diff options
Diffstat (limited to 'crypto/krb5/doc/html/_sources/formats/freshness_token.rst.txt')
| -rw-r--r-- | crypto/krb5/doc/html/_sources/formats/freshness_token.rst.txt | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/crypto/krb5/doc/html/_sources/formats/freshness_token.rst.txt b/crypto/krb5/doc/html/_sources/formats/freshness_token.rst.txt deleted file mode 100644 index 3127621a9f0b..000000000000 --- a/crypto/krb5/doc/html/_sources/formats/freshness_token.rst.txt +++ /dev/null @@ -1,19 +0,0 @@ -PKINIT freshness tokens -======================= - -:rfc:`8070` specifies a pa-data type PA_AS_FRESHNESS, which clients -should reflect within signed PKINIT data to prove recent access to the -client certificate private key. The contents of a freshness token are -left to the KDC implementation. The MIT krb5 KDC uses the following -format for freshness tokens (starting in release 1.17): - -* a four-byte big-endian POSIX timestamp -* a four-byte big-endian key version number -* an :rfc:`3961` checksum, with no ASN.1 wrapper - -The checksum is computed using the first key in the local krbtgt -principal entry for the realm (e.g. ``krbtgt/KRBTEST.COM@KRBTEST.COM`` -if the request is to the ``KRBTEST.COM`` realm) of the indicated key -version. The checksum type must be the mandatory checksum type for -the encryption type of the krbtgt key. The key usage value for the -checksum is 514. |