public KerberosCredential(SecureString password, string principal, string realm)
{
// Generate salt
this.DefaultSalt = KerberosKeyDerivation.DeriveSalt(principal, realm);
// Generate DES keys
byte[] desKey = KerberosKeyDerivation.DeriveKey(KerberosKeyType.DES_CBC_MD5, password, this.DefaultSalt);
var desKeyData = new KerberosKeyData(KerberosKeyType.DES_CBC_MD5, desKey);
this.Credentials = new KerberosKeyData[] { desKeyData };
}
private static void WriteCredential(BinaryWriter writer, KerberosKeyData credential, int keyValueOffset)
{
// Reserved1 (2 bytes): This value MUST be ignored by the recipient and MUST be set to zero.
writer.Write((short)0);
// Reserved2 (2 bytes): This value MUST be ignored by the recipient and MUST be set to zero.
writer.Write((short)0);
// Reserved3 (4 bytes): This value MUST be ignored by the recipient and MUST be set to zero.
writer.Write((int)0);
// KeyType (4 bytes): Indicates the type of key, stored as a 32-bit unsigned integer in little-endian byte order. This MUST be set to one of the following values, which are defined in section 2.2.10.8.
writer.Write((int)credential.KeyType);
// KeyLength (4 bytes): The length, in bytes, of the value beginning at KeyOffset. The value of this field is stored in little-endian byte order.
writer.Write(credential.Key.Length);
// KeyOffset (4 bytes): An offset, in little-endian byte order, from the beginning of the property value (that is, from the beginning of the Revision field of KERB_STORED_CREDENTIAL) to where the key value starts. The key value is the hash value specified according to the KeyType.
writer.Write(keyValueOffset);
}