All,
I'm writing a Python kerberos library that's file-compatible with the MIT
CredCache, and I'm having a weird time. I can read it into memory fine, but
when I decrypt the ticket with the key in that entry, I get nonsense (i.e.
no confounder/crc/ticket-in-ASN.1/padding).
I'm reading the 8 bytes of the key straight off disk and passing them as the
key to a DES-CBC implementation (the amkCrypto one). Here's a test setup for
the TEST.COM realm I'm working with:
[{'adata': [],
'addrs': [{'address': '\233\3063\023', 'addr_type': 2}],
'client': {'name': {'name_type': 1, 'name_string': ['pjm3']},
'realm': 'TEST.COM'},
'flags': 4194304,
'is_skey': '\000',
'key': {'keytype': 1, 'keyvalue': '\031k\031\015\241\33444'},
'server': {'name': {'name_type': 0, 'name_string': ['krbtgt',
'TEST.COM']},
'realm': 'TEST.COM'},
'ticket': {'enc_part': {'cipher':
'\014V<\352\016\303\307\363\342\365\354\027\031cm\304\277\351\016`\211\264\2
32T\370\246\00062G\202\307N\004\201\206\373\360s\244AD\007\343\324\224\345\2
45\366\325\305\223\366\367\332X\034\326\3420D\033@\220K\243\264\004\010G\317
\031\367a9\315\014\310\365\342\013\354\022\206\216\200\225\221\265\316\206\2
04\317\035,3\277S\232O\263&U\231\362\254{\315\263F\346\224\017:\227\341{\246
\221.\303c\236\216\241\345s\015rewm\322\256kL1j9\'\031\325\271V\326\032\003\
317\201\302\307\303',
'etype': 1,
'kvno': 1},
'realm': 'TEST.COM',
'sname': {'name_string': ['krbtgt', 'TEST.COM'],
'name_type': 0},
'tkt_vno': 5},
'times': [1006458564, 1006458564, 1006494564, 0],
'tkt2': ''}]
>>> from Crypto import Ciphers
>>> d = Ciphers.DES('\031k\031\015\241\33444', Ciphers.CBC)
>>> a =
'\014V<\352\016\303\307\363\342\365\354\027\031cm\304\277\351\016`\211\264\2
32T\370\246\00062G\202\307N\004\201\206\373\360s\244AD\007\343\324\224\345\2
45\366\325\305\223\366\367\332X\034\326\3420D\033@\220K\243\264\004\010G\317
\031\367a9\315\014\310\365\342\013\354\022\206\216\200\225\221\265\316\206\2
04\317\035,3\277S\232O\263&U\231\362\254{\315\263F\346\224\017:\227\341{\246
\221.\303c\236\216\241\345s\015rewm\322\256kL1j9\'\031\325\271V\326\032\003\
317\201\302\307\303'
>>> b = d.decrypt(a)
>>> b
'\364\276\254\275\205\013\232\325v\317\373c1\326\375\317~\314\333\000\014\30
1O\025=\026in\316|Y\327\370\323\3210\341\234q?\\\251\003pB\177\364H\027\365\
007\276\005\374\265\206{U\214g\335\263\021\351hB\012\007\373\331x\335\371\27
43<\343:\226\'\367\206ILcFA\370\223oC\214\033x\323?8\222\254\007W\360\305\33
3Y\003\250P\306\340\005\034\265:\267"~\356c\026\235[\325\266\002\334\311\213
L\355\267\377dS\272\345\320\252\024AZ\032\240\305\361p\265\316\227\203\266B'
I would expect b to be an ASN.1-encoded ticket at this point. The password
for this principal is "test.com", by the way. I'm obviously doing something
basically wrong. Anyone tell me what?
Regards,
Phil
+------------------------------------------+
| Phil Mayers |
| Network & Infrastructure Group |
| Information & Communication Technologies |
| Imperial College |
+------------------------------------------+
