Along with pre-shared key, RSA digital signatures are the most common means of IKE authentication.
An RSA digital signature is based on a cryptographic key that has two parts: a public part and a private part. One part (the public key) is widely shared, and may even be publicly distributed. The other part (the private key) remains secret. These keys are mathematically related but are independent, so that neither key is derivable from the other.
The key is used as input to a hash function; together, the key and the hash function form a signing function that, when applied to a document, creates a digital signature.
An RSA key can be used either to encrypt or authenticate, and this is based on two facts:
- Data encrypted with the agent's public key can only be decrypted by the agent, using the private key. This means that any peer can send information securely by encrypting it with the public key and forwarding it to the agent.
- Data processed with a hash function can be encrypted with the signer's private key—such data is said to be digitally signed. Since anyone with the public key can verify the digital signature, this communication can be accepted as authentically coming from the agent.
The algorithms that encrypt using RSA keys are very secure but extremely slow—so slow that it would be impracticable to encrypt an entire set of data using them. Instead, the agent produces a digital signature for the data, as follows:
- A hash function is applied to the data to generate a message digest. The message digest is much shorter than the original data, and any peer possessing the same hash function can produce the identical message digest.
- The private key is used to encrypt the message digest. This encrypted message digest is the digital signature.
- The original message and the digital signature are all sent to the peer in an encrypted packet. (The encryption of the packet is independent of the digital signature.)
- When the peer receives the packet, it decrypts the packet. Then it uses the sending agent's public key to decrypt the digital signature. This recovers the message digest.
- The peer applies the hash function to the original message (which was also sent in the packet) and compares the resulting message digest to the message digest recovered from the digital signature.
When the system generates an RSA digital signature, it stores it in a file. The file that contains the digital signature contains both the public key part and the private key part of the digital signature. When you view the RSA key, by looking at VPN configuration or by using the show vpn ike rsa-keys command, only the public key is displayed (along with any public keys configured for VPN peers). It is the public key that you should share with the other VPN peer.
By default, the RSA digital signature file for the local host is stored in the /config/ipsec.d/rsa-keys/localhost.key directory. When the key is required to authenticate the VPN peer, the system looks for the key in this directory. You can change the location and name of the file through configuration.
You can have only one RSA digital signature configured for the local host. If you generate a new key, it overwrites the previous key.
- If the message digests match, the peer can accept the communication as authentic.
- If the message digests do not match, the peer must consider the communication to have been tampered with, or corrupted in some other way, and reject it.