directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <elecha...@gmail.com>
Subject Re: [Kerberos] PKINIT support
Date Mon, 24 Sep 2007 22:03:06 GMT
Ok, I get it :

 EncryptedData   ::= SEQUENCE {
        etype   [0] Int32 -- EncryptionType --,
        kvno    [1] UInt32 OPTIONAL,
        cipher  [2] OCTET STRING -- ciphertext
 }

This is the ASN.1 grammar found in the RFC. The EnryptedData class use
cypher, not cyphertext, to reflect the grammar, but the following code
:

...
        // build the ciphertext structure
        byte[] conFounder = getRandomBytes( getConfounderLength() );
        byte[] dataBytes = concatenateBytes( conFounder, plainText );

        byte[] checksumBytes = calculateIntegrity( dataBytes,
key.getKeyValue(), usage );

        byte[] encryptedData = encrypt( dataBytes, Ke );
        byte[] cipherText = concatenateBytes( encryptedData, checksumBytes );
...

use the cipherText, possibly because of the commented name in the
ASN.1 grammar, and because it's the result of the cipher algorithm.

Even if it's not semantically correct, I think it's important to stick
to the RFC naming because then it's easier for new comers to switch
from RFC to the code and back.

-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message