Filter
Top Products
Creating Distributed Key Policies
184 EncrypTight User Guide
Figure 69 Data payload encryption
Encryption and Authentication Algorithms
For Layer 3 IP policies, you can specify the encryption and authentication algorithms that you want to
use. The encryption algorithms include the Advanced Encryption Standard (AES) and Triple Data
Encryption Standard (3DES).
AES is a symmetric block cipher capable of using cryptographic keys of 128, 192, and 256 bits to
encrypt and decrypt data in blocks of 128 bits. Triple DES, or 3DES, is a more secure variant of DES.
3DES uses a key length of 168 bits. The Data Encryption Standard (DES) is a symmetric block cipher
with a block size of 64 bits and a key length of 56 bits.
The authentication algorithms available include Secure Hash Algorithm 1 (HMAC-SHA-1) and Message
Digest #5 (HMAC-MD5). Both are hash algorithms. HMAC-SHA-1 is more secure than HMAC-MD5.
Layer 2 Ethernet encryption policies utilize AES with 256-bit keys to encrypt and decrypt the data and
HMAC-SHA-1 to provide data origin authentication and data integrity.
Layer 4 IP encryption policies use AES-256 for encryption and HMAC-SHA-1 for authentication. The
ETEP PEPs do not support 3DES or HMAC-MD5 at Layer 4.
ARIA Encryption
In addition to the standard encryption algorithms listed above, the ARIA encryption algorithm is available
on ETEP PEPs. ARIA provides 256-bit encryption, and is implemented in software.
Note the following usage guidelines and constraints:
● ARIA-256 is available for use in Layer 3 and Layer 4 policies. Layer 2 Ethernet encryption policies
do not support ARIA.
● ARIA-256 is incompatible with the ETEP’s FIPS mode of operation. Disable FIPS mode on the ETEP
prior to using ARIA in encryption policies.
● ARIA-256 is available only when using the local ETKMS software External ETKMSs do not support
policies that use ARIA encryption.
To use ARIA in an encryption policy, do the following:
1 Quit EncrypTight if it is running (File > Exit).
2 Edit the EncrypTight
config.ini file. The file is located in the <installDir>\configuration
directory, where <installDir> is the directory in which EncrypTight is installed.
a Using a text editor such as Notepad, open the
config.ini file.
b Change the AriaSupport setting from false to true. The modified line should look like this:
AriaSupport=true
c Save the file, and then close the text editor.
3 Restart EncrypTight.
4 In ETPM, select ARIA as the encryption algorithm in the policy editor. This algorithm is available in
any Layer 3 or Layer 4 policy type: mesh, point-to-point, multicast, or hub and spoke. After defining
the encryption policy, deploy the policy to the ETEPs.