Encryption algorithms

This topic provides a brief introduction to IPsec phase 1 and phase 2 encryption algorithms and includes the following sections:

IKEv1 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5