Security
Security

Why does the Junos OS device not use or support two sets of keys for a virtual private network (VPN)?

by Juniper Employee on ‎01-26-2016 08:03 AM - edited on ‎09-22-2017 04:04 PM by Administrator Administrator (1,113 Views)

Question

Why does the Junos OS device not use or support two sets of keys for a virtual private network (VPN)?

Answer

In general, when setting up a PKI for email and file encryption and signing, you should use two sets of keys. While you certainly want two sets of keys when encrypting emails and files (one set for signing and one set for encryption) you do not need two sets for the VPN.

 

RSA keys are used only for authentication in IPsec. So you do not need the second set of keys for things such as long-term storage of encrypted material.

 

Junos OS does support Digital Signature Algorithm (DSA) keys.

 

For more information, see Understanding Certificates and PKI