Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
942
Views
0
Helpful
4
Replies

Question about IPSEC

Go to solution
Abdelilah Benrida
Level 3
Level 3

‎05-31-2013 03:33 AM - edited ‎02-21-2020 06:56 PM

Is it true that ipsec use RSA algorithm when we use the pre-shared Key?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to Abdelilah Benrida

‎05-31-2013 09:06 AM 

i read that IKE phase one  for IPSEC uses the asymetric cryptography and the second uses the symetric one.

both can be the case but as a general rule it's not correct.

should i understand that with pre-shared key there is no asymetric cryptography in IKE phase 1?

yes and no ... 😉

You always have the Key-Agreement with Diffie-Hellman which is also an asymetric mechanism. That takes place both with PSK and digital certificates (rsa-sig).

For authentication - and that's probably what you are referring to - with PSKs there is no public-key operation but a couple of hash-operations.If you authenticate with digital certificates you have plenty of public-key operations where digital signatures are computed and also checked.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Karsten Iwen
VIP
VIP

‎05-31-2013 05:53 AM

No, there aren't any public-key-operations involved in the authentication when you use PSKs. The only public-key-operation is DH for the Key-agreement.

Where did you get that info from?

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Helpful

Go to solution
Abdelilah Benrida
Level 3
Level 3
In response to Karsten Iwen

‎05-31-2013 07:49 AM

i read that IKE phase one  for IPSEC uses the asymetric cryptography and the second uses the symetric one.

should i understand that with pre-shared key there is no asymetric cryptography in IKE phase 1?

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Abdelilah Benrida

‎05-31-2013 09:06 AM 

i read that IKE phase one  for IPSEC uses the asymetric cryptography and the second uses the symetric one.

both can be the case but as a general rule it's not correct.

should i understand that with pre-shared key there is no asymetric cryptography in IKE phase 1?

yes and no ... 😉

You always have the Key-Agreement with Diffie-Hellman which is also an asymetric mechanism. That takes place both with PSK and digital certificates (rsa-sig).

For authentication - and that's probably what you are referring to - with PSKs there is no public-key operation but a couple of hash-operations.If you authenticate with digital certificates you have plenty of public-key operations where digital signatures are computed and also checked.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Helpful

Go to solution
Abdelilah Benrida
Level 3
Level 3
In response to Karsten Iwen

‎05-31-2013 11:49 AM

Ok thank you very much

0 Helpful
Customers Also Viewed These Support Documents