Network Working Group K. Raeburn
Request for Comments: 3961 MIT
Category: Standards Track February 2005
Encryption and Checksum Specifications
for Kerberos 5
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document describes a framework for defining encryption and
checksum mechanisms for use with the Kerberos protocol, defining an
abstraction layer between the Kerberos protocol and related
protocols, and the actual mechanisms themselves. The document also
defines several mechanisms. Some are taken from RFC 1510, modified
in form to fit this new framework and occasionally modified in
content when the old specification was incorrect. New mechanisms are
presented here as well. This document does NOT indicate which
mechanisms may be considered "required to implement".
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Encryption Algorithm Profile . . . . . . . . . . . . . . . . 4
4. Checksum Algorithm Profile . . . . . . . . . . . . . . . . . 9
5. Simplified Profile for CBC Ciphers with Key Derivation . . . 10
5.1. A Key Derivation Function . . . . . . . . . . . . . . . 10
5.2. Simplified Profile Parameters . . . . . . . . . . . . . 12
5.3. Cryptosystem Profile Based on Simplified Profile . . . 13
5.4. Checksum Profiles Based on Simplified Profile . . . . . 16
6. Profiles for Kerberos Encryption and Checksum Algorithms . . 16
6.1. Unkeyed Checksums . . . . . . . . . . . . . . . . . . . 17
6.2. DES-based Encryption and Checksum Types . . . . . . . . 18
6.3. Triple-DES Based Encryption and Checksum Types . . . . 28
7. Use of Kerberos Encryption Outside This Specification . . . . 30
Raeburn Standards Track [Page 1]
RFC 3961 Encryption and Checksum Specifications February 2005
8. Assigned Numbers . . . . . . . . . . . . . . . . . . . . . . 31
9. Implementation Notes . . . . . . . . . . . . . . . . . . . . 32
10. Security Considerations . . . . . . . . . . . . . . . . . . . 33
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35
12. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . 36
A. Test vectors . . . . . . . . . . . . . . . . . . . . . . . . 38
A.1. n-fold . . . . . . . . . . . . . . . . . . . . . . . . 38
A.2. mit_des_string_to_key . . . . . . . . . . . . . . . . . 39
A.3. DES3 DR and DK . . . . . . . . . . . . . . . . . . . . 43
A.4. DES3string_to_key . . . . . . . . . . . . . . . . . . . 44
A.5. Modified CRC-32 . . . . . . . . . . . . . . . . . . . . 44
B. Significant Changes from RFC 1510 . . . . . . . . . . . . . . 45
Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Normative References. . . . . . . . . . . . . . . . . . . . . . . 47
Informative References. . . . . . . . . . . . . . . . . . . . . . 48
Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . . 49
Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 50
1. Introduction
The Kerberos protocols [Kerb] are designed to encrypt messages of
arbitrary sizes, using block encryption ciphers or, less commonly,
stream encryption ciphers. Encryption is used to prove the
identities of the network entities participating in message
exchanges. However, nothing in the Kerberos protocol requires that
any specific encryption algorithm be used, as long as the algorithm
includes certain operations.
The following sections specify the encryption and checksum mechanisms
currently defined for Kerberos, as well as a framework for defining
future mechanisms. The encoding, chaining, padding, and other
requirements for each are described. Appendix A gives test vectors
for several functions.
2. Concepts
Both encryption and checksum mechanisms are profiled in later
sections. Each profile specifies a collection of operations and
attributes that must be defined for a mechanism. A Kerberos
encryption or checksum mechanism specification is not complete if it
datatracker.ietf.org