A protocol that defines how clients interact with a network authentication service. Clients obtain tickets from the Kerberos Key Distribution Center (KDC), and they present these tickets to servers when connections are established. Kerberos tickets represent the client`s network credentials.
A BLOB containing an encrypted private key. Key BLOBs provide a way to store keys outside the CSP. Key BLOBs are created by exporting an existing key from the CSP by calling the CryptExportKey function. Later, the key BLOB can be imported into a provider (often a different CSP on a different computer) by calling the CryptImportKey function. This creates a key in the CSP that is a duplicate of the one that was exported.
The format of the key BLOB when a public or session key is exported from a CSP. The format is specified by the provider type of the exporting CSP. A key BLOB is created by calling CryptExportKey.
(KCA) A trusted entity that typically keeps a secure database of compound messages signed with the KCA`s private key. In practical implementations, the compound messages consist of the user`s name, the user`s public key, and any other important information about the user. When the receiving application gets a signed message from a user, the application can then verify the public key received with the message by comparing it to the public key stored in the KCA database.
A part of the key database that contains all the key pairs (exchange and signature key pairs) belonging to a specific user. Each container has a unique name that is used when calling the CryptAcquireContext function to get a handle to the container.
A database that contains the persistent cryptographic keys for a specific CSP. The database contains one or more key containers, which individually store all the cryptographic key pairs for a specific user.
(KDC) A network service that supplies session tickets and temporary session keys used in the Kerberos V5 authentication protocol. The KDC runs as a privileged process on all domain controllers.
An algorithm used to encrypt and decrypt exchange keys (symmetric session keys). Some common key exchange algorithms include DH and KEA. Each provider type can specify only one key exchange algorithm.
(KEA) The key exchange algorithm specified by a PROV_FORTEZZA provider type. This algorithm is an improved version of the Diffie-Hellman algorithm.
A certificate used to encrypt information sent to another party. The certification authority (CA) key exchange certificate can be used by a client to encrypt information sent to the CA.
A set of functions used to exchange or transmit keys. Key exchange functions can also be used to implement fully authenticated three-phase key exchanges.
The private key of an exchange key pair.
A protocol by which two parties exchange information to establish a shared secret. The shared secret is then typically used as a symmetric encryption key.
The public key of an exchange key pair.
A set of functions used by applications to generate and customize cryptographic keys. These functions include full support for changing chaining modes, initialization vectors, and other encryption features.
Values specified by some providers that indicate the length of the public/private key pairs and session keys used with that provider.
A private key and its related public key.