PKINIT: Manual recovery of the AS key and decryption of the KDC-REP
Thomas Bourbaki
thomas.bourbaki at gmail.com
Thu May 16 11:47:04 EDT 2013
Hi,
In order to better understand Kerberos and PKINIT, I am trying to do a
manual decryption of the AS exchange when RSA is used (not Diffie-Hellman).
I am able to manually decrypt the exchange to the point where I hold the AS
reply key.
However, I am not able to go beyond. This is why I'd like some help.
I perform the following steps:
- Parse the PA_PK_AS_REP:
- Get the wrapped key (3DES) from the CMS EnveloppedData (RecipientInfo)
- Unwrap the transport key (3DES) using my RSA private key (padding
PKCS1 v1.5)
- Decrypt the encryptedContent from the CMS using {3DES transport key,
IV from contentEncryptionAlgorithm}
- Retrieve the key (AES 256 in my case) from the decrypted CMS
SignedData element.
If I understood the RFC 4556, my AES key is the "AS reply key" which can be
used to decrypt the enc-part of the KDC-REP.
Once decrypted, it would give me access to the EncKDCRepPart ASN.1
structure.
My guess is that I can't directly use the retrieved AES key to perform an
AES-256-CTS decryption.
So, what's missing ?
I need the following information:
- What is the IV used in the decryption on the enc-part ?
- Is it a NULL IV ?
- Is a derivation function applied on the key ? (RFC 3962 mentions =>
DK(key, "kerberos") ?)
Thanks
Regards
Thomas.
More information about the Kerberos
mailing list