directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject Re: PB with a kerberos PDU
Date Fri, 15 Jun 2007 22:45:35 GMT
On 6/15/07, Emmanuel Lecharny <elecharny@apache.org> wrote:
> Enrique Rodriguez a écrit :
> > On 6/15/07, Emmanuel Lecharny <elecharny@gmail.com> wrote:
> >> ...
> >> A clue, anyone ?
> >
> > The type says it is a "pa-enc-timestamp" but it is actually an
> > EncryptedData.  You have to decrypt it.  The result of the decryption
> > will be ASN.1 that needs to be further decoded into the PA-ENC-TS-ENC
> > SEQUENCE.
>
> Yes, but the content is not a PA-ENC-TS-ENC, because this structure does
> not have an INTEGER in first position. The patimestamp is supposed to be
> a GeneralizedTime
>
> Something might be wrong...

Until it is decrypted, you are looking at an EncryptedData, which does
have an INTEGER in the first position:

   EncryptedData   ::= SEQUENCE {
           etype   [0] Int32 -- EncryptionType --,
           kvno    [1] UInt32 OPTIONAL,
           cipher  [2] OCTET STRING -- ciphertext
   }

The OCTET STRING in position 2 must be decrypted to reveal the ASN.1
for the timestamp.

Enrique

Mime
View raw message