2.2.2.1.8 BuildEncryptedAuthData

The BuildEncryptedAuthData structure is used to encrypt the given authorization PA-DATA sequence, using a shared key, to be included within the request body of a message to be sent to the KDC ([RFC4120] section 5.2.7).

When populating this field of the KerbCredIsoRemoteInput structure, the CallId field MUST be set to RemoteCallKerbBuildEncryptedAuthData.

 struct
 {
     ULONG KeyUsage;
     KERB_RPC_ENCRYPTION_KEY* Key;
     KERB_ASN1_DATA* PlainAuthData;
 } BuildEncryptedAuthData;

KeyUsage: A ULONG number used to alter the encryption key. MUST be one of the following values from [RFC4120] section 7.5.1.

Value

Meaning

3

KRB_AS_REP key usage number.

8

KRB_TGS_REP key usage number.

Key: A pointer to a KERB_RPC_ENCRYPTION_KEY structure that contains the encryption key used to build the encrypted output.

PlainAuthData: A pointer to a KERB_ASN1_DATA structure that contains the DER-encoded PA-DATA to be encrypted ([RFC4120] section 5.2.7).

When populating this field of the KerbCredIsoRemoteOutput structure, the CallId field MUST be set to RemoteCallKerbBuildEncryptedAuthData.

 struct
 {
     KERB_ASN1_DATA EncryptedAuthData;
 } BuildEncryptedAuthData;

EncryptedAuthData: A KERB_ASN1_DATA structure that is the DER-encoded Kerberos EncryptedData structure containing the encrypted PA-DATA ([RFC4120] section 5.5.1).