You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by Mario Reichel <si...@stud.hs-zigr.de> on 2011/09/15 14:21:19 UTC

Decryption of cipher part in AS-response package

Hey gays,

I have already send a AS-request to the KDC for the changepw service. I get the ticket object and the cipher byte array, too. Now i have to decode this array and i can't find the right way. 

1st i test:
private static final byte[] IV =
            { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
                ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
                ( byte ) 0x00, ( byte ) 0x00, };
byte[]cipher = krbTicket.getEncPart().getCipher();
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec ks = new PBEKeySpec("secret".toCharArray(),getBytes(nonce),1,128);
SecretKey s = f.generateSecret(ks);
Key k = new SecretKeySpec(s.getEncoded(),"AES");
        
Cipher cipherInstance = Cipher.getInstance( "AES/CTS/PKCS5Padding" );
AlgorithmParameterSpec paramSpec = new IvParameterSpec( IV );
        
cipherInstance.init( Cipher.DECRYPT_MODE, k, paramSpec);
byte[]decryptedBytes = cipherInstance.doFinal( cipher );

This i test with the iteration value 1 and 4096. But i don't know where i can get the right iteration if there any. The array how would be decrypted makes no sense.

2nd i test:
byte[]cipher = krbTicket.getEncPart().getCipher();
KerberosPrincipal principal = new KerberosPrincipal( "paul.panther@TEST.LOCAL" );
KerberosKey key = new KerberosKey( principal, "secret".toCharArray(), "AES128");
EncryptionKey eKey = new EncryptionKey(EncryptionType.AES128_CTS_HMAC_SHA1_96, key.getEncoded());
        
CipherTextHandler cipherHandler = new CipherTextHandler();
byte[]decryptedBytes = cipherHandler.decrypt(eKey, new EncryptedData(EncryptionType.AES128_CTS_HMAC_SHA1_96, cipher), KeyUsage.AS_REP_ENC_PART_WITH_CKEY);

but there i get a "KerberosException: Integrity check on decrypted field failed"

Also i test it with the Aes128CtsSha1Encryption object but there i get the same error.

Now the question. What is the right way and how i can fix it. Or I'm do it complete wrong.

Regards, Mario