AES for Kerberos (RFC3962) - Kerberos

This is a discussion on AES for Kerberos (RFC3962) - Kerberos ; Hello, I'm implementing a Java kerberos client to be used in a mobile application. I already have a working version, using DES keys. But now, I'm required to change it to use AES, instead of DES. I have started it ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: AES for Kerberos (RFC3962)

  1. AES for Kerberos (RFC3962)

    Hello,

    I'm implementing a Java kerberos client to be used in a mobile application. I already have a working version, using DES keys.
    But now, I'm required to change it to use AES, instead of DES. I have started it by trying to follow what is described in RFC3962.
    The text says the key generation is done by these two steps:

    tkey = random2key(PBKDF2(passphrase, salt, iter_count, keylength))
    key = DK(tkey, "kerberos")

    And, following the example below, I have already been able to generate the "128-bit PBKDF2 output".

    Iteration count = 1200
    Pass phrase = "password"
    Salt = "ATHENA.MIT.EDUraeburn"
    128-bit PBKDF2 output:
    5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
    128-bit AES key:
    4c 01 cd 46 d6 32 d0 1e 6d be 23 0a 01 ed 64 2a

    Now I'm stuck at how I could generate the "128-bit AES key". If I have understood it, that should be what the DK() function does.
    So, could anyone tell me what, exactly, does this DK() function do?

    Thanks,

    Anderson Luiz Brunozi

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: AES for Kerberos (RFC3962)

    On Jun 1, 2005, at 10:46, Anderson Luiz Brunozi wrote:
    > Now I'm stuck at how I could generate the "128-bit AES key". If I have
    > understood it, that should be what the DK() function does.
    > So, could anyone tell me what, exactly, does this DK() function do?


    The DK function is described in the key derivation discussion in RFC
    3961. I'm sorry if the reference wasn't clear enough.

    Ken

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: AES for Kerberos (RFC3962)

    Sun's implementation of Java GSS/Kerberos now supports AES128, AES256,
    RC4-HMAC, 3DES and DES encryption types.

    Support for 3DES (des3-cbc-sha1-kd) encryption type is available in J2SE
    1.5.0 onwards.

    Support for AES128, AES256, and RC4-HMAC encryption types is available
    in the next J2SE release (i.e. J2SE 1.6.0) onwards.

    Seema

    Anderson Luiz Brunozi wrote:

    >Hello,
    >
    >I'm implementing a Java kerberos client to be used in a mobile application. I already have a working version, using DES keys.
    >But now, I'm required to change it to use AES, instead of DES. I have started it by trying to follow what is described in RFC3962.
    >The text says the key generation is done by these two steps:
    >
    > tkey = random2key(PBKDF2(passphrase, salt, iter_count, keylength))
    > key = DK(tkey, "kerberos")
    >
    >And, following the example below, I have already been able to generate the "128-bit PBKDF2 output".
    >
    > Iteration count = 1200
    > Pass phrase = "password"
    > Salt = "ATHENA.MIT.EDUraeburn"
    > 128-bit PBKDF2 output:
    > 5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
    > 128-bit AES key:
    > 4c 01 cd 46 d6 32 d0 1e 6d be 23 0a 01 ed 64 2a
    >
    >Now I'm stuck at how I could generate the "128-bit AES key". If I have understood it, that should be what the DK() function does.
    >So, could anyone tell me what, exactly, does this DK() function do?
    >
    >Thanks,
    >
    >Anderson Luiz Brunozi
    >
    >________________________________________________
    >Kerberos mailing list Kerberos@mit.edu
    >https://mailman.mit.edu/mailman/listinfo/kerberos
    >
    >


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread