Yes, you are correct.
Also, if you display a key table file using ktutil, and you have a
DES-CBC-CRC key, you would see 1.
Since we see values of 1,3,16,23 etc. in the key table file entry, this
suggests the 'cipher suite' number (commonly known as etype).
>From RFC4120, we see :
EncryptionKey ::= SEQUENCE {
keytype [0] Int32 -- actually encryption type --,
keyvalue [1] OCTET STRING
}
The comment in the RFC suggests the keytype field is actually the
encryption type (e.g. etype) and not the keytype ...
Hopefully you can see from my above examples, that use of keytype is a
little confusing and open to interpretation ? I guess this is why the
comment was added in RFC4120 ?
Thanks,
Tim
-----Original Message-----
From: Michael B Allen [mailto:[EMAIL PROTECTED]
Sent: 01 May 2006 23:33
To: Tim Alsop
Cc: [EMAIL PROTECTED]; kerberos@mit.edu
Subject: Re: keytab file format - exporting arcfour keys from active
directory
On Mon, 1 May 2006 22:32:44 +0100
"Tim Alsop" <[EMAIL PROTECTED]> wrote:
> * 0 2 keytype
> * 2 2 keylen
> * 4 keylen keydata
> * }
> * POSSIBLE if length left {
> * xxx 4 vno
> * }
> */
>
> Is the "keytype" actually the key type, or is it the etype ? I ask
this
> because I have seen key tables created by various products that have
the
> etype stored in this field.
Keytype. At least the values I'm seeing correspond to the values seen
in ktutil list (e.g. 3 is des-cbc-md5, 23 is arcfour-hmac-md5, 16 is
des3-cbc-sha1, etc).
Mike
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
