Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
31323334353637383940
HP-UX IPSec Overview
Encapsulating Security Payload (ESP)
Chapter 136
ESP with Authentication and Encryption
The ESP encryption algorithms by themselves not provide
authentication or guarantee data integrity, so you should use ESP
encryption with an authentication and data integrity service. There are
two ways to do this:
use the authenticated ESP format
nest ESP within AH (nested ESP in AH)
Authenticated ESP
With authenticated ESP, IPSec encrypts the payload using one
symmetric key, then calculates an authentication value for the encrypted
data using a second symmetric key and the HMAC-SHA1 or HMAC-MD5
algorithm. The ESP authentication value is appended to the end of the
packet. The recipient computes its own authentication value for the
encrypted data using the second symmetric key and the same algorithm.
The recipient compares the result with the transmitted authentication
value. If the values match, the recipient then decrypts the encrypted
portion of the packet with the first symmetric key and extracts the
original data.
Figure 1-7 Authenticated ESP