AES for Kerberos (RFC3962)
Seema Malkani
Seema.Malkani at Sun.COM
Wed Jun 1 13:58:21 EDT 2005
Sun's implementation of Java GSS/Kerberos now supports AES128, AES256,
RC4-HMAC, 3DES and DES encryption types.
Support for 3DES (des3-cbc-sha1-kd) encryption type is available in J2SE
1.5.0 onwards.
Support for AES128, AES256, and RC4-HMAC encryption types is available
in the next J2SE release (i.e. J2SE 1.6.0) onwards.
Seema
Anderson Luiz Brunozi wrote:
>Hello,
>
>I'm implementing a Java kerberos client to be used in a mobile application. I already have a working version, using DES keys.
>But now, I'm required to change it to use AES, instead of DES. I have started it by trying to follow what is described in RFC3962.
>The text says the key generation is done by these two steps:
>
> tkey = random2key(PBKDF2(passphrase, salt, iter_count, keylength))
> key = DK(tkey, "kerberos")
>
>And, following the example below, I have already been able to generate the "128-bit PBKDF2 output".
>
> Iteration count = 1200
> Pass phrase = "password"
> Salt = "ATHENA.MIT.EDUraeburn"
> 128-bit PBKDF2 output:
> 5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
> 128-bit AES key:
> 4c 01 cd 46 d6 32 d0 1e 6d be 23 0a 01 ed 64 2a
>
>Now I'm stuck at how I could generate the "128-bit AES key". If I have understood it, that should be what the DK() function does.
>So, could anyone tell me what, exactly, does this DK() function do?
>
>Thanks,
>
>Anderson Luiz Brunozi
>
>________________________________________________
>Kerberos mailing list Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
More information about the Kerberos
mailing list