
Kerberos Parameters -  [RFC3961]

(last updated 06 September 2005)

For registration procedures, please see [RFC3961].

Kerberos Encryption Type Numbers
Kerberos Checksum Type Numbers

These are signed values ranging from -2147483648 to 2147483647.  Positive
values should be assigned only for algorithms specified in accordance
with this specification for use with Kerberos or related protocols.
Negative values are for private use; local and experimental
algorithms should use these values.  Zero is reserved and may not be
assigned.

Kerberos Encryption Type Numbers per [RFC3961]

encryption type                 etype    Reference and/or Comment
------------------------------  -----    ------------------------- 
reserved                           0     [RFC3961]
des-cbc-crc                        1     [RFC3961]
des-cbc-md4                        2     [RFC3961]
des-cbc-md5                        3     [RFC3961]
[reserved]                         4
des3-cbc-md5                       5
[reserved]                         6
des3-cbc-sha1                      7
dsaWithSHA1-CmsOID                 9      (pkinit)
md5WithRSAEncryption-CmsOID       10      (pkinit)
sha1WithRSAEncryption-CmsOID      11      (pkinit)
rc2CBC-EnvOID                     12      (pkinit)
rsaEncryption-EnvOID              13      (pkinit from PKCS#1 v1.5)
rsaES-OAEP-ENV-OID                14      (pkinit from PKCS#1 v2.0)
des-ede3-cbc-Env-OID              15      (pkinit)
des3-cbc-sha1-kd                  16      [RFC3961]
aes128-cts-hmac-sha1-96           17      [RFC3962]
aes256-cts-hmac-sha1-96           18      [RFC3962]
rc4-hmac                          23      (Microsoft)
rc4-hmac-exp                      24      (Microsoft)
subkey-keymaterial                65      (opaque; PacketCable)


Kerberos Checksum Type Numbers per [RFC3961]

                           sumtype   checksum   
Checksum type               value     size      Reference and/or Comment
-----------------------  ----------  --------   ------------------------
Reserved                      0                 [RFC3961]
CRC32                         1        4        [RFC3961]
rsa-md4                       2       16        [RFC3961]
rsa-md4-des                   3       24        [RFC3961]
des-mac                       4       16        [RFC3961]
des-mac-k                     5        8        [RFC3961]
rsa-md4-des-k                 6       16        [RFC3961]
rsa-md5                       7       16        [RFC3961]
rsa-md5-des                   8       24        [RFC3961]
rsa-md5-des3                  9       24        
sha1 (unkeyed)               10       20        
hmac-sha1-des3-kd            12       20        [RFC3961]
hmac-sha1-des3               13       20        
sha1 (unkeyed)               14       20        
hmac-sha1-96-aes128          15       20        [RFC3962]
hmac-sha1-96-aes256          16       20        [RFC3962]
[reserved]               0x8003                 [RFC1964]

References
----------
[RFC1964]  J. Linn, "The Kerberos Version 5 GSS-API Mechanism", RFC 1964,  
           June 1996.

[RFC3961]  K. Raeburn, "Encryption and Checksum Specifications for Kerberos 5",
           RFC 3961, February 2005.

[RFC3962]  K. Raeburn, "AES Encryption for Kerberos 5", RFC 3962, 
           February 2005.

(pkinit)   Work in progress.
			
(created 29 June 2004) 

[]	











