HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

Figure 2 Shared key hash function

Hash

Algorithm

Hash

Algorithm

Data

System A System B

Authentication

Value (HMAC)

Data

Authentication

Value (HMAC)

Key

HMAC’

Does

derived HMAC’=

received HMAC?

Integrity OK

Yes

Integrity

Bad

(Reject)

Key

Data

ESP processing

On the sender (System A), the ESP module processes the outbound packet as follows:

1. The ESP module encrypts the IP payload using the encryption key (KeyE.

2. The ESP module collates an authentication value (the HMAC), for the encrypted payload using

the authentication key (KeyA) and appends the authentication value to the packet.

On the remote system (System B), the recipient ESP module processes the inbound ESP packet as

follows:

1. The recipient ESP module calculates its own authentication value for the encrypted payload

using its copy of the authentication key (KeyA).

2. The recipient ESP compares its authentication value with the transmitted authentication value

(the HMAC). If the values match, the recipient then uses its copy of the encryption key (KeyE)

to decrypt the encrypted portion of the packet and extract the original payload.

34 HP-UX IPSec overview