HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec Overview
Authentication Header (AH)
Chapter 130
the values match, the recipient is assured that the sender knows the
same secret key, confirming the identity of the sender. The recipient is
also assured that the data was not altered during transit.
Figure 1-1 Symmetric Key Authentication
HP-UX IPSec supports the following algorithms for AH:
• HMAC-SHA1 (Hashed Message Authentication Code-Secure Hash
Algorithm 1, 128-bit key)
• HMAC-MD5 (HMAC-Message Digest 5, 160-bit key)
Transport and Tunnel Modes
The IPSec headers (AH and ESP) can be used in transport mode or
tunnel mode.
Transport Mode
In transport mode, IPSec inserts the AH header after the IP header. The
IP data and header are used to calculate the AH authentication value.
Mutable fields in the IP header (fields that need to change in transit),
such as “hop count,” and “time to live,” are assigned a zero value before
IPSec calculates the authentication value, so the actual value of the
mutable fields are not authenticated.
Plaintext
hash
authentication
value
authentication
value
Plaintext
Plaintext
Shared Key
authentication
value
hash
(compare)
Shared Key
Host A
Host B