Trouble comparing the PA-REQ-ENC-PA-REP checksum

Greg Hudson ghudson at
Thu Apr 13 11:00:17 EDT 2017

On 04/13/2017 07:18 AM, Turner, Jonathan wrote:
> To get the key:
> 1) Decrypt the encpart of the AS-REP
> 2) From the decrypted encpart get the key value

RFC 6806 says "The checksum key is the reply key", meaning the key used
to encrypt the KDC reply.  The key value inside the EncKDCRepPart is the
ticket session key, which is a different key.  You want to be using the
same protocol key as you would use to decrypt the EncKDCRepPart to
compute the checksum.

> 3) Derive the key to use for the checksum by using the usage number 56 read
> in big-endian and concatenated with 0x99.
> 4) Call the etype's derive key function with the key and the usage number.

Concatenating the big-endian key usage number with 0x99 is an
enctype-specific step in key derivation, albeit one used by multiple
enctypes.  I don't think this is a practical issue.

> Any help is appreciated as I've be staring at this for quite a while now
> and I'm out of ideas :)

I hope I've identified the issue.  If not, the only way I know to debug
these kind of mismatches is to step through two implementations in a
debugger (or adding print statements) until I find a mismatch in the
inputs to a crypto function.

More information about the Kerberos mailing list