Operation Manual
Data Encryption
NetWAYS/ISDN – 3 Remote Access with NetWAYS/ISDN 33
Data Encryption
Data packets can be sent in encrypted form to protect them
against unauthorized access during transmission.
Encryption is performed at the PPP level in accordance with
the RFC standards. Because data compression is also per-
formed at this level, the data can be first compressed and
then encrypted.
Encryption is performed using the Twofish algorithm, a sym-
metrical or “secret key” encryption technique. Symmetrical
encryption means that the same key is used to encrypt and
to decrypt the data. Only the sender and the receiver know
the key.
This random key, with a key length between 128 and
256 bits, is generated on connection set-up by the sender.
The key must then be sent to the receiver. Because it must
remain secret, the key itself is encrypted for transmission to
the receiver. Encryption of the key is performed by the crypt
provider service. The crypt provider “AVM Crypt Services for
NetWAYS/ISDN” is installed by NetWAYS/ISDN Setup. Cer-
tain preparatory steps must be carried out before this service
can be started. Detailed instructions can be found in the
NetWAYS/ISDN Online Help.
The default crypt provider can be replaced by another ser-
vice, such as a smart card, PIN, biometric or other system.
The Crypt Provider API is the interface between such services
and NetWAYS/ISDN. New encryption keys are generated and
sent to the remote site each time a connection is established
for data communication.
A detailed description of the Crypt Provider API is available
from the AVM Data Call Center (ADC): \NETWORKS\
NETWAYS\UTIL\API\AVMNWAPI\CRYPTAPI.DOC.
netways-e.book Seite 33 Freitag, 28. November 2003 3:51 15