Hey gays,
I have already send a AS-request to the KDC for the changepw service. I get the
ticket object and the cipher byte array, too. Now i have to decode this array
and i can't find the right way.
1st i test:
private static final byte[] IV =
{ ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, (
byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, (
byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
( byte ) 0x00, ( byte ) 0x00, };
byte[]cipher = krbTicket.getEncPart().getCipher();
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec ks = new PBEKeySpec("secret".toCharArray(),getBytes(nonce),1,128);
SecretKey s = f.generateSecret(ks);
Key k = new SecretKeySpec(s.getEncoded(),"AES");
Cipher cipherInstance = Cipher.getInstance( "AES/CTS/PKCS5Padding" );
AlgorithmParameterSpec paramSpec = new IvParameterSpec( IV );
cipherInstance.init( Cipher.DECRYPT_MODE, k, paramSpec);
byte[]decryptedBytes = cipherInstance.doFinal( cipher );
This i test with the iteration value 1 and 4096. But i don't know where i can
get the right iteration if there any. The array how would be decrypted makes no
sense.
2nd i test:
byte[]cipher = krbTicket.getEncPart().getCipher();
KerberosPrincipal principal = new KerberosPrincipal( "[email protected]"
);
KerberosKey key = new KerberosKey( principal, "secret".toCharArray(), "AES128");
EncryptionKey eKey = new EncryptionKey(EncryptionType.AES128_CTS_HMAC_SHA1_96,
key.getEncoded());
CipherTextHandler cipherHandler = new CipherTextHandler();
byte[]decryptedBytes = cipherHandler.decrypt(eKey, new
EncryptedData(EncryptionType.AES128_CTS_HMAC_SHA1_96, cipher),
KeyUsage.AS_REP_ENC_PART_WITH_CKEY);
but there i get a "KerberosException: Integrity check on decrypted field failed"
Also i test it with the Aes128CtsSha1Encryption object but there i get the same
error.
Now the question. What is the right way and how i can fix it. Or I'm do it
complete wrong.
Regards, Mario
