Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
241242243244245246247248249250
Product Specifications
HP-UX IPSec Transforms
Appendix A10
Authentication Algorithms
The authentication algorithms described in this section provide
authentication values for IPsec Authentication Header (AH) and for
authenticated ESP. The algorithms are based on shared key hash
functions.
AH-MD5
Hashed Message Authentication Code (HMAC) using the RSA Message
Digest-5 algorithm. (128 bit message digest encrypted with a 128 bit
key.)
AH-SHA1
HMAC using the Secure Hash Algorithm-l. (160 bit digest encrypted
with 160 bit key.)
Encryption Algorithms
These algorithms are used to encrypt the IP payload for an IPsec
Encapsulating Security Payload (ESP). The ESP encryption algorithms
provide confidentiality (encryption) and are used with an authentication
algorithm. ESP uses the authentication algorithm to compute an
Integrity Check Value (ICV) that authenticates the ESP header and IP
data. The ICV does not authenticate the original IP header unless
tunnelling is used.
NOTE Linux FreeSwan
Linux FreeSwan does not support DES encryption. If you are configuring
an HP-UX IPSec system to interoperate with a Linux FreeSwan system,
you can use 3DES encryption or AES encryption with the appropriate
FreeSwan cryptography algorithm patch.
ESP-DES-HMAC-MD5
ESP using Data Encryption Standard Cipher Block Chaining
(DES-CBC) Mode encryption with a 56 bit key and HMAC-MD5 to
generate an Integrity Check Value (ICV) for authentication.