2.2.2.1.8 BuildEncryptedAuthData
The BuildEncryptedAuthData structure is used to encrypt the given authorization PA-DATA sequence, using a shared key, to be included within the request body of a message to be sent to the KDC ([RFC4120] section 5.2.7).
When populating this field of the KerbCredIsoRemoteInput structure, the CallId field MUST be set to RemoteCallKerbBuildEncryptedAuthData.
-
struct { ULONG KeyUsage; KERB_RPC_ENCRYPTION_KEY* Key; KERB_ASN1_DATA* PlainAuthData; } BuildEncryptedAuthData;
KeyUsage: A ULONG number used to alter the encryption key. MUST be one of the following values from [RFC4120] section 7.5.1.
-
Value
Meaning
3
KRB_AS_REP key usage number.
8
KRB_TGS_REP key usage number.
Key: A pointer to a KERB_RPC_ENCRYPTION_KEY structure that contains the encryption key used to build the encrypted output.
PlainAuthData: A pointer to a KERB_ASN1_DATA structure that contains the DER-encoded PA-DATA to be encrypted ([RFC4120] section 5.2.7).
When populating this field of the KerbCredIsoRemoteOutput structure, the CallId field MUST be set to RemoteCallKerbBuildEncryptedAuthData.
-
struct { KERB_ASN1_DATA EncryptedAuthData; } BuildEncryptedAuthData;
EncryptedAuthData: A KERB_ASN1_DATA structure that is the DER-encoded Kerberos EncryptedData structure containing the encrypted PA-DATA ([RFC4120] section 5.5.1).