Skip to main content

Encapsulating Security Payload

aliases:

  • ESP

A core protocol of IPsec.

ESP is used to encrypt only the payload, and doesn't compute an ICV exactly like AH does. Instead, ESP attaches three fields to the packet:

  • a header

  • a trailer

  • an ICV computed without the IP header

  • [i] With ESP, algorithms for both confidentiality (symmetric cipher) and authentication/integrity (hash function) are usually applied together. It is possible to use one or the other, however.

Back to top