HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

3DES (Triple-DES) uses three independent 56-bit keys. The data is encrypted three times, using the

three keys.

AES with HP-UX IPSec supports 128-bit, 192-bit, and 256-bit keys. AES encryption is stronger than

that of 3DES. In addition, processing speed is faster with AES.

HMAC-SHA1 generates a 160-bit message digest and uses a 160-bit shared secret key to encrypt

the digest.

the digest.

Hashed Message Authentication Code (HMAC) using the RSA Message Digest-5 algorithm. (128

bit message digest encrypted with a 128 bit key.)

AH-SHA1

HMAC using the Secure Hash Algorithm-l. (160 bit digest encrypted with 160 bit key.)

These algorithms are used to encrypt the IP payload for an IPsec Encapsulating Security Payload

(ESP). The ESP encryption algorithms provide confidentiality (encryption) and are used with an

authentication algorithm. ESP uses the authentication algorithm to compute an Integrity Check

Value (ICV) that authenticates the ESP header and IP data. The ICV does not authenticate the

original IP header unless tunnelling is used.

ESP using Advanced Encryption Standard encryption with a 128-bit key (AES128) and HMAC-MD5

to generate an ICV.

Authenticated ESP using AES128 encryption and HMAC-SHA1 to generate an ICV.

ESP header and trailer, but nothing is encrypted. ESP generates an ICV using HMAC-MD5.