Kerberos Parameters (last updated 2007-08-16) Registries included below: - Kerberos Encryption Type Numbers - Kerberos Checksum Type Numbers - Kerberos TCP Extensions Registry Name: Kerberos Encryption Type Numbers Reference: [RFC3961] Registration Procedures: Standards Action or Expert Review Note: These are signed values ranging from -2147483648 to 2147483647. Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols. Negative values are for private use; local and experimental algorithms should use these values. Zero is reserved and may not be assigned. Registry: etype encryption type Reference -------------- ------------------------------------- ------------------------- 0 reserved [RFC3961] 1 des-cbc-crc [RFC3961] 2 des-cbc-md4 [RFC3961] 3 des-cbc-md5 [RFC3961] 4 Reserved [RFC3961] 5 des3-cbc-md5 6 Reserved [RFC3961] 7 des3-cbc-sha1 8 Unassigned 9 dsaWithSHA1-CmsOID [RFC4556] 10 md5WithRSAEncryption-CmsOID [RFC4556] 11 sha1WithRSAEncryption-CmsOID [RFC4556] 12 rc2CBC-EnvOID [RFC4556] 13 rsaEncryption-EnvOID [RFC4556 from PKCS#1 v1.5] 14 rsaES-OAEP-ENV-OID [RFC4556 from PKCS#1 v2.0] 15 des-ede3-cbc-Env-OID [RFC4556] 16 des3-cbc-sha1-kd [RFC3961] 17 aes128-cts-hmac-sha1-96 [RFC3962] 18 aes256-cts-hmac-sha1-96 [RFC3962] 19-22 Unassigned 23 rc4-hmac [RFC4757] 24 rc4-hmac-exp [RFC4757] 25-64 Unassigned 65 subkey-keymaterial (opaque; PacketCable) 66-2147483647 Unassigned Registry Name: Kerberos Checksum Type Numbers Reference: [RFC3961] Registration Procedures: Standards Action or Expert Review Note: These are signed values ranging from -2147483648 to 2147483647. Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols. Negative values are for private use; local and experimental algorithms should use these values. Zero is reserved and may not be assigned. Registry: sumtype value Checksum type checksum size Reference ----------------- ---------------------------- ------------- --------- 0 Reserved [RFC3961] 1 CRC32 4 [RFC3961] 2 rsa-md4 16 [RFC3961] 3 rsa-md4-des 24 [RFC3961] 4 des-mac 16 [RFC3961] 5 des-mac-k 8 [RFC3961] 6 rsa-md4-des-k 16 [RFC3961] 7 rsa-md5 16 [RFC3961] 8 rsa-md5-des 24 [RFC3961] 9 rsa-md5-des3 24 10 sha1 (unkeyed) 20 11 Unassigned 12 hmac-sha1-des3-kd 20 [RFC3961] 13 hmac-sha1-des3 20 14 sha1 (unkeyed) 20 15 hmac-sha1-96-aes128 20 [RFC3962] 16 hmac-sha1-96-aes256 20 [RFC3962] 17-32770 Unassigned 32771 Reserved [RFC1964] 32772-2147483647 Unassigned Registry Name: Kerberos TCP Extensions Reference: [RFC5021] Range Registration Procedures Notes ------ --------------------------------- -------------------------------------------------- 0-29 IESG Approval or Standards Action 30 Reserved Standards Action to updates or obsoletes [RFC5021] Registry: Value Description Reference ------ ------------------- -------- 0-29 Unassigned 30 Reserved [RFC5021] References ---------- [RFC1964] J. Linn, "The Kerberos Version 5 GSS-API Mechanism", RFC 1964, June 1996. [RFC3961] K. Raeburn, "Encryption and Checksum Specifications for Kerberos 5", RFC 3961, February 2005. [RFC3962] K. Raeburn, "AES Encryption for Kerberos 5", RFC 3962, February 2005. [RFC4556] L. Zhu and B. Tung, "Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)", RFC 4556, June 2006. [RFC4757] K. Jaganathan, L. Zhu, J. Brezak, "The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows", RFC 4757, December 2006. [RFC5021] S. Josefsson, "Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges Over TCP", RFC 5021, August 2007. (created 2004-06-29) []