Encryption implementation in Krb5 Any Help?

Sam Hartman hartmans at MIT.EDU
Sun Feb 29 07:10:42 EST 2004

>>>>> "Adusumilli" == Adusumilli Neelima <neelima at students.iiit.net> writes:

    Adusumilli> Hi all, I am new to Kerberos. I am working on a
    Adusumilli> project which aims at enabling IDEA algorithm in
    Adusumilli> Kerberos instead of DES or AES. I have already
    Adusumilli> implemented IDEA. Can anyone help me out in pointing
    Adusumilli> the files that I have to change and the structure that
    Adusumilli> I have to write it in (keeping in mind the
    Adusumilli> parameters)?? I need some help desperately as I have
    Adusumilli> to complete it in another week or so. So any kind of
    Adusumilli> help would be grateful.

This sounds like a great project.  First, you'll get a fair bit of
experience reading specifications.  Then, you'll get practice writing
specifications.  ANd you'll get to learn how to interpret code that
you're relatively unfamiliar with and to debug code you've inserted
into a larger project.

I think that it is just possible to complete this in a week, but it
will certainly be somewhat challenging.

To understand how Kerberos encryption systems work over the wire, you
should read
Then you'll want to see an example of the part of the specification
you need to write--the binding of Idea to the crypto profile.  I'd
recommend the AES draft as such an example; it is quite short.  I
don't have a reference handy, but draft-raeburn-something.

Then you'll want to write up the Idea specification.  Even if you just
turn this in as part of a group project, you'll find that the
specification is invaluable in debugging and making sure you think
through the problems.

To implement the code start looking at src/lib/crypto/etypes.c; there
is a structure of function pointers you will need to examine and
implement.  Starting at that file should make it clear what is needed.


More information about the krbdev mailing list