"Bentura, Eric" <[EMAIL PROTECTED]> writes: > Hello, > > For my application I need to add replay detection mechanism to messages sent > over the network.
Hi Eric! The generic GSS-API framework support this, but it is up to each mechanism how to implement it (if at all). Kerberos V5 uses sequence numbers to do this. > I wanted to know if it is possible, using GSS routines to timestamp the > messages in a monotonically increasing fashion. > In fact, I just want to add a timestamp, and possibly use the resulting packet > as an input to a certain encrypt function. > I want the remote side be able to have access to the timestamp (after having > decrypted the packet) without using GSS API. Is that possible? If you use the Kerberos V5 mechanism (the only mechanism GNU GSS support currently), you'll get this if you supply the GSS_C_REPLAY_FLAG flag when setting up the context. You can't access the actual timestamp value through the GSS API though. You'll get an error message if the library detect that a replayed message is received. If you strongly need this (please explain your environment further), we can add a new API to extract the sequence number. Regards, Simon _______________________________________________ Help-gss mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gss
