Re: WS-Security and GSS-API: How do I get the session key?

Luke Howard Tue, 24 Feb 2009 05:39:22 -0800

> I don't recall offhand if there's been an IETF draft proposing the
> specific extension we've got for extracting the session key.


Something like:

#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>

{
   OM_uint32 major, minor;
   gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
   gss_buffer_set_t skey = GSS_C_NO_BUFFER_SET;

...

   major = gss_inquire_sec_context_by_oid(&minor,
                                         ctx,
                                         GSS_C_INQ_SSPI_SESSION_KEY,
                                         &skey);
   if (GSS_ERROR(major))
     // handle error

   if (skey == GSS_C_NO_BUFFER_SET ||
       skey->count < 1 ||
       skey->elements[0].value == NULL)
     // optional paranoid error checking

   // session key can be found in skey->elements[0]
   // OID corresponding to enctype can be found in skey->elements[1]

   gss_release_buffer_set(&minor, &skey);

...
}

-- Luke
________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: WS-Security and GSS-API: How do I get the session key?

Reply via email to