krb5_encrpyt_block freeing

Paul Moore paul.moore at
Fri Dec 30 12:57:44 EST 2005

Krb5_init_keyblock has a required length parameter 

-----Original Message-----
From: Ken Hornstein [mailto:kenh at] 
Sent: Friday, December 30, 2005 8:16 AM
To: Paul Moore; krbdev at
Subject: Re: krb5_encrpyt_block freeing 

>>>>>> "Paul" == Paul Moore <paul.moore at> writes:
>    Paul> Is there an API that asks "what is the key size for this
>    Paul> encryption mechanism?"
>There doesn't seem to be.  You could call krb5_c_make_random_key and 
>see how large the resulting key is.

I'm curious ... how come you would need this?  Do you want to be able to
say something like, "keys < N are not permitted"?  While that might be
okay in the general case for common block ciphers today, I was under the
impression some cryptosystems (like elliptical curve crypto) have sparse

(Personally, I prefer allowing a set of particular crypto algorithms, or
more usefully, disallowing a particular few; the existing APIs work fine
for this).


More information about the krbdev mailing list