04-03-2024 06:54 AM
Dear Experts
In some documents I saw three keys will be generated in packets 3-4 in IKEv1 phase 1, can anyone please explain in detail which three keys are generated? And which key is for phase1 packets 5-6, which one is for phase two?
Thanks
- Teck Sing
Solved! Go to Solution.
04-03-2024 07:00 AM
04-03-2024 07:00 AM
04-10-2024 09:33 PM
Thanks a lot, MHM. Sorry for late thank at first as I've read some more documents linked from this article.
Now I know "the IPsec symmetrical keys are derived from this DH key shared between the peers, at no point are symmetric keys actually exchanged."
In phase I, DH will create a same shared secret on both peers, but this "shared secret" is not used for any encryption. Both peers will compute a new key from this "shared secret" as a base-key individually, and further derive other three keys: SKEYID_d, SKEYID_a and SKEYID_e from this base-key individually. Actually, these three keys are used for subsequent steps.
If PFS is enabled, another DH process will occur during phase II, and new symmetric key for data encryption will be generated.
Please correct me if my understanding is incorrect.
Thanks
- Teck Sing
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide