Hello Kings, My understanding is that, the RSA keys exchanged using Digital Signatures are used for both authenticating the peers to one another , and for encrypting the nonces used in the IKE exchange.
1. The public keys of the peers are used to encrypt each other's nonces during IKE exchange. The respective private keys were used to decrypt this information . 2. The private keys of the peers are used to sign some stuff during exchange so that they can be authenticated. The respective public keys of the peers were used to verify the authenticity of the sender. Now, if we we generate "general-purpose" keys, there will be only 1 public key and 1 private key, which will be used for both steps 1 and 2. However, in order to make things more secure, we can generate "usage" keys, the ENCRYPTION keys will be used for 1, and the AUTHENTICATION(signature) keys will be used for step 2. I'm not sure if this is correct, but this is what i could make of it. Please feel free to correct me , if i've got this wrong. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
