2.2.2.1.17 KeyAgreementGenerateNonce

The KeyAgreementGenerateNonce structure is used to generates a nonce value for inclusion in the DHNonce in a Kerberos PKINIT message exchange ([RFC4556] Section 3.2.1). This nonce is part of the Diffie-Hellman agreement that is part of Kerberos PKINIT.

When populating this field of the KerbCredIsoRemoteInput structure, the CallId field MUST be set to RemoteCallKerbKeyAgreementGenerateNonce.

 struct
 {
     KEY_AGREEMENT_HANDLE KeyAgreementHandle;
 } KeyAgreementGenerateNonce;

KeyAgreementHandle: A KEY_AGREEMENT_HANDLE type that contains the key agreement associated with the nonce.

When populating this field of the KerbCredIsoRemoteOutput structure, the CallId field MUST be set to RemoteCallKerbKeyAgreementGenerateNonce.

 struct
 {
     PULONG NonceLen;
     [size_is(, *NonceLen)] PBYTE* Nonce;
 } KeyAgreementGenerateNonce;

NonceLen: A pointer to a ULONG that indicates the byte length of the Nonce field.

Nonce: A byte array that contains the nonce for use in a key agreement operation.