I need to fully understand the IPSec Phase 1 negotiation. now, I break this to 3 steps:
- Algorithm negotiations
- Key Exchange Data
- Identification
I'm usi开发者_JAVA百科ng Wireshark to investigate the process and so far I fully understand the first part (Algorithm Negotiations).
My current problem lies in the 2nd part: Key Exchange Data.
The algorithms in use are AES-CBC-256bit, Pre-shared key, MD5 & 1024 bit Group.
The "ISAKMP Payload"->"KeyExchange Payload"->"KeyExchangeData" is beyond me... I have no clue what it is.. an MD5'ed pre-shared key? Is it encrypted?
See draft-kivinen-ipsecme-ikev2-minimal-01. It does a pretty good job explaining on what is needed for IKEv2 protocol
ISAKMP / IKEv1 / IPSec phase 1 is a bit more complicated, but most things in IKEv2 are somewhat analogous to the older version - and certainly help in learning the more complex stuff.
Key exchange data in the KE payload is just the Diffie-Hellman "shared secret". If you are literate with python code, see this project. There is also a module that can do the math and has some of the most used DH group's primes.
This page should help to understand IPSec.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论