IPsec uses symmetrical encryption. This means that the key used for encryption is the same one that's used for decryption. This is why the DH exchange is needed, to hide the negotiation of the encryption/decryption symmetrical key. If this key were to be compromised, someone could use it to decrypt packets or possibly encrypt packets to do an injection attack.
With Digital Signatures, or Public Key Infrastructure (PKI), there is a separate encryption vs. decryption key. The idea is that each party generates both a private key and a public key. Like the names imply the private key has to be kept secret, but the public key you can give to anyone. Something that is encrypted with my private key can only be decrypted with my public key. Likewise something encrypted with my public key can only be decrypted with my private key. The reason that it works both ways is because in certain cases you want to use PKI just to authenticate the other party, but in other cases you may want to encrypt data going to a specific party. The first case is what is done with Certificate Authority.
With CA based authentication, both you and I generate both public and private keys, and then we then get the public key of the CA server. Next we both send our public keys to the CA server, who adds some authentication strings to them, and then encrypts them with the CA's private key. The result of this is our signed certificates. Remember that something encrypted with a private key can be decrypted with a public key. This means that if I give you my certificate (which was signed with the private key of the CA) you can decrypt it by using the CA's public key, and find the authentication strings that the CA added. You then decrypt your own certificate with the CA's public key, get the authentication strings, and compare it against mine. If these strings match it means that both our certificates were signed by the same CA, and the authentication is successful.
The second case for PKI, which is outside of CA authentication, is if I want to encrypt something that only you can decrypt. In this case I encrypt the data using your public key, which means that it can only be decrypted with your private key. This is why PKI is considered asymmetrical because different keying material is used for the encryption vs. the decryption. This also means that something like the DH exchange isn't needed for PKI, because it doesn't matter who gets the public keys as long as the private keys stay secret.
Let me know if that answers your question.
HTH,
Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan_at_INE.com
Internetwork Expert, Inc.
http://www.INE.com
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Ajay mehra
Sent: Saturday, April 14, 2012 12:54 AM
To: ccielab_at_groupstudy.com
Subject: Ipsec encryption key when using digital certs
Hi Guys,
I understand that when using pre shared keys, DH uses pre shared keys to derive the shared secret key to encrypt/decrypt . Can I clarify how does the secret key is derived using DH when using digital certs?
In case of digital certs since we are generating a key pair locally, is the private key from this key pair is used in DH algo to generate a seperate secret key? offcourse the key pair is also meant to generate a digital cert request (authentication only).
Regards,
Ajay
Blogs and organic groups at http://www.ccie.net
Received on Sat Apr 14 2012 - 18:34:24 ART
This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 08:20:45 ART