!!! Overview
[{$pagename}] detects and [decrypts] selected [communications] that are encrypted using [IPsec] then re-injects the unencrypted [packets] back into [TURMOIL] Stage 1. 

[TURMOIL] Stage 1 [applications] process the [packets] into [sessions] and when appropriate forwards the [decrypted|Decryption] content to follow-on processing systems. 

The DNC eventing (PPF) components in [TURMOIL] detect all [IKE]/[ISAKMP] and [ESP] packets and queries [KEYCARD] for each unique [IKE] exchange session and each unique [ESP] session to determine if the link should be selected for processing. Selection is based on [IP Address]. 

Decryption is attempted if either the source or the destination IP address is targeted for decryption in [KEYCARD] (the [KEYCARD] tasking action is labeled "TRANSFORM" so as not to use the term "decrypt"). If KEYCARD returns a hit for an [IKE] packet, then the [IKE] packet is sent to [LONGHAUL] where is is used to recover [keys]. 

If KEYCARD returns a hit for an [ESP] packet, a key request is sent to [LONGHAUL]. The [IPsec] Security Parameter Index (SP1) correlate s [IKE] sessions with [ESP] sessions. A [LONGHAUL] response message will either return the [key] or indicate that a [key] could not be recovered. If a key is recovered, the [ESP] packets are decrypted and re-injected into [TURMOIL] for further processing. 


!! Category
%%category [Government Surveillance]%%


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]