Black Box ET0010A User Manual
Creating Distributed Key Policies
184
EncrypTight User Guide
Figure 69
Data payload encryption
Encryption and Authentication Algorithms
For Layer 3 IP policies, you can specify the encryption and authentication algorithms that you want to
use. The encryption algorithms include the Advanced Encryption Standard (AES) and Triple Data
Encryption Standard (3DES).
use. The encryption algorithms include the Advanced Encryption Standard (AES) and Triple Data
Encryption Standard (3DES).
AES is a symmetric block cipher capable of using cryptographic keys of 128, 192, and 256 bits to
encrypt and decrypt data in blocks of 128 bits. Triple DES, or 3DES, is a more secure variant of DES.
3DES uses a key length of 168 bits. The Data Encryption Standard (DES) is a symmetric block cipher
with a block size of 64 bits and a key length of 56 bits.
encrypt and decrypt data in blocks of 128 bits. Triple DES, or 3DES, is a more secure variant of DES.
3DES uses a key length of 168 bits. The Data Encryption Standard (DES) is a symmetric block cipher
with a block size of 64 bits and a key length of 56 bits.
The authentication algorithms available include Secure Hash Algorithm 1 (HMAC-SHA-1) and Message
Digest #5 (HMAC-MD5). Both are hash algorithms. HMAC-SHA-1 is more secure than HMAC-MD5.
Digest #5 (HMAC-MD5). Both are hash algorithms. HMAC-SHA-1 is more secure than HMAC-MD5.
Layer 2 Ethernet encryption policies utilize AES with 256-bit keys to encrypt and decrypt the data and
HMAC-SHA-1 to provide data origin authentication and data integrity.
HMAC-SHA-1 to provide data origin authentication and data integrity.
Layer 4 IP encryption policies use AES-256 for encryption and HMAC-SHA-1 for authentication. The
ETEP PEPs do not support 3DES or HMAC-MD5 at Layer 4.
ETEP PEPs do not support 3DES or HMAC-MD5 at Layer 4.
ARIA Encryption
In addition to the standard encryption algorithms listed above, the ARIA encryption algorithm is available
on ETEP PEPs. ARIA provides 256-bit encryption, and is implemented in software.
Note the following usage guidelines and constraints:
In addition to the standard encryption algorithms listed above, the ARIA encryption algorithm is available
on ETEP PEPs. ARIA provides 256-bit encryption, and is implemented in software.
Note the following usage guidelines and constraints:
●
ARIA-256 is available for use in Layer 3 and Layer 4 policies. Layer 2 Ethernet encryption policies
do not support ARIA.
do not support ARIA.
●
ARIA-256 is incompatible with the ETEP’s FIPS mode of operation. Disable FIPS mode on the ETEP
prior to using ARIA in encryption policies.
prior to using ARIA in encryption policies.
●
ARIA-256 is available only when using the local ETKMS software External ETKMSs do not support
policies that use ARIA encryption.
policies that use ARIA encryption.
To use ARIA in an encryption policy, do the following:
1 Quit EncrypTight if it is running (File > Exit).
2 Edit the EncrypTight
1 Quit EncrypTight if it is running (File > Exit).
2 Edit the EncrypTight
config.ini
file. The file is located in the
<installDir>\configuration
directory, where <installDir> is the directory in which EncrypTight is installed.
a Using a text editor such as Notepad, open the
a Using a text editor such as Notepad, open the
config.ini
file.
b Change the AriaSupport setting from false to true. The modified line should look like this:
AriaSupport=true
c Save the file, and then close the text editor.
3 Restart EncrypTight.
4 In ETPM, select ARIA as the encryption algorithm in the policy editor. This algorithm is available in
4 In ETPM, select ARIA as the encryption algorithm in the policy editor. This algorithm is available in
any Layer 3 or Layer 4 policy type: mesh, point-to-point, multicast, or hub and spoke. After defining
the encryption policy, deploy the policy to the ETEPs.
the encryption policy, deploy the policy to the ETEPs.