HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec Overview
Encapsulating Security Payload (ESP)
Chapter 1 33
Encapsulating Security Payload (ESP)
The IPSec Encapsulating Security Payload (ESP) provides data privacy.
The ESP protocol also defines an authenticated format that provides
data authentication and integrity, with data privacy (described in
“Authenticated ESP” on page 36).
ESP Encryption
ESP takes the data carried by IP, such as a TCP packet, and encrypts it
using an encryption algorithm and cryptographic key. The output is
ciphertext that is difficult to decode without knowing the key. The
receiving IPSec ESP entity uses an associated decryption algorithm and
the same key to extract the original data.
Figure 1-4 Symmetric Key Cryptosystem
The cryptography used by ESP is referred to as symmetric key
cryptography or shared key cryptography because the sender and
receiver must use the same key. In addition, the key must only be known
by the sender and receiver, so this class of cryptography is sometimes
referred to as secret key cryptography.
HP-UX IPSec supports the following encryption algorithms for ESP:
• DES-CBC (Data Encryption Standard Cipher Block Chaining Mode,
56-bit key length)
• 3DES-CBC (Triple-DES CBC, three encryption iterations, each with
a different 56-bit key)
• AES128-CBC (Advanced Encryption Standard CBC, 128-bit key
length)
Plaintext
Shared Cryptographic Key
Encryption
Ciphertext
Decryption
Host B
Host A
Plaintext