Digital signature profile

From LCOS version 10.20, devices that are set to use the older RSASSA-PKCS1-v1_5 to negotiate with remote sites now also support the newer RSASSA PSS.

Use this table to configure the parameters for the IKEv2 authentication.





Name
Contains the unique name of this entry. You can assign this name in three different places. In the section Authentication in the fields Local dig.signature profile and Rem. dig.signature profile, and under Extended settings > Authentification > Identities > Rem. dig.signature profile.
Authentication method
Sets the authentication method for the digital signature. Possible values are:
  • RSASSA-PSS: RSA with improved probabilistic signature schema as per version 2.1 of PKCS #1 (probabilistic signature scheme with appendix)
  • RSASSA-PKCS1-v1_5: RSA according to the older version of the signature schema as per version 1.5 of PKCS #1 (probabilistic signature scheme with appendix)
Important: If RSASSA-PKCS1-v1_5 is selected, a check is made to see whether the remote site also supports the superior RSASSA-PSS method and switches to it if necessary. If RSASSA-PSS is selected, then a fallback to the older RSASSA-PKCS1-v1_5 is not provided.
You also specify the secure hash algorithms (SHA) to be used.

www.lancom-systems.com

LANCOM Systems GmbH | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E-Mail info@lancom.de

LANCOM Logo