Howto:Encryption algorithms: Difference between revisions
Jump to navigation
Jump to search
(→TLS) |
m (→RSA) |
||
| Line 20: | Line 20: | ||
* '''Purpose:''' Authentication of network endpoints, distribution of symmetric keys for data encryption | * '''Purpose:''' Authentication of network endpoints, distribution of symmetric keys for data encryption | ||
* '''Bit strength:''' Defined by the remote certificate. innovaphone products generate RSA keys with modulus sizes of 1024, 2048 or 4096 bits. | * '''Bit strength:''' Defined by the remote certificate. innovaphone products generate RSA keys with modulus sizes of 1024, 2048 or 4096 bits. | ||
* '''Key management:''' For decrypting incoming traffic, the public key is taken from the X.509 certificate of the remote endpoint. | * '''Key management:''' For decrypting incoming traffic and verifying signatures, the public key is taken from the X.509 certificate of the remote endpoint. For encrypting outgoing traffic and creating digital signatures the local private key is used. | ||
=== AES === | === AES === | ||
* '''Name:''' Advanced encryption standard | * '''Name:''' Advanced encryption standard | ||
Revision as of 15:01, 9 November 2011
Applies To
All innovaphone gateways and phones.
Overview
This is an overview of the encryption algorithms that are used in innovaphone products.
SRTP
AES
- Name: Advanced encryption standard
- Type: Symmetric
- Source: Standard algorithm
- Purpose: Voice or media encryption between VOIP endpoints
- Bit strength: 128, 192 or 256 bits
- Key management: A master key is generated using a software PRNG and exchanged using the signalling protocol (H.323, SIPS). Individual keys for data encryption are derived as specified by SRTP standards.
TLS
RSA
- Name: RSA
- Type: Asymmetric
- Source: Standard algorithm
- Purpose: Authentication of network endpoints, distribution of symmetric keys for data encryption
- Bit strength: Defined by the remote certificate. innovaphone products generate RSA keys with modulus sizes of 1024, 2048 or 4096 bits.
- Key management: For decrypting incoming traffic and verifying signatures, the public key is taken from the X.509 certificate of the remote endpoint. For encrypting outgoing traffic and creating digital signatures the local private key is used.
AES
- Name: Advanced encryption standard
- Type: Symmetric
- Source: Standard algorithm
- Purpose: Encryption of network traffic between TLS endpoints
- Bit strength: 128 or 256 bits
- Key management: During TLS handshake a master key is negotiated between endpoints using asymetric cryptography (see RSA). The master key is based on keying material generated using a software PRNG. Individual keys for data encryption are derived as specified by TLS standards.
3DES
- Name: Triple Data Encryption Standard
- Type: Symmetric
- Source: Standard algorithm
- Purpose: Encryption of network traffic between TLS endpoints
- Bit strength: 168 bits (112 bits effective)
- Key management: During TLS handshake a master key is negotiated between endpoints using asymetric cryptography (see RSA). The master key is based on keying material generated using a software PRNG. Individual keys for data encryption are derived as specified by TLS standards.