If B send info encrypted with A's public key, only A can decrypt the info because he is the only one with it's private key. But if A send info encrypted with it's own private key, anyone with A's public key can decrypt the info, right? isn't this a security issue?
It is highly recommended that each peer have their own public keys. Don't use the same key between 2 different peers. Keys are the most important part of security, guard them with your life :)! You can have the most advanced encryption algo in the world, but if you have the key ..... And that's really what you want, people you trust the key with should be able to decrypt your packets. Just guard the key and use different ones with different peers, and change them every so often.
What you are telling me is that if A wants to communicate with B he should use B's public key and for B->A, B should use A's public key. So each user must have a public key for each partner he wants to communicate with?
Sorry if my writting is unclear. What I meant was - In ipsec there are 3 keys - public (shared with the peer, used to verify a signature), private (secret and never shared, used to sign a message) and secret (shared key used to encrypt data using an algorithm). The public key is derived from the private key.
Each peer combines its own private key with the peers public key to calculate the shared secret number. The secret number is converted into a shared secret key. This key never crosses the line (ie never exchanged). The shared secret key is input to the algorithm (eg 3DES). Then cleartext data is fed into the algorithm in fixed-length blocks and is converted to cyphertext and sent using ESP.
eg. A sends a message to B with B's shared/public key (b1). C sends a message to B with B's shared/public key (b2). b1 doesn't equal b2. B decrypts both with his private keys (one for each peer). B sending to A can't be read by C as they use different public/private key's. For each of B's peers (A & C) should have different private keys, which will generate different public/shared keys.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...