IKE Authentication (Windows CE 5.0)
The Windows CE implementation of IPSec supports the IPSec Internet Key Exchange (IKE) protocol. IKE is used to enhance security for virtual private network (VPN) negotiation and remote host or network access.
Specified in IETF Request for Comments (RFC) 2409, IKE defines an automatic means of negotiation and authentication for IPsec security associations (SA). Security associations are security policies defined for communication between two or more entities; the relationship between the entities is represented by a key.
The IKE protocol enhances security for SA communication without the preconfiguration that would otherwise be required.
IKE Modes
IPSec v4 supports the following IKE modes:
- Main Mode Security Association
- Quick Mode Security Association
- Informational exchanges
- PFS (Perfect Forward Secrecy)
IKE Encryption Algorithms
IPSec supports the following IKE encryption algorithms:
- DES
- 3DES
IKE Authentication Algorithms
- IPSec supports the following IKE authentication algorithms:
- MD5
- SHA-1
IKE Authentication Methods
IPSec supports the following IKE authentication methods:
- Preshared key
- User certificates
IKE Diffie Hellman Groups
The following list shows the Diffie Hellman (DH) groups that IPSec supports.
- Group 1 (DH 768)
- Group 2 (DH 1024)
- Group 14 (DH 2048)
Group 5 (DH 1536) is not supported in Windows CE.
See Also
Security Association | IPSec Application Development
Send Feedback on this topic to the authors