KRB5_KEYBLOCK(3) BSD Library Functions Manual KRB5_KEYBLOCK(3)NAME
krb5_keyblock, krb5_keyblock_get_enctype, krb5_copy_keyblock,
krb5_copy_keyblock_contents, krb5_free_keyblock,
krb5_free_keyblock_contents, krb5_generate_random_keyblock,
krb5_generate_subkey, krb5_generate_subkey_extended, krb5_keyblock_init,
krb5_keyblock_zero, krb5_random_to_key — Kerberos 5 key handling func‐
tions
LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
SYNOPSIS
#include <krb5.h>
krb5_keyblock;
krb5_enctype
krb5_keyblock_get_enctype(const krb5_keyblock *block);
krb5_error_code
krb5_copy_keyblock(krb5_context context, krb5_keyblock **to);
krb5_error_code
krb5_copy_keyblock_contents(krb5_context context,
const krb5_keyblock *inblock, krb5_keyblock *to);
void
krb5_free_keyblock(krb5_context context, krb5_keyblock *keyblock);
void
krb5_free_keyblock_contents(krb5_context context,
krb5_keyblock *keyblock);
krb5_error_code
krb5_generate_random_keyblock(krb5_context context, krb5_enctype type,
krb5_keyblock *key);
krb5_error_code
krb5_generate_subkey(krb5_context context, const krb5_keyblock *key,
krb5_keyblock **subkey);
krb5_error_code
krb5_generate_subkey_extended(krb5_context context,
const krb5_keyblock *key, krb5_enctype enctype,
krb5_keyblock **subkey);
krb5_error_code
krb5_keyblock_init(krb5_context context, krb5_enctype type,
const void *data, size_t size, krb5_keyblock *key);
void
krb5_keyblock_zero(krb5_keyblock *keyblock);
krb5_error_code
krb5_random_to_key(krb5_context context, krb5_enctype type,
const void *data, size_t size, krb5_keyblock *key);
DESCRIPTION
krb5_keyblock holds the encryption key for a specific encryption type.
There is no component inside krb5_keyblock that is directly referable.
krb5_keyblock_get_enctype() returns the encryption type of the keyblock.
krb5_copy_keyblock() makes a copy the keyblock inblock to the output out.
out should be freed by the caller with krb5_free_keyblock.
krb5_copy_keyblock_contents() copies the contents of inblock to the to
keyblock. The destination keyblock is overritten.
krb5_free_keyblock() zeros out and frees the content and the keyblock
itself.
krb5_free_keyblock_contents() zeros out and frees the content of the key‐
block.
krb5_generate_random_keyblock() creates a new content of the keyblock key
of type encrytion type type. The content of key is overwritten and not
freed, so the caller should be sure it is freed before calling the func‐
tion.
krb5_generate_subkey() generates a subkey of the same type as key. The
caller must free the subkey with krb5_free_keyblock.
krb5_generate_subkey_extended() generates a subkey of the specified
encryption type type. If type is ETYPE_NULL, of the same type as key.
The caller must free the subkey with krb5_free_keyblock.
krb5_keyblock_init() Fill in key with key data of type enctype from data
of length size. Key should be freed using krb5_free_keyblock_contents().
krb5_keyblock_zero() zeros out the keyblock to to make sure no keymate‐
rial is in memory. Note that krb5_free_keyblock_contents() also zeros
out the memory.
krb5_random_to_key() converts the random bytestring to a protocol key
according to Kerberos crypto frame work. It the resulting key will be of
type enctype. It may be assumed that all the bits of the input string
are equally random, even though the entropy present in the random source
may be limited
SEE ALSOkrb5_crypto_init(3), krb5(3), krb5.conf(5)HEIMDAL May 1, 2006 HEIMDAL