Manualshelf

Using Microsoft Certificates with HP-UX IPSec A.02.01

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
24252627282930313233
Glossary
CA Certificate Authority. A trusted third party that authenticates users and issues security
certificates. In addition to establishing trust in the binding between a users public key and
other security-related information in a certificate, the CA digitally signs the certificate information
using its private key.
CRL Certificate Revocation List. A list of certificates that have been revoked (made invalid) by a CA.
A CA administrator may want to revoke a certificate if a key value is compromised.
CSR Certificate Signing Request. Data sent from a client to a Certificate Authority (CA) to request
a security certificate.
IKE The Internet Key Exchange (IKE) protocol is used before the ESP or AH protocol exchanges to
determine which encryption and/or authentication services will be used. IKE also manages the
distribution and update of the symmetric (shared) encryption keys used by ESP and AH.
IKE
authentication
The method used by IKE peers to authenticate each party's identity. HP-UX IPSec supports two
IKE authentication methods: preshared keys and RSA signatures using certificates.
RSA (Rivest, Shamir, and Adelman) Public/private key cryptosystem that can be used for privacy
(encryption) and authentication (signatures). For encryption, system A can send data encrypted
with system B's public key. Only system B's private key can decrypt the data. For authentication,
system A sends data with a signature - a digest or hash encrypted with system A's private key.
To verify, system B uses system A's public key to decrypt the signature and compare the
decrypted hash or digest to the digest or hash that it computes for the message.
RSA Signatures A method used in IKE authentication to verify the identity of the peer system using security
certificates and public/private key cryptography.
SA See Security Association. A secure communication channel and its parameters, such as encryption
and authentication method, keys and lifetime..
SHA1 (Secure Hash Algorithm-1). Authentication algorithm that generates a 160-bit message digest
using a 160-bit key.
33