Using PKINIT with ECC

Goetz Golla mit at sec4mail.de
Wed Nov 15 23:22:25 EST 2023 

Hello there,

in our organisation we are successfully using PKINIT with RSA 2048 
client certificates for many years. We are now trying to move to ECC 
certificates with the curve secp384r1.

All attempts have been unsuccessful yet.

We are using the Kerberos Version 1.17.x that comes with Ubuntu 20.04, 
and we are living in a linux only datacenter.

Tracing kinit gives the following anonymized result.

[11061] 1700039487.898263: Getting initial credentials for user at REALM
[11061] 1700039487.898265: Sending unauthenticated request
[11061] 1700039487.898266: Sending request (187 bytes) to REALM
[11061] 1700039487.898267: Sending initial UDP request to dgram ip:88
[11061] 1700039487.898268: Received answer (323 bytes) from dgram ip:88
[11061] 1700039487.898269: Response was from master KDC
[11061] 1700039487.898270: Received error from KDC: 
-1765328359/Additional pre-authentication required
[11061] 1700039487.898273: Preauthenticating using KDC method data
[11061] 1700039487.898274: Processing preauth types: PA-PK-AS-REQ (16), 
PA-PK-AS-REP_OLD (15), PA-PK-AS-REQ_OLD (14), PA-FX-FAST (136), 
PA-ETYPE-INFO2 (19), PA-PKINIT-KX (147), PA-ENC-TIMESTAMP (2), 
PA_AS_FRESHNESS (150), PA-FX-COOKIE (133)
[11061] 1700039487.898275: Selected etype info: etype aes256-cts, salt 
"REALMuser", params ""
[11061] 1700039487.898276: Received cookie: MIT
[11061] 1700039488.76900: Preauth module pkinit (147) (info) returned: 
0/Success
[11061] 1700039488.76901: PKINIT client received freshness token from KDC
[11061] 1700039488.76902: Preauth module pkinit (150) (info) returned: 
0/Success
[11061] 1700039491.317246: PKINIT loading CA certs and CRLs from DIR
[11061] 1700039491.317247: PKINIT client computed kdc-req-body checksum 
9/CE1E7C16A71A8DC285A707FB43CB8DEF7EC184F0
[11061] 1700039491.317249: PKINIT client making DH request
[11061] 1700039491.317250: Preauth module pkinit (16) (real) returned: 
-1765328360/Preauthentication failed
[11061] 1700039491.317251: PKINIT client ignoring draft 9 offer from RFC 
4556 KDC
[11061] 1700039491.317252: Preauth module pkinit (15) (real) returned: 
-1765328360/Preauthentication failed
[11061] 1700039491.317253: PKINIT client ignoring draft 9 offer from RFC 
4556 KDC
[11061] 1700039491.317254: Preauth module pkinit (14) (real) returned: 
-1765328360/Preauthentication failed
[11061] 1700039492.894873: AS key obtained for encrypted timestamp: 
aes256-cts/CAD7
[11061] 1700039492.894875: Encrypted timestamp (for 1700039492.190872): 
plain 301AA011180F32303233313131353039313133325AA105020302E998, 
encrypted 
930F652AFE54AD71886006DD4D8AE2E016970562C3772564DD1F6B70245B331CD06CBCAD3A6FB4B9CC577A070A099B3863C8A93FA02EA74C
[11061] 1700039492.894876: Preauth module encrypted_timestamp (2) (real) 
returned: 0/Success

[11061] 1700039492.894877: Produced preauth for next request: 
PA-FX-COOKIE (133), PA-ENC-TIMESTAMP (2)

For the following questions we did not find any answers in the MIT 
Kerberos documentation:

* Does MIT Kerberos support PKINIT with Elliptic Curves as described
in RFC 5349 ?
* Could it be that for ECC client certificates the KDC certificate
also needs the be ECC ?
* If thats true, how can we than migrate from RSA to ECC certificates
for PKINIT ?

Any help is appreciated.

Regards,

Goetz

More information about the Kerberos mailing list