKCS #11 client applications can communicate with KMIP-compliant servers to create and use asymmetric keys. See Chapter 5, “KMIP and PKCS #11 Client Applications” in Managing Encryption and Certificates in Oracle Solaris 11.3.
Oracle Solaris provides two multifactor authentication (MFA) technologies: smart cards and one-time passwords (OTP).
- Smart cards require the user to insert a provisioned smart card that carries an X.509 certificate into a smart card reader. The user’s PIN allows access after the user has authenticated to the Oracle Solaris server with her UNIX password. See Chapter 10, “Using Smart Cards for Multifactor Authentication in Oracle Solaris” in Managing Kerberos and Other Authentication Services in Oracle Solaris 11.3.
- OTPs are displayed on a user’s mobile authenticator. The OTP expires after 30 seconds, so attackers cannot use it to access the system. OTPs are stacked after the UNIX login, so users who are configured to use OTP must authenticate themselves to the server first, then type the OTP from their mobile authenticators. See Chapter 11, “Using One-Time Passwords for Multifactor Authentication in Oracle Solaris” in Managing Kerberos and Other Authentication Services in Oracle Solaris 11.3.
Elliptic Curve Cryptography (ECC) is available in OpenSSL.