Cryptography is the most crucial part of the IP Sec. It's nothing but a simple mathematical algorithm which is used to change the original values so that no one other could understand it. The function or algorithm aka as cipher. With the help of cryptography IP Sec converts the human readable format in mathematical form and forwards over the untrusted network. Once the data is received by receiver, IP Sec decrypts the data from mathematical form to human readable form.
Encryption and Decryption is of two types:-
a) Symmetric Encryption
b) Asymmetric Encryption
Symmetric Encryption:- As the name implies, both sender and receiver should have identical keys for encryption and decryption. This is the easiest and simpler operation of encryption. A shared key is given to both sender and receiver and with the help of that sender can encrypt or decrypt the data. The main disadvantage of using shared key is that, if the key is hacked or leaked to someone that could lead to many problems. It's not a CPU hungry function and very easy to implement. Transforms used in IPsec Security Associations, such as Data Encryption Standard (DES), 3DES, and AES, are symmetric encryption algorithms. As such, IPsec relies heavily on symmetric key encryption to deliver confidential exchange of data.
Asymmetric Encryption:- As the name implies, both sender and receiver uses the different keys for sending and receiving data. This is the very secure way of communiaction but require lot of CPU process. In this a private key and public keys are used. Public keys are used to encypt the data while private keys are used to decrypt the data. The main advantage of using asymmetric encryption is that the private keys never exchanged with each other and key is used used to decrypt the data not to encrypt.
Most of the Banks,MNC and Credit Card companies allocates a small machine which generates tokens for online secure transation. It is nothing but a private key :).