KRB5_KEYBLOCK(3) Library Functions Manual KRB5_KEYBLOCK(3)
NAME
krb5_keyblock, krb5_keyblock_get_enctype, krb5_copy_keyblock, krb5_copy_keyblock_contents, krb5_free_keyblock, krb5_free_keyblock_contents, krb5_generate_random_keyblock, krb5_generate_subkey, krb5_generate_subkey_extended, krb5_keyblock_init, krb5_keyblock_zero, krb5_random_to_keyKerberos 5 key handling functions
LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
SYNOPSIS
#include <krb5/krb5.h>
 
krb5_keyblock;
krb5_enctype
krb5_keyblock_get_enctype(const krb5_keyblock *block);
krb5_error_code
krb5_copy_keyblock(krb5_context context, krb5_keyblock **to);
krb5_error_code
krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *inblock, krb5_keyblock *to);
void
krb5_free_keyblock(krb5_context context, krb5_keyblock *keyblock);
void
krb5_free_keyblock_contents(krb5_context context, krb5_keyblock *keyblock);
krb5_error_code
krb5_generate_random_keyblock(krb5_context context, krb5_enctype type, krb5_keyblock *key);
krb5_error_code
krb5_generate_subkey(krb5_context context, const krb5_keyblock *key, krb5_keyblock **subkey);
krb5_error_code
krb5_generate_subkey_extended(krb5_context context, const krb5_keyblock *key, krb5_enctype enctype, krb5_keyblock **subkey);
krb5_error_code
krb5_keyblock_init(krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key);
void
krb5_keyblock_zero(krb5_keyblock *keyblock);
krb5_error_code
krb5_random_to_key(krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key);
DESCRIPTION
krb5_keyblock holds the encryption key for a specific encryption type. There is no component inside krb5_keyblock that is directly referable.
 
krb5_keyblock_get_enctype() returns the encryption type of the keyblock.
 
krb5_copy_keyblock() makes a copy the keyblock inblock to the output out. out should be freed by the caller with krb5_free_keyblock.
 
krb5_copy_keyblock_contents() copies the contents of inblock to the to keyblock. The destination keyblock is overritten.
 
krb5_free_keyblock() zeros out and frees the content and the keyblock itself.
 
krb5_free_keyblock_contents() zeros out and frees the content of the keyblock.
 
krb5_generate_random_keyblock() creates a new content of the keyblock key of type encrytion type type. The content of key is overwritten and not freed, so the caller should be sure it is freed before calling the function.
 
krb5_generate_subkey() generates a subkey of the same type as key. The caller must free the subkey with krb5_free_keyblock.
 
krb5_generate_subkey_extended() generates a subkey of the specified encryption type type. If type is ETYPE_NULL, of the same type as key. The caller must free the subkey with krb5_free_keyblock.
 
krb5_keyblock_init() Fill in key with key data of type enctype from data of length size. Key should be freed using krb5_free_keyblock_contents().
 
krb5_keyblock_zero() zeros out the keyblock to to make sure no keymaterial is in memory. Note that krb5_free_keyblock_contents() also zeros out the memory.
 
krb5_random_to_key() converts the random bytestring to a protocol key according to Kerberos crypto frame work. It the resulting key will be of type enctype. It may be assumed that all the bits of the input string are equally random, even though the entropy present in the random source may be limited
SEE ALSO