Home > Articles > Cisco Network Technology > General Networking > IPSec Overview Part Four: Internet Key Exchange (IKE)

IPSec Overview Part Four: Internet Key Exchange (IKE)

Article Description

In part 4 of his five-part series on the Cisco implementation of IPSec, Andrew Mason describes the Internet Key Exchange (IKE).

RSA Signatures

RSA is a public-key cryptosystem used by IPSec for authentication in IKE phase 1. RSA was developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adelman.

The RSA signatures method uses a digital signature setup in which each device digitally signs a set of data and sends it to the other party. RSA signatures use a certificate authority (CA) to generate a unique-identity digital certificate that's assigned to each peer for authentication. The identity digital certificate is similar in function to the pre-shared key, but provides much stronger security.

Each initiator and responder to an IKE session using RSA signatures sends its own ID value (IDi or IDr), its identity digital certificate, and an RSA signature value consisting of a variety of IKE values, all encrypted by the negotiated IKE encryption method (DES or 3DES).

4. RSA Encryption | Next Section Previous Section