Managing Public Keys; Overview; Fips Compliance - HP 3600 v2 Series Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
Managing public keys
Overview
To protect data confidentiality during transmission, the data sender uses an algorithm and a key (a
character string) to encrypt the plain text data before sending the data out, and the receiver uses the
same algorithm with the help of a key to decrypt the data, as shown in
Figure 76 Encryption and decryption
The keys that participate in the conversion between the plain text and the cipher text can be the same or
different, dividing the encryption and decryption algorithms into the following types:
Symmetric key algorithm—The keys for encryption and decryption are the same.
•
•
Asymmetric key algorithm—The keys for encryption and decryption are different, one is the public
key, and the other is the private key. The information encrypted with the public key can only be
decrypted with the corresponding private key, and vice versa. The private key is kept secret, and the
public key may be distributed widely. The private key cannot be practically derived from the public
key. Asymmetric key algorithms include the Revest-Shamir-Adleman Algorithm (RSA), the Digital
Signature Algorithm (DSA), and the Elliptic Curve Digital Signature Algorithm (ECDSA).
Asymmetric key algorithms can be used in two scenarios for two purposes:
To encrypt and decrypt data—The sender uses the public key of the intended receiver to encrypt the
•
information to be sent. Only the intended receiver, the holder of the paired private key, can decrypt
the information. This mechanism guarantees confidentiality. Only RSA can be used for data
encryption and decryption.
To authenticate a sender—This application is called digital signature. The sender "signs" the
•
information to be sent by encrypting the information with its own private key. A receiver decrypts the
information with the sender's public key and, based on whether the information can be decrypted,
determines the authenticity of the information. RSA, DSA, and ECDSA can all be used for digital
signature.
Asymmetric key algorithms are widely used in various applications. For example, Secure Shell (SSH),
Secure Sockets Layer (SSL), and Public Key Infrastructure (PKI) use the algorithms for digital signature. For
information about SSH, SSL, and PKI, see
PKI."
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see
"Configuring
SSH2.0,"
"Configuring
238
Figure
76.
"Configuring
SSL," and
FIPS") and non-FIPS mode.
"Configuring
Advertisement
Table of Contents
Troubleshooting
