PKINIT: Manual recovery of the AS key and decryption of the KDC-REP
Greg Hudson
ghudson at MIT.EDU
Thu May 16 13:51:58 EDT 2013
On 05/16/2013 11:47 AM, Thomas Bourbaki wrote:
> I need the following information:
> - What is the IV used in the decryption on the enc-part ?
> - Is it a NULL IV ?
It's a null IV. Cipher state chaining isn't commonly used in Kerberos,
so the default cipher state is used for almost all encryptions and
decryptions.
> - Is a derivation function applied on the key ? (RFC 3962 mentions =>
> DK(key, "kerberos") ?)
Yes. A key usage value of 3 is used for the AS-REP encrypted part; see
RFC 4120 section 5.4.2 (enc-part) and 7.5.1.
More information about the Kerberos
mailing list