Kerberos Study Notes
Kerberos
# | Description |
---|---|
1 | AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key (Section 5.2.7.2) |
2 | AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session key), encrypted with the service key (Section 5.3) |
3 | AS-REP encrypted part (includes TGS session key or application session key), encrypted with the client key (Section 5.4.2) |
4 | TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key (Section 5.4.1) |
5 | TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey (Section 5.4.1) |
6 | TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session key (Section 5.5.1) |
7 | TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey), encrypted with the TGS session key (Section 5.5.1) |
8 | TGS-REP encrypted part (includes application session key), encrypted with the TGS session key (Section 5.4.2) |
9 | TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey (Section 5.4.2) |
10 | AP-REQ Authenticator cksum, keyed with the application session key (Section 5.5.1) |
11 | AP-REQ Authenticator (includes application authenticator subkey), encrypted with the application session key (Section 5.5.1) |
12 | AP-REP encrypted part (includes application session subkey), encrypted with the application session key (Section 5.5.2) |
13 | KRB-PRIV encrypted part, encrypted with a key chosen by the application (Section 5.7.1) |
14 | KRB-CRED encrypted part, encrypted with a key chosen by the application (Section 5.8.1) |
15 | KRB-SAFE cksum, keyed with a key chosen by the application (Section 5.6.1) |
16-18 | Reserved for future use in Kerberos and related protocols |
19 | AD-KDC-ISSUED checksum (ad-checksum in 5.2.6.4) |
20-21 | Reserved for future use in Kerberos and related protocols |
22-25 | Reserved for use in the Kerberos Version 5 GSS-API mechanisms [RFC4121] |
26-511 | Reserved for future use in Kerberos and related protocols |
512-1023 | Reserved for uses internal to a Kerberos implementation |
1024 | Encryption for application use in protocols that do not specify key usage values |
1025 | Checksums for application use in protocols that do not specify key usage values |
1026-2047 | Reserved for application use |
Key Usage Number | Description |
---|---|
1 | AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key (Section 5.2.7.2) |
2 | AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session key), encrypted with the service key (Section 5.3) |
3 | AS-REP encrypted part (includes TGS session key or application session key), encrypted with the client key (Section 5.4.2) |
4 | TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key (Section 5.4.1) |
5 | TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey (Section 5.4.1) |
6 | TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator checksum, keyed with the TGS session key (Section 5.5.1) |
7 | TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey), encrypted with the TGS session key (Section 5.5.1) |
8 | TGS-REP encrypted part (includes application session key), encrypted with the TGS session key (Section 5.4.2) |
9 | TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey (Section 5.4.2) |
10 | AP-REQ Authenticator checksum, keyed with the application session key (Section 5.5.1) |
11 | AP-REQ Authenticator (includes application authenticator subkey), encrypted with the application session key (Section 5.5.1) |
12 | AP-REP encrypted part (includes application session subkey), encrypted with the application session key (Section 5.5.2) |
13 | KRB-PRIV encrypted part, encrypted with a key chosen by the application (Section 5.7.1) |
14 | KRB-CRED encrypted part, encrypted with a key chosen by the application (Section 5.8.1) |
15 | KRB-SAFE checksum, keyed with a key chosen by the application (Section 5.6.1) |
16–18 | Reserved for future use in Kerberos and related protocols |
19 | AD-KDC-ISSUED checksum (ad-checksum in 5.2.6.4) |
20–21 | Reserved for future use in Kerberos and related protocols |
22–25 | Reserved for use in the Kerberos Version 5 GSS-API mechanisms [RFC4121] |
26–511 | Reserved for future use in Kerberos and related protocols |
512–1023 | Reserved for uses internal to a Kerberos implementation |
1024 | Encryption for application use in protocols that do not specify key usage values |
1025 | Checksums for application use in protocols that do not specify key usage values |
1026–2047 | Reserved for application use |
This post is licensed under
CC BY 4.0
by the author.