Fortinet black logo

Administration Guide

Encryption algorithms

Encryption algorithms

This topic provides a brief introduction to IPsec phase 1 and phase 2 encryption algorithms and includes the following sections:

IKEv1 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

SEED is a symmetric-key algorithm. FortiOS supports:

  • seed128-md5
  • seed128-sha1
  • seed128-sha256
  • seed128-sha384
  • seed128-sha512

Suite-B is a set of AES encryption with ICV in GCM mode. IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:

  • suite-b-gcm-128
  • suite-b-gcm-256

See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.

IKEv1 phase 2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:

  • null-md5
  • null-sha1
  • null-sha256
  • null-sha384
  • null-sha512

With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • des-null
  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • 3des-null
  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • aes128-null
  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-null
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-null
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aes128gcm
  • aes256gcm

With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • chacha20poly1305

With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aria128-null
  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-null
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-null
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • seed-null
  • seed-md5
  • seed-sha1
  • seed-sha256
  • seed-sha384
  • seed-sha512

IKEv2 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes128gcm-prfsha1
  • aes128gcm-prfsha256
  • aes128gcm-prfsha384
  • aes128gcm-prfsha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512
  • aes256gcm-prfsha1
  • aes256gcm-prfsha256
  • aes256gcm-prfsha384
  • aes256gcm-prfsha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the chacha20poly1305 encryption algorithm, FortiOS supports:

  • chacha20poly1305-prfsha1
  • chacha20poly1305-prfsha256
  • chacha20poly1305-prfsha384
  • chacha20poly1305-prfsha512

SEED is a symmetric-key algorithm. FortiOS supports:

  • seed128-md5
  • seed128-sha1
  • seed128-sha256
  • seed128-sha384
  • seed128-sha512

Suite-B is a set of AES encryption with ICV in GCM mode. IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:

  • suite-b-gcm-128
  • suite-b-gcm-256

See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.

IKEv2 phase 2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:

  • null-md5
  • null-sha1
  • null-sha256
  • null-sha384
  • null-sha512

With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • des-null
  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • 3des-null
  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • aes128-null
  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-null
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-null
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU. CP9 supports AESGCM offloading. FortiOS supports:

  • aes128gcm
  • aes256gcm

With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • chacha20poly1305

With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aria128-null
  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-null
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-null
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • seed-null
  • seed-md5
  • seed-sha1
  • seed-sha256
  • seed-sha384
  • seed-sha512

HMAC settings

The FortiGate uses the HMAC based on the authentication proposal that is chosen in phase 1 or phase 2 of the IPsec configuration. Each proposal consists of the encryption-hash pair (such as 3des-sha256). The FortiGate matches the most secure proposal to negotiate with the peer.

To view the chosen proposal and the HMAC hash used:
# diagnose vpn ike gateway list

vd: root/0
name: MPLS
version: 1
interface: port1 3
addr: 192.168.2.5:500 -> 10.10.10.1:500
tun_id: 10.10.10.1
virtual-interface-addr: 172.31.0.2 -> 172.31.0.1
created: 1015820s ago
IKE SA: created 1/13 established 1/13 time 10/1626/21010 ms
IPsec SA: created 1/24 established 1/24 time 0/11/30 ms

  id/spi: 124 43b087dae99f7733/6a8473e58cd8990a
  direction: responder
  status: established 68693-68693s ago = 10ms
  proposal: 3des-sha256
  key: e0fa6ab8dc509b33-aa2cc549999b1823-c3cb9c337432646e
  lifetime/rekey: 86400/17436
  DPD sent/recv: 000001e1/00000000

Encryption algorithms

This topic provides a brief introduction to IPsec phase 1 and phase 2 encryption algorithms and includes the following sections:

IKEv1 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

SEED is a symmetric-key algorithm. FortiOS supports:

  • seed128-md5
  • seed128-sha1
  • seed128-sha256
  • seed128-sha384
  • seed128-sha512

Suite-B is a set of AES encryption with ICV in GCM mode. IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:

  • suite-b-gcm-128
  • suite-b-gcm-256

See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.

IKEv1 phase 2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:

  • null-md5
  • null-sha1
  • null-sha256
  • null-sha384
  • null-sha512

With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • des-null
  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • 3des-null
  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • aes128-null
  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-null
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-null
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aes128gcm
  • aes256gcm

With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • chacha20poly1305

With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aria128-null
  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-null
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-null
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • seed-null
  • seed-md5
  • seed-sha1
  • seed-sha256
  • seed-sha384
  • seed-sha512

IKEv2 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes128gcm-prfsha1
  • aes128gcm-prfsha256
  • aes128gcm-prfsha384
  • aes128gcm-prfsha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512
  • aes256gcm-prfsha1
  • aes256gcm-prfsha256
  • aes256gcm-prfsha384
  • aes256gcm-prfsha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the chacha20poly1305 encryption algorithm, FortiOS supports:

  • chacha20poly1305-prfsha1
  • chacha20poly1305-prfsha256
  • chacha20poly1305-prfsha384
  • chacha20poly1305-prfsha512

SEED is a symmetric-key algorithm. FortiOS supports:

  • seed128-md5
  • seed128-sha1
  • seed128-sha256
  • seed128-sha384
  • seed128-sha512

Suite-B is a set of AES encryption with ICV in GCM mode. IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:

  • suite-b-gcm-128
  • suite-b-gcm-256

See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.

IKEv2 phase 2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:

  • null-md5
  • null-sha1
  • null-sha256
  • null-sha384
  • null-sha512

With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • des-null
  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • 3des-null
  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • aes128-null
  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-null
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-null
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU. CP9 supports AESGCM offloading. FortiOS supports:

  • aes128gcm
  • aes256gcm

With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • chacha20poly1305

With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aria128-null
  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-null
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-null
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • seed-null
  • seed-md5
  • seed-sha1
  • seed-sha256
  • seed-sha384
  • seed-sha512

HMAC settings

The FortiGate uses the HMAC based on the authentication proposal that is chosen in phase 1 or phase 2 of the IPsec configuration. Each proposal consists of the encryption-hash pair (such as 3des-sha256). The FortiGate matches the most secure proposal to negotiate with the peer.

To view the chosen proposal and the HMAC hash used:
# diagnose vpn ike gateway list

vd: root/0
name: MPLS
version: 1
interface: port1 3
addr: 192.168.2.5:500 -> 10.10.10.1:500
tun_id: 10.10.10.1
virtual-interface-addr: 172.31.0.2 -> 172.31.0.1
created: 1015820s ago
IKE SA: created 1/13 established 1/13 time 10/1626/21010 ms
IPsec SA: created 1/24 established 1/24 time 0/11/30 ms

  id/spi: 124 43b087dae99f7733/6a8473e58cd8990a
  direction: responder
  status: established 68693-68693s ago = 10ms
  proposal: 3des-sha256
  key: e0fa6ab8dc509b33-aa2cc549999b1823-c3cb9c337432646e
  lifetime/rekey: 86400/17436
  DPD sent/recv: 000001e1/00000000