backup key protocol implementation and impacts on heimdal

Love Hörnquist Åstrand lha at
Sun Oct 3 15:56:33 MDT 2010

2 okt 2010 kl. 14:34 skrev Matthieu Patou:

> I finally managed to have a working implementation of backup key remote protocol.
> We have still an issue when we are generating the key first but I'm hoping for microsoft to provide us explanation of what's wrong.
> Basically I need only 1 small change in heimdal to make it work (see attached patch), it's in order to make find_private_alg non static.
> This function is used in get_pk_from_raw_keypair_params, this function creates a hx509_private_key out of the different raw rsa parameters stored in the active directory (modulus, private exponent, public exponent, coefficient, ...).
> By the way the solution I used to cope with the fact that we have the private in this "form" is to allocate a RSA object, set the different attribute with the raw blobs stored in the AD (they have been converted to BN just before) and then assign it to a hx509_private_key object (with _hx509_private_key_assign_rsa).

If we make hx509_parse_private_key() support the msft format, then we wont need your patch ?

Where can I find your patchset ?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list