Fortinet white logo
Fortinet white logo

Cookbook

Encryption algorithms

Encryption algorithms

This topic provides a brief introduction to IPsec phase 1 and phase 2 encryption algorithms and includes the following sections:

IKEv1 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

SEED is a symmetric-key algorithm. FortiOS supports:

  • seed128-md5
  • seed128-sha1
  • seed128-sha256
  • seed128-sha384
  • seed128-sha512

Suite-B is a set of AES encryption with ICV in GCM mode. FortiOS supports Suite-B on new kernel platforms only (kernel version 3 and above). IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:

  • suite-b-gcm-128
  • suite-b-gcm-256

See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.

IKEv1 phase 2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:

  • null-md5
  • null-sha1
  • null-sha256
  • null-sha384
  • null-sha512

With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • des-null
  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • 3des-null
  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • aes128-null
  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-null
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-null
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aes128gcm
  • aes256gcm

With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • chacha20poly1305

With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aria128-null
  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-null
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-null
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • seed-null
  • seed-md5
  • seed-sha1
  • seed-sha256
  • seed-sha384
  • seed-sha512

IKEv2 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes128gcm-prfsha1
  • aes128gcm-prfsha256
  • aes128gcm-prfsha384
  • aes128gcm-prfsha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512
  • aes256gcm-prfsha1
  • aes256gcm-prfsha256
  • aes256gcm-prfsha384
  • aes256gcm-prfsha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the chacha20poly1305 encryption algorithm, FortiOS supports:

  • chacha20poly1305-prfsha1
  • chacha20poly1305-prfsha256
  • chacha20poly1305-prfsha384
  • chacha20poly1305-prfsha512

SEED is a symmetric-key algorithm. FortiOS supports:

  • seed128-md5
  • seed128-sha1
  • seed128-sha256
  • seed128-sha384
  • seed128-sha512

Suite-B is a set of AES encryption with ICV in GCM mode. FortiOS supports Suite-B on new kernel platforms only (kernel version 3 and above). IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:

  • suite-b-gcm-128
  • suite-b-gcm-256

See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.

IKEv2 phase 2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:

  • null-md5
  • null-sha1
  • null-sha256
  • null-sha384
  • null-sha512

With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • des-null
  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • 3des-null
  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • aes128-null
  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-null
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-null
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU. CP9 supports AESGCM offloading. FortiOS supports:

  • aes128gcm
  • aes256gcm

With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • chacha20poly1305

With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aria128-null
  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-null
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-null
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • seed-null
  • seed-md5
  • seed-sha1
  • seed-sha256
  • seed-sha384
  • seed-sha512

HMAC settings

The FortiGate uses the HMAC based on the authentication proposal that is chosen in phase 1 or phase 2 of the IPsec configuration. Each proposal consists of the encryption-hash pair (such as 3des-sha256). The FortiGate matches the most secure proposal to negotiate with the peer.

To view the chosen proposal and the HMAC hash used:
# diagnose vpn ike gateway list

vd: root/0
name: MPLS
version: 1
interface: port1 3
addr: 192.168.2.5:500 -> 10.10.10.1:500
virtual-interface-addr: 172.31.0.2 -> 172.31.0.1
created: 1015820s ago
IKE SA: created 1/13 established 1/13 time 10/1626/21010 ms
IPsec SA: created 1/24 established 1/24 time 0/11/30 ms

  id/spi: 124 43b087dae99f7733/6a8473e58cd8990a
  direction: responder
  status: established 68693-68693s ago = 10ms
  proposal: 3des-sha256
  key: e0fa6ab8dc509b33-aa2cc549999b1823-c3cb9c337432646e
  lifetime/rekey: 86400/17436
  DPD sent/recv: 000001e1/00000000

Encryption algorithms

Encryption algorithms

This topic provides a brief introduction to IPsec phase 1 and phase 2 encryption algorithms and includes the following sections:

IKEv1 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

SEED is a symmetric-key algorithm. FortiOS supports:

  • seed128-md5
  • seed128-sha1
  • seed128-sha256
  • seed128-sha384
  • seed128-sha512

Suite-B is a set of AES encryption with ICV in GCM mode. FortiOS supports Suite-B on new kernel platforms only (kernel version 3 and above). IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:

  • suite-b-gcm-128
  • suite-b-gcm-256

See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.

IKEv1 phase 2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:

  • null-md5
  • null-sha1
  • null-sha256
  • null-sha384
  • null-sha512

With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • des-null
  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • 3des-null
  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • aes128-null
  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-null
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-null
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aes128gcm
  • aes256gcm

With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • chacha20poly1305

With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aria128-null
  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-null
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-null
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • seed-null
  • seed-md5
  • seed-sha1
  • seed-sha256
  • seed-sha384
  • seed-sha512

IKEv2 phase 1 encryption algorithm

The default encryption algorithm is:

aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

DES is a symmetric-key algorithm, which means the same key is used for encrypting and decrypting data. FortiOS supports:

  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

3DES applies the DES algorithm three times to each data. FortiOS supports:

  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

AES is a symmetric-key algorithm with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes128gcm-prfsha1
  • aes128gcm-prfsha256
  • aes128gcm-prfsha384
  • aes128gcm-prfsha512
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512
  • aes256gcm-prfsha1
  • aes256gcm-prfsha256
  • aes256gcm-prfsha384
  • aes256gcm-prfsha512

The ARIA algorithm is based on AES with different key lengths (128, 192, and 256 bits). FortiOS supports:

  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the chacha20poly1305 encryption algorithm, FortiOS supports:

  • chacha20poly1305-prfsha1
  • chacha20poly1305-prfsha256
  • chacha20poly1305-prfsha384
  • chacha20poly1305-prfsha512

SEED is a symmetric-key algorithm. FortiOS supports:

  • seed128-md5
  • seed128-sha1
  • seed128-sha256
  • seed128-sha384
  • seed128-sha512

Suite-B is a set of AES encryption with ICV in GCM mode. FortiOS supports Suite-B on new kernel platforms only (kernel version 3 and above). IPsec traffic can be offloaded on NP6XLite and NP7 platforms. They cannot be offloaded on other NP6 processors and below. CP9 supports Suite-B offloading, otherwise packets are encrypted and decrypted by software. FortiOS supports:

  • suite-b-gcm-128
  • suite-b-gcm-256

See Network processors (NP6, NP6XLite, NP6Lite, and NP4) and CP9, CP9XLite, and CP9Lite capabilities in the Hardware Acceleration guide for more information.

IKEv2 phase 2 encryption algorithm

The default encryption algorithm is:

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

With null encryption, IPsec traffic can offload NPU/CP. FortiOS supports:

  • null-md5
  • null-sha1
  • null-sha256
  • null-sha384
  • null-sha512

With the DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • des-null
  • des-md5
  • des-sha1
  • des-sha256
  • des-sha384
  • des-sha512

With the 3DES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • 3des-null
  • 3des-md5
  • 3des-sha1
  • 3des-sha256
  • 3des-sha384
  • 3des-sha512

With the AES encryption algorithm, IPsec traffic can offload NPU/CP. FortiOS supports:

  • aes128-null
  • aes128-md5
  • aes128-sha1
  • aes128-sha256
  • aes128-sha384
  • aes128-sha512
  • aes192-null
  • aes192-md5
  • aes192-sha1
  • aes192-sha256
  • aes192-sha384
  • aes192-sha512
  • aes256-null
  • aes256-md5
  • aes256-sha1
  • aes256-sha256
  • aes256-sha384
  • aes256-sha512

With the AESGCM encryption algorithm, IPsec traffic cannot offload NPU. CP9 supports AESGCM offloading. FortiOS supports:

  • aes128gcm
  • aes256gcm

With the chacha20poly1305 encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • chacha20poly1305

With the ARIA encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • aria128-null
  • aria128-md5
  • aria128-sha1
  • aria128-sha256
  • aria128-sha384
  • aria128-sha512
  • aria192-null
  • aria192-md5
  • aria192-sha1
  • aria192-sha256
  • aria192-sha384
  • aria192-sha512
  • aria256-null
  • aria256-md5
  • aria256-sha1
  • aria256-sha256
  • aria256-sha384
  • aria256-sha512

With the SEED encryption algorithm, IPsec traffic cannot offload NPU/CP. FortiOS supports:

  • seed-null
  • seed-md5
  • seed-sha1
  • seed-sha256
  • seed-sha384
  • seed-sha512

HMAC settings

The FortiGate uses the HMAC based on the authentication proposal that is chosen in phase 1 or phase 2 of the IPsec configuration. Each proposal consists of the encryption-hash pair (such as 3des-sha256). The FortiGate matches the most secure proposal to negotiate with the peer.

To view the chosen proposal and the HMAC hash used:
# diagnose vpn ike gateway list

vd: root/0
name: MPLS
version: 1
interface: port1 3
addr: 192.168.2.5:500 -> 10.10.10.1:500
virtual-interface-addr: 172.31.0.2 -> 172.31.0.1
created: 1015820s ago
IKE SA: created 1/13 established 1/13 time 10/1626/21010 ms
IPsec SA: created 1/24 established 1/24 time 0/11/30 ms

  id/spi: 124 43b087dae99f7733/6a8473e58cd8990a
  direction: responder
  status: established 68693-68693s ago = 10ms
  proposal: 3des-sha256
  key: e0fa6ab8dc509b33-aa2cc549999b1823-c3cb9c337432646e
  lifetime/rekey: 86400/17436
  DPD sent/recv: 000001e1/00000000