Session key extraction

Luke Howard lukeh at
Mon Dec 22 23:49:20 EST 2008

> Is this proposed API for session key extraction meant to be similar to
> the SSPI QueryContextAttributes function with the
> SECPKG_ATTR_SESSION_KEY attribute?  The implementation currently
> committed to mskrb-integ returns a buffer with the raw bytes of the
> session key.  This give the caller no information about the encryption
> algorithm, which could cause problems.

Acknowledged, although note that no Microsoft protocols I am aware of  
(aside from the mechanisms themselves) actually care about the  

> Is there any plan to implement the equivalent of the
> SECPKG_ATTR_KEY_INFO attribute, which in SSPI provides information
> about the encryption algorithm associated with the context?  Having
> this information gives callers at least a chance of using the session
> key with the correct encryption algorithm.

Sure, we can do this; then we need to define mechanism-agnostic  
algorithm types (I suppose OIDs can be used for this).

-- Luke

More information about the krbdev mailing list