backup key protocol implementation and impacts on heimdal

Matthieu Patou mat at
Sat Oct 2 15:34:55 MDT 2010

  Hi Love,

I finally managed to have a working implementation of backup key remote 

We have still an issue when we are generating the key first but I'm 
hoping for microsoft to provide us explanation of what's wrong.

Basically I need only 1 small change in heimdal to make it work (see 
attached patch), it's in order to make find_private_alg non static.

This function is used in get_pk_from_raw_keypair_params, this function 
creates a hx509_private_key out of the different raw rsa parameters 
stored in the active directory (modulus, private exponent, public 
exponent, coefficient, ...).

By the way the solution I used to cope with the fact that we have the 
private in this "form" is to allocate a RSA object, set the different 
attribute with the raw blobs stored in the AD (they have been converted 
to BN just before) and then assign it to a hx509_private_key object 
(with _hx509_private_key_assign_rsa).

Here is a list of private function / structure that I've used:


I've also created this structures:
static const unsigned rsa_with_var_num[] ={ 1, 2, 840, 113549, 1, 1, 1 };
/* Equivalent to asn1_oid_id_pkcs1_rsaEncryption*/
const AlgorithmIdentifier _hx509_signature_rsa_with_var_num = {
     { 7, rk_UNCONST(rsa_with_var_num) }, NULL

because at least at the beginning of my work it was missing.

In the long term if we want distro to be able to have an external 
heimdal version I guess there is a need for public interface.


Matthieu Patou
Samba Team

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-heimdal-make-a-function-non-static-so-that-it-can-be.patch
Type: text/x-patch
Size: 1900 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list