HP-UX IPSec version A.02.00 Administrator's Guide
Glossary
Preshared Key
Glossary308
configured to create a new ISAKMP/MM SA
for each IPSec/QM negotiation). HP-UX
IPSec does not support PFS for keys only
(the ISAKMP/MM SA is re-used for multiple
IPSec/QM negotiations, with a new
Diffie-Hellman key exchange for each
IPSec/QM negotiation).
Preshared Key An ASCII string agreed
upon by two systems for encryption or
authentication. HP-UX IPSec supports the
use of preshared keys for IKE (Primary)
authentication (authenticating the peer’s
identity when generating the dynamic keys
with Diffie-Hellman).
QM See Quick Mode.
Quick Mode (QM) The second phase
(Phase Two) of IKE negotiations, which
establishes IPSec/QM Security Associations
(SAs).
RSA (Rivest, Shamir, and Adelman)
Public/private key cryptosystem that can be
used for privacy (encryption) and
authentication (signatures). For encryption,
system A can send data encrypted with
system B's public key. Only system B's
private key can decrypt the data. For
authentication, system A sends data with a
signature - a digest or hash encrypted with
system A's private key. To verify, system B
uses system A's public key to decrypt the
signature and compare the decrypted hash
or digest to the digest or hash that it
computes for the message.
RSA Signatures A method used in IKE
authentication to verify the identity of the
peer system using security certificates and
public/private key cryptography.
SHA1 (Secure Hash Algorithm-1).
Authentication algorithm that generates a
160-bit message digest using a 160-bit key.
IPSec truncates the message digest to 96
bits.
Transforms IPSec transforms are portions
of IPSec polices. The transforms define the
action(s) to be taken on the data, such as
passing the data in clear text, discarding the
data, encrypting the data using ESP, or
authenticating the data using AH. They
encapsulate the algorithm information
needed to authenticate, encrypt and
optionally compress packets during data
transfer.
SA See Security Association.
Security Association (SA) A secure
communication channel and its parameters,
such as encryption and authentication
method, keys and lifetime.
Security Certificate See Certificate.
Security Parameters Index (SPI) A
numerical index used to identify a Security
Association (SA) on the receiving system.
Each SPI must be unique on the receiving
system.
SPI See Security Parameters Index.