Skip to main content

5.3. SA KEK Payload

The SA KEK (SAK) payload contains security attributes for the KEK method for a group and parameters specific to the GROUPKEY-PULL operation.

Key Components

  • Protocol: Defines the KEK protocol
  • SRC/DST Identification: Source and destination identities for GROUPKEY-PULL datagram
  • SPI: Security Parameter Index
  • POP Algorithm & Key Length: Proof of Possession parameters
  • KEK Attributes: Detailed KEK configuration

KEK Attributes (Section 5.3.1-5.3.9)

The following KEK attributes are defined:

  • KEK_MANAGEMENT_ALGORITHM (5.3.2): Specifies group key management algorithm (e.g., LKH)
  • KEK_ALGORITHM (5.3.3): Encryption algorithm for KEK
  • KEK_KEY_LENGTH (5.3.4): KEK key length in bits
  • KEK_KEY_LIFETIME (5.3.5): KEK validity period
  • SIG_HASH_ALGORITHM (5.3.6): Hash algorithm for signatures
  • SIG_ALGORITHM (5.3.7): Signature algorithm
  • SIG_KEY_LENGTH (5.3.8): Signature key length
  • KE_OAKLEY_GROUP (5.3.9): Oakley group for key exchange
Last updated on