search

kaikramer / keystore-explorer

KeyStore Explorer is a free GUI replacement for the Java command-line utilities keytool and jarsigner.
https://keystore-explorer.org/
GNU General Public License v3.0
1.7k stars 275 forks source link

Kerberos KeyTab support #252

Open romad17 opened 3 years ago

romad17 commented 3 years ago

Could you please support viewing kerberos KeyTab? Here is some info: https://kb.iu.edu/d/aumh

Like you do in command line klist command

kaikramer commented 3 years ago

KSE is a tool for Java keystore files. If there is a JCE provider for the keytab format then I could add support for it.

BTW that link only explains how to use some command line tools. All it says about keytab files is this:

A keytab is a file containing pairs of Kerberos principals and encrypted keys

romad17 commented 3 years ago

Does that helps? https://docs.oracle.com/javase/8/docs/api/javax/security/auth/kerberos/KeyTab.html

kaikramer commented 3 years ago

Well, that's not a JCE provider.

At least there is a link to a description of the format on that page: http://www.ioplex.com/utilities/keytab.txt

A KeyTab file basically contains entries with these fields:

It doesn't seem too difficult to map these onto the typical fields of a keystore entry.

If someone, who has a bit of experience with the Kerberos protocol and can create test data etc., is interested in writing a keystore provider for the KeyTab format, I can help with some guidance. The documentation by Oracle for implementing a JCE provider is also pretty helpful:

https://docs.oracle.com/javase/9/security/howtoimplaprovider.htm#JSSEC-GUID-C485394F-08C9-4D35-A245-1B82CDDBC031