Suggested crypto libs for Diffie-Hellman and Eliptic Curve Diffie-Hellman
Andrew Bartlett
abartlet at samba.org
Thu Nov 16 06:08:59 UTC 2023
For Group Managed service accounts, which we are working on, for
reasons around RODCs and a few other things, Microsoft has decided to
internally use a key-agreement between a 'root key' and a 'service
key', both held in AD.
The password comes, as I understand it, from the key agreement derived
out of a Diffie-Hellman or Eliptic Curve Diffie-Hellman exchanges.
This is all in MS-GKDI, referenced from
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/9cd2fc5e-7305-4fb8-b233-2a60bc3eec68
I just wanted to check if there are particularly cryptographic
libraries we should consider for this work.
In the past we have looked to libnettle when gnutls didn't provide the
functions we wanted, but that was backed out fairly fast as another
method was found (https://bugzilla.samba.org/show_bug.cgi?id=13276 0784
4a9a13506b4ca9181cfde05d9e4170208f88).
Even so, for this case is libnettle still the best first place to look?
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba-technical
mailing list