SRX

 View Only
last person joined: 17 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  IPSEC

    Posted 06-19-2017 02:49

    would someone please explain what is meant by: preshared key is a key for encryption and decryption ??????????

    the standard is pre-shared key is used for authentication not encryption ?Untitled1.png



  • 2.  RE: IPSEC
    Best Answer

    Posted 06-19-2017 02:54

    The preshared key is used as a seed for the encryption of the data over the IPSEC tunnel and the decryption of that data at the other end.  Without this seed on both sides the data is not readable.

     

    The process is outlined in rfc 6617.

     

    https://tools.ietf.org/html/rfc6617



  • 3.  RE: IPSEC

    Posted 06-19-2017 03:04

    i have read in IETF that SKEYID-A is used as a seed to derive the SKEYID-E key or it has another meaning ??



  • 4.  RE: IPSEC

    Posted 06-19-2017 14:57

    I don't understand your comment so forgive me if this is off track.

     

    Section 8 in the rfc outlines the math process for the exchange.

     

    the preshared key is exchaged off line and manually added to both gateway nodes.  During the negociation process as outlined the gateways verfify they both have the same value for the preshared key. and complete the tunnel setup process.

     

    The reason for this method is to have a value for the encryption that never hits the wire and thus is never able to be seen by a third party.

     

    Another alternative for this effect is to install matching certificates on the gateway instead.