[23960] in Kerberos
AES for Kerberos (RFC3962)
daemon@ATHENA.MIT.EDU (Anderson Luiz Brunozi)
Wed Jun 1 10:50:18 2005
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Wed, 1 Jun 2005 11:46:07 -0300
Message-ID: <BF74636734ADC54086093ED4FFBAAA8615CFD0@MAILSRV1.aquarius.cpqd.com.br>
From: "Anderson Luiz Brunozi" <abrunozi@cpqd.com.br>
To: <kerberos@mit.edu>
Content-Transfer-Encoding: 8bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I'm implementing a Java kerberos client to be used in a mobile application. I already have a working version, using DES keys.
But now, I'm required to change it to use AES, instead of DES. I have started it by trying to follow what is described in RFC3962.
The text says the key generation is done by these two steps:
tkey = random2key(PBKDF2(passphrase, salt, iter_count, keylength))
key = DK(tkey, "kerberos")
And, following the example below, I have already been able to generate the "128-bit PBKDF2 output".
Iteration count = 1200
Pass phrase = "password"
Salt = "ATHENA.MIT.EDUraeburn"
128-bit PBKDF2 output:
5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
128-bit AES key:
4c 01 cd 46 d6 32 d0 1e 6d be 23 0a 01 ed 64 2a
Now I'm stuck at how I could generate the "128-bit AES key". If I have understood it, that should be what the DK() function does.
So, could anyone tell me what, exactly, does this DK() function do?
Thanks,
Anderson Luiz Brunozi
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
