content/kerby/user-guide/5-crypto-and-encryption-types.mdtext - directory-site - Git at Google

 Title: 5 - Kerberos Crypto and Encryption Types
 NavPrev: 4-identity-backend.html
 NavPrevtext: 4 - Identity Backend
 NavUp: ../user-guide.html
 NavUpText: User Guide
 NavNext: 6-network-support.html
 NavNextText: 6 - Network Support
 Notice: Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership.  The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License.  You may obtain a copy of the License at
     .
     http://www.apache.org/licenses/LICENSE-2.0
     .
     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
     under the License.

 # 5 - Kerberos Crypto and Encryption Types

 Supported des, des3, rc4, aes, camellia encryption and corresponding checksum types
 Interoperates with MIT Kerberos and Microsoft AD
 Independent of Kerberos code in JRE, but rely on JCE

 | Encryption Type | Description |
 | --------------- | ----------- |
 | des-cbc-crc | DES cbc mode with CRC-32 (weak) |
 | des-cbc-md4 | DES cbc mode with RSA-MD4 (weak) |
 | des-cbc-md5 |	DES cbc mode with RSA-MD5 (weak) |
 | des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd |	Triple DES cbc mode with HMAC/sha1 |
 | des-hmac-sha1 |	DES with HMAC/sha1 (weak) |
 | aes256-cts-hmac-sha1-96 aes256-cts AES-256 	| CTS mode with 96-bit SHA-1 HMAC |
 | aes128-cts-hmac-sha1-96 aes128-cts AES-128 	| CTS mode with 96-bit SHA-1 HMAC |
 | arcfour-hmac rc4-hmac arcfour-hmac-md5 |	RC4 with HMAC/MD5 |
 | arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp |	Exportable RC4 with HMAC/MD5 (weak) |
 | camellia256-cts-cmac camellia256-cts |	Camellia-256 CTS mode with CMAC |
 | camellia128-cts-cmac camellia128-cts |	Camellia-128 CTS mode with CMAC |
 | des |	The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak) |
 | des3 |	The triple DES family: des3-cbc-sha1 |
 | aes |	The AES family: aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 |
 | rc4 |	The RC4 family: arcfour-hmac |
 | camellia | The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac |
	Title: 5 - Kerberos Crypto and Encryption Types
	NavPrev: 4-identity-backend.html
	NavPrevtext: 4 - Identity Backend
	NavUp: ../user-guide.html
	NavUpText: User Guide
	NavNext: 6-network-support.html
	NavNextText: 6 - Network Support
	Notice: Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at
	.
	http://www.apache.org/licenses/LICENSE-2.0
	.
	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.

	# 5 - Kerberos Crypto and Encryption Types

	Supported des, des3, rc4, aes, camellia encryption and corresponding checksum types
	Interoperates with MIT Kerberos and Microsoft AD
	Independent of Kerberos code in JRE, but rely on JCE

	\| Encryption Type \| Description \|
	\| --------------- \| ----------- \|
	\| des-cbc-crc \| DES cbc mode with CRC-32 (weak) \|
	\| des-cbc-md4 \| DES cbc mode with RSA-MD4 (weak) \|
	\| des-cbc-md5 \| DES cbc mode with RSA-MD5 (weak) \|
	\| des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd \| Triple DES cbc mode with HMAC/sha1 \|
	\| des-hmac-sha1 \| DES with HMAC/sha1 (weak) \|
	\| aes256-cts-hmac-sha1-96 aes256-cts AES-256 \| CTS mode with 96-bit SHA-1 HMAC \|
	\| aes128-cts-hmac-sha1-96 aes128-cts AES-128 \| CTS mode with 96-bit SHA-1 HMAC \|
	\| arcfour-hmac rc4-hmac arcfour-hmac-md5 \| RC4 with HMAC/MD5 \|
	\| arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp \| Exportable RC4 with HMAC/MD5 (weak) \|
	\| camellia256-cts-cmac camellia256-cts \| Camellia-256 CTS mode with CMAC \|
	\| camellia128-cts-cmac camellia128-cts \| Camellia-128 CTS mode with CMAC \|
	\| des \| The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak) \|
	\| des3 \| The triple DES family: des3-cbc-sha1 \|
	\| aes \| The AES family: aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 \|
	\| rc4 \| The RC4 family: arcfour-hmac \|
	\| camellia \| The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac \|