Specifications

Technical Concepts Nur für den internen Gebrauch
A31003-H3580-M103-2-76A9, 01-2009
9-30 HiPath 3000/5000 V8 - HG 1500 V8, Administrator Documentation
hg-09.fm
SSL and VPN
changes in the data. The checksum is encrypted with the sender’s private key and, following
decryption with the sender’s public key, can be checked by anyone. It is therefore easy to es-
tablish who sent the data.
Keys and checksum are generated using encryption routines (encryption algorithms). The fol-
lowing procedures are important in connection with HG 1500:
DES
DES stands for Data Encryption Standard. DES is designed for symmetric encryption. The
public key length is 64 bits (8 characters).
3DES
3DES is derived from DES and stands for triple encryption. The public key length is 192
bits (24 characters).
AES
AES stands for Advanced Encryption Standard. AES is also designed for symmetric en-
cryption. The public key length is 128 bits (16 characters).
RSA
RSA stands for Rivest Shamir Algorithm. RSA is an algorithm for asymmetric encryption.
DSA
DSA stands for Digital Signature Algorithm. While the RSA procedure is suitable both for
signatures and key exchange, DSA is only suitable for signatures.
MD5
MD stands for Message Digest and 5 indicates a later variant of the MD algorithm. MD5 is
a straightforward hash algorithm and generates a unique, 128-bit (16-character) compre-
hensive checksum from random data lengths.
SHA1
SHA stands for Security Hash Algorithm, 1 indicates a later version of this algorithm. SHA1
is a hash algorithm and generates a 160-bit (10-character) checksum from data lengths un-
der 264 bits.
9.6.2 Certificates
Certificates guarantee the authenticity of public keys by linking the public key to the identity of
the owner.
A certificate contains the following typical information:
the name of the owner,
the public key of the owner,
a signature from a certification authority for the name and key,
information on the hash algorithms with which the public keys can be used,