Session key extraction
lukeh at padl.com
Mon Dec 22 23:49:20 EST 2008
> Is this proposed API for session key extraction meant to be similar to
> the SSPI QueryContextAttributes function with the
> SECPKG_ATTR_SESSION_KEY attribute? The implementation currently
> committed to mskrb-integ returns a buffer with the raw bytes of the
> session key. This give the caller no information about the encryption
> algorithm, which could cause problems.
Acknowledged, although note that no Microsoft protocols I am aware of
(aside from the mechanisms themselves) actually care about the
> Is there any plan to implement the equivalent of the
> SECPKG_ATTR_KEY_INFO attribute, which in SSPI provides information
> about the encryption algorithm associated with the context? Having
> this information gives callers at least a chance of using the session
> key with the correct encryption algorithm.
Sure, we can do this; then we need to define mechanism-agnostic
algorithm types (I suppose OIDs can be used for this).
More information about the krbdev