Okay I'll hit reply all this time, sorry Vybhav :-)
Hi Kings, RSA is used for encryption on IKE Phase 1 when the ISAKMP policy is set to rsa-sig. The initiator takes a hash of a block data and then encrypts it, the other end can then decrypt it and compare the hashes. If exact, the peer is authenticated. When it moves to Phase 2 the encryption algorithm specified in the transform set is used. This encryption algorithm in the transform set will be a form symmetric encryption which is computationally much faster than asymmetric encryption (ie RSA). The overhead of asymmetric is accepted on IKE phase 1 for authentication but for passing traffic asymmetric encryption is too slow so we must symmetric such as 3DES or AES. Asymmetric being more secure, we can generate very strong Key Encyption Keys (KEK's) in the phase 1 tunnel and share them with our peer across the tunnel to raise the security of the symmetric encryption algorithm. "My question is in IOS and ASA, is RSA keys or shared secret used for encryption/decryption." **This depends on what you have set the ISAKMP policy to be. Phase 2 is always symmetric. As for what the signature keys and encryption keys are used for, I believe signature for IKE Phase 1 and I'm not actually sure what the encryption keys are used for....?? Hope that helps, Ian On Wed, Sep 15, 2010 at 3:11 PM, Kingsley Charles < [email protected]> wrote: > When we generate encryption and signature keys separately and use it with > trustpoint, we get two certs - encryption and signature cert. If signature > cert is > used for authenticating with the peer then please let me know what is the > purpose of encryption cert? Is it used for encrypting data? > > > With regards > Kings > > > > On Wed, Sep 15, 2010 at 12:34 PM, Kingsley Charles < > [email protected]> wrote: > >> Hi all >> >> When using Digital certificates, are the private/public key of the device >> peering used for encrypting/decrypting the data or the shared secret key >> used as done when using pre-shared keys. >> Most places, I read that the rsa keys are used for encryption and >> decryption. >> >> I have also read that rsa keys are not used because during bulk data >> encryption/decryption they don't scale well. >> >> >> My question is in IOS and ASA, is RSA keys or shared secret used for >> encryption/decryption. >> >> >> With regards >> Kings >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
