4.2.3.4 GSS_WrapEx Examples

The GSS_WrapEx() is specified in section 3.4.6. The following data is part of the security context state for the NTLM Session.

SeqNum for the message:

 0000000: 00 00 00 00                                       ••••

Plaintext data where conf_req_flag == TRUE and sign == TRUE:

 0000000: 50 00 6c 00 61 00 69 00 6e 00 74 00 65 00 78 00   P·l·a·i·n·t·e·x·
 0000010: 74 00                                             t·

The sealkey is created using SEALKEY() (section 3.4.5.3):

Cut key exchange key to 56 bits:

 0000000: eb 93 42 9a 8b d9 52                              ..B...R

MD5(ConcatenationOf(SealKey, "session key to client-to-server sealing key magic constant")):

 0000000: 04 dd 7f 01 4d 85 04 d2 65 a2 5c c8 6a 3a 7c 06   •..•M.•.e.\.j:.•

The signkey is created using SIGNKEY() (section 3.4.5.2):

MD5(ConcatenationOf(RandomSessionKey, "session key to client-to-server signing key magic constant")):

 0000000: 60 e7 99 be 5c 72 fc 92 92 2a e8 eb e9 61 fb 8d   `...\r...*...a..

The output message data and signature is created using SEAL() specified in section 3.4.3. Output_message will contain conf_state == TRUE, signed == TRUE and data:

Data:

 0000000: a0 23 72 f6 53 02 73 f3 aa 1e b9 01 90 ce 52 00   .#r.S•s..•.•..R•
 0000010: c9 9d                                             ╔¥

Checksum: HMAC_MD5(SigningKey, ConcatenationOf(SeqNum, Message))[0..7]:

 0000000: ff 2a eb 52 f6 81 79 3a                            *.R..y:•

Signature:

 0000000: 01 00 00 00 ff 2a eb 52 f6 81 79 3a 00 00 00 00   •••• *.R..y:••••