Fortinet black logo

Handbook

Home FortiGate / FortiOS 6.0.0 Handbook

Encryption

6.0.0
6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:92816
Download PDF

Encryption

Encryption mathematically transforms data to appear as meaningless random numbers. The original data is called plaintext and the encrypted data is called ciphertext. The opposite process, called decryption, performs the inverse operation to recover the original plaintext from the ciphertext.

The process by which the plaintext is transformed to ciphertext and back again is called an algorithm. All algorithms use a small piece of information, a key, in the arithmetic process of converted plaintext to ciphertext, or vice-versa. IPsec uses symmetrical algorithms, in which the same key is used to both encrypt and decrypt the data. The security of an encryption algorithm is determined by the length of the key that it uses. FortiGate IPsec VPNs offer the following encryption algorithms, in descending order of security:

Encryption

Description

ChaCha20/Poly1305

A combination of the ChaCha20 symmetric cipher and Poly1305-AES, a variant of the AES 128-bit block algorithm that uses a 128-bit key and an 128-bit nonce.

AES-GCM

Galois/Counter Mode (GCM), a block cipher mode of operation providing both confidentiality and data origin authentication.

AES256

A 128-bit block algorithm that uses a 256-bit key.

AES192

A 128-bit block algorithm that uses a 192-bit key.

AES128

A 128-bit block algorithm that uses a 128-bit key.

3DES

Triple-DES, in which plain text is DES-encrypted three times by three keys.

DES

Digital Encryption Standard, a 64-bit block algorithm that uses a 56-bit key

The default encryption algorithms provided on FortiGate units make recovery of encrypted data almost impossible without the proper encryption keys.

There is a human factor in the security of encryption. The key must be kept secret, known only to the sender and receiver of the messages. Also, the key must not be something that unauthorized parties might easily guess, such as the sender’s name, birthday or simple sequence such as 123456.

Diffie-Hellman groups

FortiOS IPsec VPN supports the following Diffie-Hellman (DH) asymmetric key algorithms for public key cryptography.

DH Group

Description

1

More Modular Exponential (MODP) DH Group with a 768-bit modulus

2

MODP with a 1024-bit modulus

5

MODP with a 1536-bit modulus

14

MODP with a 2048-bit modulus

15

MODP with a 3027-bit modulus

16

MODP with a 4096-bit modulus

17

MODP with a 6144-bit modulus

18

MODP with a 8192-bit modulus

19

256-bit random elliptic curve group

20

384-bit random elliptic curve group

21

521-bit random elliptic curve group

27

Brainpool 224-bit elliptic curve group

28

Brainpool 256-bit elliptic curve group

29

Brainpool 384-bit elliptic curve group

30

Brainpool 512-bit elliptic curve group

31

Curve25519 128-bit elliptic curve group

* When using aggressive mode, DH groups cannot be negotiated.

By default, DH group 14 is selected, to provide sufficient protection for stronger cipher suites that include AES and SHA2. If you select multiple DH groups, the order they appear in the configuration is the order in which they are negotiates.

If both VPN peers (or a VPN server and its client) have static IP addresses and use aggressive mode, select a single DH group. The setting on the FortiGate unit must be identical to the setting on the remote peer or dialup client.

When the remote VPN peer or client has a dynamic IP address and uses aggressive mode, select up to three DH groups on the FortiGate unit and one DH group on the remote peer or dialup client. The setting on the remote peer or dialup client must be identical to one of the selections on the FortiGate unit.

If the VPN peer or client employs main mode, you can select multiple DH groups. At least one of the settings on the remote peer or dialup client must be identical to the selections on the FortiGate unit.

IPsec overheads

The FortiGate sets an IPsec tunnel Maximum Transmission Unit (MTU) of 1436 for 3DES/SHA1 and an MTU of 1412 for AES128/SHA1, as seen with diag vpn tunnel list. This indicates that the FortiGate allocates 64 bytes of overhead for 3DES/SHA1 and 88 bytes for AES128/SHA1, which is the difference if you subtract this MTU from a typical ethernet MTU of 1500 bytes.

During the encryption process, AES/DES operates using a specific size of data which is block size. If data is smaller than that, it will be padded for the operation. MD5/SHA-1 HMAC also operates using a specific block size.

The following table describes the potential maximum overhead for each IPsec encryption:

IPsec Transform Set

IPsec Overhead (Max. bytes)

ESP-AES (256, 192, or 128), ESP-SHA-HMAC, or MD5

88

ESP-AES (256, 192, or 128)

61

ESP-3DES, ESP-DES

45

ESP-(DES or 3DES), ESP-SHA-HMAC, or MD5

64

ESP-Null, ESP-SHA-HMAC, or MD5

45

AH-SHA-HMAC or MD5

44
Previous
Next

Encryption

Encryption mathematically transforms data to appear as meaningless random numbers. The original data is called plaintext and the encrypted data is called ciphertext. The opposite process, called decryption, performs the inverse operation to recover the original plaintext from the ciphertext.

The process by which the plaintext is transformed to ciphertext and back again is called an algorithm. All algorithms use a small piece of information, a key, in the arithmetic process of converted plaintext to ciphertext, or vice-versa. IPsec uses symmetrical algorithms, in which the same key is used to both encrypt and decrypt the data. The security of an encryption algorithm is determined by the length of the key that it uses. FortiGate IPsec VPNs offer the following encryption algorithms, in descending order of security:

Encryption

Description

ChaCha20/Poly1305

A combination of the ChaCha20 symmetric cipher and Poly1305-AES, a variant of the AES 128-bit block algorithm that uses a 128-bit key and an 128-bit nonce.

AES-GCM

Galois/Counter Mode (GCM), a block cipher mode of operation providing both confidentiality and data origin authentication.

AES256

A 128-bit block algorithm that uses a 256-bit key.

AES192

A 128-bit block algorithm that uses a 192-bit key.

AES128

A 128-bit block algorithm that uses a 128-bit key.

3DES

Triple-DES, in which plain text is DES-encrypted three times by three keys.

DES

Digital Encryption Standard, a 64-bit block algorithm that uses a 56-bit key

The default encryption algorithms provided on FortiGate units make recovery of encrypted data almost impossible without the proper encryption keys.

There is a human factor in the security of encryption. The key must be kept secret, known only to the sender and receiver of the messages. Also, the key must not be something that unauthorized parties might easily guess, such as the sender’s name, birthday or simple sequence such as 123456.

Diffie-Hellman groups

FortiOS IPsec VPN supports the following Diffie-Hellman (DH) asymmetric key algorithms for public key cryptography.

DH Group

Description

1

More Modular Exponential (MODP) DH Group with a 768-bit modulus

2

MODP with a 1024-bit modulus

5

MODP with a 1536-bit modulus

14

MODP with a 2048-bit modulus

15

MODP with a 3027-bit modulus

16

MODP with a 4096-bit modulus

17

MODP with a 6144-bit modulus

18

MODP with a 8192-bit modulus

19

256-bit random elliptic curve group

20

384-bit random elliptic curve group

21

521-bit random elliptic curve group

27

Brainpool 224-bit elliptic curve group

28

Brainpool 256-bit elliptic curve group

29

Brainpool 384-bit elliptic curve group

30

Brainpool 512-bit elliptic curve group

31

Curve25519 128-bit elliptic curve group

* When using aggressive mode, DH groups cannot be negotiated.

By default, DH group 14 is selected, to provide sufficient protection for stronger cipher suites that include AES and SHA2. If you select multiple DH groups, the order they appear in the configuration is the order in which they are negotiates.

If both VPN peers (or a VPN server and its client) have static IP addresses and use aggressive mode, select a single DH group. The setting on the FortiGate unit must be identical to the setting on the remote peer or dialup client.

When the remote VPN peer or client has a dynamic IP address and uses aggressive mode, select up to three DH groups on the FortiGate unit and one DH group on the remote peer or dialup client. The setting on the remote peer or dialup client must be identical to one of the selections on the FortiGate unit.

If the VPN peer or client employs main mode, you can select multiple DH groups. At least one of the settings on the remote peer or dialup client must be identical to the selections on the FortiGate unit.

IPsec overheads

The FortiGate sets an IPsec tunnel Maximum Transmission Unit (MTU) of 1436 for 3DES/SHA1 and an MTU of 1412 for AES128/SHA1, as seen with diag vpn tunnel list. This indicates that the FortiGate allocates 64 bytes of overhead for 3DES/SHA1 and 88 bytes for AES128/SHA1, which is the difference if you subtract this MTU from a typical ethernet MTU of 1500 bytes.

During the encryption process, AES/DES operates using a specific size of data which is block size. If data is smaller than that, it will be padded for the operation. MD5/SHA-1 HMAC also operates using a specific block size.

The following table describes the potential maximum overhead for each IPsec encryption:

IPsec Transform Set

IPsec Overhead (Max. bytes)

ESP-AES (256, 192, or 128), ESP-SHA-HMAC, or MD5

88

ESP-AES (256, 192, or 128)

61

ESP-3DES, ESP-DES

45

ESP-(DES or 3DES), ESP-SHA-HMAC, or MD5

64

ESP-Null, ESP-SHA-HMAC, or MD5

45

AH-SHA-HMAC or MD5

44
Previous
Next