[Users] Diffie-Hellman ipsec.secrets files.key?

From: Jfprince1_at_aol.com
Date: Thu Oct 17 2002 - 15:03:01 CEST

• Next message: Nils Dohse: "AW: [Users] FreeSWAN+Netscreen interoperability Question. It works ... but how ?"
• Previous message: J.J.Gallardo: "Re: [Users] Security on starting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello

I would like to understand Diffie Hellman method. Where are use ipsec.secrets and .key files.

For example:

I have understand this schema of Diffie Hellman method :

Alice:
• generates a random number a
• calculates A = g^a modulo p
• sends A to Bob
Meanwhile Bob:
• generates a random number b
• calculates B = g^b modulo p
• sends B to Alice

ipsec.secrets=g?

 Bob choose Xa in a list a
 Alice choose Xb in a list b

GW1.company1.com.key =list a ?
GW2.company2.com.key=list b ?

Bob create his public key : Ya = G exp (Xa) * modulo (P) and end it to Alice
Alice create his public key: Yb = G exp (Xb) * modulo (P) and send it to Bob

Bob create an intermediary key for cryptage : ZZa = Yb exp (Xa) * modulo (P)
Alice create an intermediary key for cryptage : ZZb = Ya exp (Xb) * modulo (P)
ZZa = ZZb !!!!

Bob create secret key with ZZ and 3DES
Alice create secret key with ZZ and 3DES

What is the purpose of PFS and keylife option in this mechanism?
PFS allow a frequent key change. But which key? ZZ?

Thanks
JF

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Nils Dohse: "AW: [Users] FreeSWAN+Netscreen interoperability Question. It works ... but how ?"
• Previous message: J.J.Gallardo: "Re: [Users] Security on starting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Oct 18 2002 - 05:20:28 CEST