HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec Overview
Authentication Header (AH)
Chapter 1 29
Authentication Header (AH)
The IPSec Authentication Header (AH) provides integrity and
authentication but no privacy--the IP data is not encrypted. The AH
contains an authentication value based on a symmetric-key hash
function.
Symmetric key hash functions are a type of cryptographic hash
function that take the data and a key as input to generate an
authentication value. Cryptographic hash functions are usually one-way
functions, so that starting with a hash output value, it is difficult to
create an input value that would generate the same output value. This
makes it difficult for a third party to intercept a message and replace it
with a new message that would generate the same authentication value.
Symmetric key hash functions are also known as shared key hash
functions because the sender and receiver must use the same
(symmetric) key for the hash functions. In addition, the key must only be
known by the sender and receiver, so this class of hash functions is
sometimes referred to as secret key hash functions.
In the example below, the sender uses the plaintext and shared secret
key to calculate an authentication value and sends the authentication
value with the plaintext. The recipient computes its own authentication
value using the same shared secret key and the plaintext. The recipient
then compares the result with the transmitted authentication value. If