HP-UX IPSec version A.02.00 Administrator's Guide
Product Specifications
HP-UX IPSec Transforms
Appendix A
285
Encryption Algorithms
These algorithms are used to encrypt the IP payload for an IPSec Encapsulating
Security Payload (ESP). The ESP provides confidentiality (encryption).
In addition, there are authenticated ESP algorithms, which include an encryption
algorithm and an authentication algorithm. The authentication algorithm is used to
compute an Integrity Check Value (ICV) to authenticate the ESP header and IP data.
The ICV does not authenticate the original IP header unless tunnelling is used.
ESP-DES
ESP using Data Encryption Standard Cipher Block Chaining (CBC) Mode encryption,
with a 56 bit key.
Linux FreeSwan Linux FreeSwan does not support DES encryption. If you are
configuring an HP-UX IPSec system to interoperate with a Linux FreeSwan system, you
can use 3DES encryption or AES encryption with the appropriate FreeSwan crypto
algorithm patch.
ESP-DES-HMAC-MD5
Authenticated ESP using DES-CBC encryption and HMAC-MD5 to generate an
Integrity Check Value (ICV) for authentication.
ESP-DES-HMAC-SHA1
Authenticated ESP using DES-CBC encryption and HMAC-SHA1 to generate with an
ICV.
ESP-3DES
ESP using triple DES-CBC encryption (three encryption iterations, each with a different
56-bit key).
ESP-3DES-HMAC-MD5
Authenticated ESP using 3DES-CBC encryption and HMAC-MD5 to generate an ICV.
ESP-3DES-HMAC-SHA1
Authenticated ESP using 3DES-CBC encryption and HMAC-SHA1 to generate an ICV.
ESP-AES128
Authenticated ESP using AES128 encryption.
ESP-AES128-HMAC-MD5
Authenticated ESP using AES128 encryption and HMAC-MD5 to generate an ICV.
ESP-AES128-HMAC-SHA1
Authenticated ESP using AES128 encryption and HMAC-SHA1 to generate an ICV.