AES for Kerberos (RFC3962)
Anderson Luiz Brunozi
abrunozi at cpqd.com.br
Wed Jun 1 10:46:07 EDT 2005
Hello,
I'm implementing a Java kerberos client to be used in a mobile application. I already have a working version, using DES keys.
But now, I'm required to change it to use AES, instead of DES. I have started it by trying to follow what is described in RFC3962.
The text says the key generation is done by these two steps:
tkey = random2key(PBKDF2(passphrase, salt, iter_count, keylength))
key = DK(tkey, "kerberos")
And, following the example below, I have already been able to generate the "128-bit PBKDF2 output".
Iteration count = 1200
Pass phrase = "password"
Salt = "ATHENA.MIT.EDUraeburn"
128-bit PBKDF2 output:
5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
128-bit AES key:
4c 01 cd 46 d6 32 d0 1e 6d be 23 0a 01 ed 64 2a
Now I'm stuck at how I could generate the "128-bit AES key". If I have understood it, that should be what the DK() function does.
So, could anyone tell me what, exactly, does this DK() function do?
Thanks,
Anderson Luiz Brunozi
More information about the Kerberos
mailing list