cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
886
Views
5
Helpful
3
Replies
abhijith891
Beginner

Difference between PKI and RSA-signatures

Hi all, I believe the 3 authentication methods in a Site-Site VPN are PSK, PKI and RSA-sig. But I am not very clear about how different PKI and RSA Sig mechanisms are from each other. So can someone please explain the difference between same?

 

Regards,

Abhijit

1 ACCEPTED SOLUTION

Accepted Solutions
Graham Bartlett
Cisco Employee

Hi
RSA-Sig is basically using RSA Nonces(which are only used in IKEv1, not IKEv2), take a look here;

http://www.ciscopress.com/articles/article.asp?p=25474&seqNum=5

In summary you have the peers public key, but this is just the key and not sent in a certificate (like in PKI). So you need to manually configure all peers public keys that you want to talk to. PKI overcomes this limitations by using a CA.

cheers

View solution in original post

3 REPLIES 3
Rob Ingram
VIP Mentor

Hi,

A Site-to-Site VPN can use either PSK or certificates to authenticate. A certificate is either rsa-sig or ecsda-sig (Suite-B NGE) they are issued by a PKI (aka Certificate Authority). You need a PKI (Public Key Infrastruture) in order to distribute the certificates to use for certificate authentication.

 

HTH

Graham Bartlett
Cisco Employee

Hi
RSA-Sig is basically using RSA Nonces(which are only used in IKEv1, not IKEv2), take a look here;

http://www.ciscopress.com/articles/article.asp?p=25474&seqNum=5

In summary you have the peers public key, but this is just the key and not sent in a certificate (like in PKI). So you need to manually configure all peers public keys that you want to talk to. PKI overcomes this limitations by using a CA.

cheers

View solution in original post

Thanks a lot Graham. Things are pretty clear now. Cheers.

Content for Community-Ad