PPP Encryption Control Protocol (ECP) and Encryption Algorithms
(Page 4 of 4)
Encryption Algorithm Operation: Encrypting and Decrypting Data
After an encryption algorithm has been successfully negotiated, it is used to encrypt data before transmission, and to decrypt data received. To encrypt, the transmitting device takes the data that would normally be put in the Information field of an unencrypted PPP frame and runs it through the encryption algorithm. To indicate that a frame has been encrypted, the special value 0x0053 (hexadecimal) is placed in the PPP Protocol field. When encryption is used with multiple links and the links are encrypted independently, a different value is used: 0x0055. Recall that in a regular unencrypted frame, the Protocol field indicates what layer three protocol the data comes from; since we still need to know this, the original Protocol value is actually prepended to the data before encryption. When the data is decrypted, this value is used to restore the original Protocol field, so the receiving device knows what higher layer the data belongs to.
For example, if we use IPCP to encapsulate IP data in PPP, the unencrypted frame would have a value of 0x8021 (hex) in the Protocol field. This value (0x8021) would be placed at the start of the data to be encrypted. The encrypted data would be put in a PPP frame with a Protocol value of 0x0053. The receiving device would see the value 0x0053 in the Protocol field, recognize the frame as encrypted, decrypt it and restore the original frame with 0x8021 as the Protocol value.The discussion of the PPP general frame format covers this more completely.
Each encrypted PPP data frame carries exactly one PPP data frame. Note that unlike what we saw in compression, LCP frames and the control frames used for other protocols can be encrypted. Compression can be combined with encryption; in this case compression is done before encryption.
Home - Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.