Basic Access Control

Harald Welte

2005-11-01

It seems like even though the specification looks quite verbose upon first sight, there are many tiny pitfalls in implementing basic access control according to the TR-PKI 1.1 specification.

Padding is such an issue. You always pad for DES en/decryption, _but not_ if you are in the mutual authenticate command ;)

I now have the key derivation, authentication and setup of session keys working. Secure Messaging still has some problems with regard to the DES retail MAC. Let's hope I get this finished soon.