Flat Slovník

Encapsulating Security Payload (ESP)

A core IPsec protocol that encrypts and authenticates IP packets to ensure data confidentiality, integrity, and origin verification across networks.

Encapsulating Security Payload (ESP) is a core protocol within the IPsec suite that provides confidentiality, data integrity, and origin authentication for IP packets. Unlike the Authentication Header (AH), ESP encrypts the entire IP payload—and optionally portions of the IP header—protecting sensitive data from eavesdropping and unauthorized access as it traverses networks. It operates at the IP layer by wrapping the original packet with its own header and trailer, then applying cryptographic algorithms to the encapsulated content.

ESP is widely deployed in Virtual Private Networks (VPNs) and other secure communication channels to establish encrypted tunnels between endpoints. It supports both transport mode, which protects only the payload of the original IP packet, and tunnel mode, which encapsulates and encrypts the entire original IP packet within a new IP header. This flexibility makes ESP an indispensable component for maintaining data privacy, integrity, and trust across diverse and potentially hostile network environments.

← Back to Glossary