backup key protocol implementation and impacts on heimdal

Andrew Bartlett abartlet at samba.org
Sun Oct 3 16:18:03 MDT 2010


On Sun, 2010-10-03 at 21:56 +0000, Love Hörnquist Åstrand wrote:
> 2 okt 2010 kl. 14:34 skrev Matthieu Patou:
> 
> > I finally managed to have a working implementation of backup key remote protocol.
> > 
> > We have still an issue when we are generating the key first but I'm hoping for microsoft to provide us explanation of what's wrong.
> > 
> > Basically I need only 1 small change in heimdal to make it work (see attached patch), it's in order to make find_private_alg non static.
> > 
> > This function is used in get_pk_from_raw_keypair_params, this function creates a hx509_private_key out of the different raw rsa parameters stored in the active directory (modulus, private exponent, public exponent, coefficient, ...).
> > 
> > By the way the solution I used to cope with the fact that we have the private in this "form" is to allocate a RSA object, set the different attribute with the raw blobs stored in the AD (they have been converted to BN just before) and then assign it to a hx509_private_key object (with _hx509_private_key_assign_rsa).
> 
> If we make hx509_parse_private_key() support the msft format, then we wont need your patch ?
> 
> Where can I find your patchset ?
> 
> Love

I found it at:
git://git.samba.org/mat/samba.git backupkey_heimdal_recent
http://gitweb.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/backupkey_heimdal_recent

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101004/db4b9845/attachment.pgp>


More information about the samba-technical mailing list