[5942] in Kerberos
ANNOUNCEMENT OF PK_INIT
daemon@ATHENA.MIT.EDU (brian@ISI.EDU)
Fri Sep 29 13:57:10 1995
Date: Fri, 29 Sep 1995 10:42:19 -0700
From: brian@ISI.EDU
To: kerberos@MIT.EDU
PK_INIT RELEASE ANNOUNCEMENT
An alpha release of the Kerberos Public Key Extensions package is
available by anonymous FTP at
ftp://prospero.isi.edu/pub/pk_init/distribution/pk_krb5.4.3.tar
This package includes libraries and modifications required to allow
Kerberos to use public key cryptography in the initial authentication
exchange. Because this release includes cryptographic materials,
it may not be exported or reexported outside the United States. By
downloading this software, it will be assumed that you agree to this
restriction.
The package (PK_INIT) implements additions to the Kerberos key
exchange protocol as described in the Internet Draft
draft-ietf-cat-kerberos-pk-init-00.txt
(This draft has expired, but it should still be available.) These
changes apply to version 5.4.3 of Kerberos; changes for the beta 5
release of Kerberos will be available soon. Specifically, PK_INIT
implements the changes described in sections 3.1 (excluding 3.1.1)
and 3.2 (as this relates to PGP).
In short, installation of PK_INIT allows users to
* register principals using public key pairs;
* use kinit with "generic" public key cryptography;
* use kinit with a -z option to use PGP key pairs
PK_INIT assumes that you are able to download two additional software
distributions:
1. the RSAREF 2.0 library, and
2. the PGP 2.6.2 release.
The PGP release does include the RSAREF library, but this is an earlier
version. Work is being done to allow PK_INIT to require only the PGP
release (including its RSAREF package). Some changes are required to
the PGP source, as well as to all makefiles; details of all these
changes are supplied with the PK_INIT release.
REGISTERING PUBLIC KEY PAIRS
The "generic" public key pairs used by PK_INIT are implemented using
the RSA routines supplied with the RSAREF 2.0 release. Registration
of these key pairs is not yet embedded in the kadmin function; however,
the administrator will have to enable the use of PK_INIT for the user,
by setting the attribute PK for that user. Registration of the key
pairs is done by using the _register_ utility supplied with PK_INIT.
The _register_ utility produces two keys that are stored on disk
(in the directory /var/tmp): a private key, encrypted with a DES key
derived from a user-supplied password, and a public key. The KDC's
machine must have a copy of this public key in its /var/tmp directory.
(This process will be streamlined in forthcoming versions of the
PK_INIT release.)
Once a user has been registered for PK_INIT use, KDC responses to kinit
will no longer come encrypted using the user's password-derived key.
Instead, the response will be encrypted using a random session key.
This random key is then doubly encrypted, first with the KDC's
private key, then with the user's public key (or his PGP public key,
if the -z option is used; see below). The user then enters in the
password used to encrypt his private key; this is then used to decrypt
the KDC response. TGTs acquired from the KDC in this manner are
indistinguishable from regular TGTs and can be used identically.
USING PGP KEY PAIRS
If a user wishes to use his PGP key pair, then registration of the
user to use PK_INIT is not necessary. Instead, the user must have
copies of the pubring.pgp and secring.pgp in the $(HOME)/.pgp
directory. To use the PGP key pair, the user runs kinit with the
-z option. kinit then fetches the user's public key from pubring.pgp
and sends this in a preauthentication field to the KDC, to be used
in the encryption process as described above. The user is prompted
for his PGP pass phrase, which is used to decrypt his secring key,
which is in turn used to decrypt the response from the KDC. Once
again, TGTs acquired from the KDC using PGP key pairs are identical
to regular TGTs.
PGP keys must be certified in order to be used with PK_INIT. The
KDC recognizes these certifiers from a file containing the keyIDs
of the accepted certifiers; see the installation instructions for
further details.
The PGP modifications included in PK_INIT are not intended to
produce a new version of PGP, but rather to allow calls to PGP
routines.
CALL FOR FEEDBACK
Because this is an alpha release, we expect that there will be many
bug fixes and suggestions for changes. Please send either to
Brian Tung (brian@isi.edu). PK_INIT is a product of the Information
Sciences Institute at the University of Southern California.
Brian Tung
Computer Scientist, USC Information Sciences Institute
B. Clifford Neuman
Computer Scientist, USC Information Sciences Institute
