3.4.5.2 SIGNKEY

  • Article

If extended session security is not negotiated (section 2.2.2.5), then no signing keys are available and message signing is not supported.

If extended session security is negotiated, the signing key is a 128-bit value that is calculated as follows from the random session key and the null-terminated ASCII constants shown.

Input:

  • ExportedSessionKey - A randomly generated session key.

  • NegFlg - Defined in section 3.1.1.

  • Mode - An enum that defines the local machine performing the computation.  Mode always takes the value "Client" or "Server".

Output:

  • SignKey - The key used for signing messages.

Functions used:

  • ConcatenationOf(), MD5(), NIL - Defined in section 6.

      
 Define SIGNKEY(NegFlg, ExportedSessionKey, Mode) as
 If (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag is set in NegFlg) 
      If (Mode equals "Client")
           Set SignKey to MD5(ConcatenationOf(ExportedSessionKey, 
           "session key to client-to-server signing key magic  
           constant"))
      Else
           Set SignKey to MD5(ConcatenationOf(ExportedSessionKey, 
           "session key to server-to-client signing key magic
           constant"))
      Endif
 Else 
      Set  SignKey to NIL
 Endif
 EndDefine