backup key protocol implementation and impacts on heimdal

Andrew Bartlett abartlet at
Sun Oct 3 16:18:03 MDT 2010

On Sun, 2010-10-03 at 21:56 +0000, Love Hörnquist Åstrand wrote:
> 2 okt 2010 kl. 14:34 skrev Matthieu Patou:
> > I finally managed to have a working implementation of backup key remote protocol.
> > 
> > We have still an issue when we are generating the key first but I'm hoping for microsoft to provide us explanation of what's wrong.
> > 
> > Basically I need only 1 small change in heimdal to make it work (see attached patch), it's in order to make find_private_alg non static.
> > 
> > This function is used in get_pk_from_raw_keypair_params, this function creates a hx509_private_key out of the different raw rsa parameters stored in the active directory (modulus, private exponent, public exponent, coefficient, ...).
> > 
> > By the way the solution I used to cope with the fact that we have the private in this "form" is to allocate a RSA object, set the different attribute with the raw blobs stored in the AD (they have been converted to BN just before) and then assign it to a hx509_private_key object (with _hx509_private_key_assign_rsa).
> If we make hx509_parse_private_key() support the msft format, then we wont need your patch ?
> Where can I find your patchset ?
> Love

I found it at:
git:// backupkey_heimdal_recent;a=shortlog;h=refs/heads/backupkey_heimdal_recent

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list