Deriving keys

Sam Hartman hartmans at MIT.EDU
Fri Feb 17 14:52:00 EST 2006

Unfortunately, expanding the lucid context and making krb5_derive_key
public both seem unacceptable.

The reason is the same.  The representation of a derived key in RFC
3961 is crypto system specific.  For some crypto systems you might
just store a key schedule in some very implementation specific form.
There's no reason to believe that all crypto systems will even call or
support krb5_derive_key.

I think that you really do need a fairly full RFC 3961 implementation
in the kernel if you hope to avoid significant implementation


More information about the krbdev mailing list