Algorithm
Set
AEP Net EC20M implements the hashing, signing
and key management algorithm sets laid down in the by the UK National
Technical Authority - SHA-1, DSA, Enhanced Diffie-Hellman, ISAKMP
in combination with the 3DES confidentiality algorithm. Other algorithms
can be factory loaded or in some circumstances, loaded at the customer
site.
Furthermore, the cryptographic and application libraries
can be upgraded throughout the life of the equipment offering the
customer both flexibility of deployment and future proofing against
changes in standards and the introduction of new algorithms (e.g.
AES).
|
|
Key Management
AEP Net EC20M product variant employs a 2-tier PKI using an
external agency (e.g. the customer organization) as the root and
the AEP Net Management Center as the sub-CA. The Sub-CA public
key can either be imported from the root authority or generated
at the sub-CA for certification at the root. AEP's Net Keyper
is used for key generation (optional), storage and signing.
The AEP Net products generate all other keys including
encryptor public/private key pairs and certificates, traffic keys
and packet authentication keys. This means that there is no key
material handling outside the encryptor management center, and
then only at Sub-CA key update intervals (as defined in the customer
organization security policy).
For more information, download the Net
EC20 datasheet (139k pdf).
|
