Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
311312313314315316317318319320
308
Managing public keys
Public keys can be configured only at the CLI.
Overview
To protect data confidentiality during transmission, the data sender uses an algorithm and a key to
encrypt the plain text data before sending the data out. The receiver uses the same algorithm with the
help of a key to decrypt the data, as shown in Figure 215.
Figure 215 Encryption an
d decryption
The keys that participate in the conversion between plain text and cipher text can be the same or different,
dividing the encryption and decryption algorithms into the following types:
Symmetric key algorithm—The keys for encryption and decryption are the same.
Asymmetric key algorithm—The keys for encryption and decryption are different. One is the public
key, and the other is the private key. The information encrypted with the public key can only be
decrypted with the corresponding private key, and vice versa. The private key is kept secret, and the
public key may be distributed widely. The private key cannot be practically derived from the public
key. Asymmetric key algorithms include RSA and DSA.
The asymmetric key algorithms can be used for the following purposes:
To encrypt and decrypt data—Any public key receiver can use the public key to encrypt information,
but only the private key owner can decrypt the information. This mechanism ensures confidentiality.
Only RSA can be used for data encryption and decryption.
To authenticate a sender—Also called "digital signature." The key owner uses the private key to
"sign" information to be sent, and the receiver decrypts the information with the sender's public key
to verify information authenticity. RSA and DSA can be used for digital signature.
Asymmetric key algorithms are widely used in various applications. For example, SSH, SSL, and PKI use
the algorithms for digital signature. For more information about SSH, see System Management and
Maintenance Configuration Guide. For more information about SSL, see Network Management
Configuration Guide. For more information about PKI, see "Managing certificates."
Configuration task list
Public key configuration tasks enable you to manage the local asymmetric key pairs and configure the
peer host public keys on the local device. By completing these tasks, the local device is ready to work
with applications such as SSH and SSL to implement data encryption/decryption, or digital signature.