krb5_encrpyt_block freeing

Ken Hornstein kenh at
Fri Dec 30 11:16:00 EST 2005

>>>>>> "Paul" == Paul Moore <paul.moore at> writes:
>    Paul> Is there an API that asks "what is the key size for this
>    Paul> encryption mechanism?"
>There doesn't seem to be.  You could call krb5_c_make_random_key and see how
>large the resulting key is.

I'm curious ... how come you would need this?  Do you want to be able to
say something like, "keys < N are not permitted"?  While that might be
okay in the general case for common block ciphers today, I was under the
impression some cryptosystems (like elliptical curve crypto) have
sparse keyspace.

(Personally, I prefer allowing a set of particular crypto algorithms, or
more usefully, disallowing a particular few; the existing APIs work fine
for this).


More information about the krbdev mailing list