Hello,
I'm implementing a Java kerberos client to be used in a mobile application. I
already have a working version, using DES keys.
But now, I'm required to change it to use AES, instead of DES. I have started
it by trying to follow what is described in RFC3962.
The text says the key generation is done by these two steps:
tkey = random2key(PBKDF2(passphrase, salt, iter_count, keylength))
key = DK(tkey, "kerberos")
And, following the example below, I have already been able to generate the
"128-bit PBKDF2 output".
Iteration count = 1200
Pass phrase = "password"
Salt = "ATHENA.MIT.EDUraeburn"
128-bit PBKDF2 output:
5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
128-bit AES key:
4c 01 cd 46 d6 32 d0 1e 6d be 23 0a 01 ed 64 2a
Now I'm stuck at how I could generate the "128-bit AES key". If I have
understood it, that should be what the DK() function does.
So, could anyone tell me what, exactly, does this DK() function do?
Thanks,
Anderson Luiz Brunozi
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
