Hello, I'm implementing a Java kerberos client to be used in a mobile application. I already have a working version, using DES keys. But now, I'm required to change it to use AES, instead of DES. I have started it by trying to follow what is described in RFC3962. The text says the key generation is done by these two steps:
tkey = random2key(PBKDF2(passphrase, salt, iter_count, keylength)) key = DK(tkey, "kerberos") And, following the example below, I have already been able to generate the "128-bit PBKDF2 output". Iteration count = 1200 Pass phrase = "password" Salt = "ATHENA.MIT.EDUraeburn" 128-bit PBKDF2 output: 5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b 128-bit AES key: 4c 01 cd 46 d6 32 d0 1e 6d be 23 0a 01 ed 64 2a Now I'm stuck at how I could generate the "128-bit AES key". If I have understood it, that should be what the DK() function does. So, could anyone tell me what, exactly, does this DK() function do? Thanks, Anderson Luiz Brunozi ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos