Reference Guide
33
14
IKEv1/IKEv2 Pre-
shared key
8-64 character pre-
shared key
CO configured
Stored encrypted in
Flash with the KEK.
Zeroized by changing
(updating) the pre-
shared key through
the User interface.
User and module
authentication during
IKEv1/IKEv2
15
skeyid
HMAC-SHA-
1/256/384
(160/256/384 bits)
Established during
IKEv1 negotiation
Stored in plaintext in
volatile memory.
Zeroized when session
is closed.
Key agreement in
IKEv1
16
skeyid_d
HMAC-SHA-
1/256/384
(160/256/384 bits)
Established during
IKEv1 negotiation
Stored in plaintext in
volatile memory.
Zeroized when session
is closed.
Key agreement in
IKEv1
17
IKEv1/IKEv2 session
authentication key
HMAC-SHA-
1/256/384 (160 / 256 /
384 bits)
Established as a result
of IKEv1/IKEv2
service
implementation.
Stored in plaintext in
volatile memory.
Zeroized when session
is closed.
IKEv1/IKEv2 payload
integrity verification
18
IKEv1/IKEv2 session
encryption key
Triple-DES (168
bits/AES (128/196/256
bits)
Established as a result
of IKEv1/IKEv2
service
implementation.
Stored in plaintext in
volatile memory.
Zeroized when session
is closed.
IKEv1/IKEv2 payload
encryption
19
IPSec session
encryption keys
Triple-DES (168 bits /
AES (128/196/256
bits)
Established during the
IPSec service
implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
Secure IPSec traffic
20
IPSec session
authentication keys
HMAC-SHA-1 (160
bits)
Established during the
IPSec service
implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
IPSec traffic
authentication