gss_unwrap man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

gss_unwrap(3)							 gss_unwrap(3)

       gss_unwrap - Converts a protected message to a usable form.

       #include <gssapi/gssapi.h>

       OM_uint32 gss_unwrap(
	       OM_uint32 * minor_status,
	       const gss_ctx_id_t context_handle,
	       const gss_buffer_t input_message_buffer,
	       gss_buffer_t output_message_buffer,
	       int * conf_state,
	       gss_qop_t * qop_state );

       Kerberos	 5 error code.	Security context that contains the session key
       used to decrypt the message and verify its checksum.  Protected message
       to  be unwrapped and verified.  Buffer that receives the unwrapped mes‐

	      Storage associated with this buffer must be freed by the	appli‐
	      cation  after  use with a call to gss_release_buffer().  Protec‐
	      tion used when the message was wrapped, that  is,	 encrypted  to
	      ensure confidentiality.  Specify NULL if this information is not
	      required.	 Non-zero -- encryption used.  Zero -- encryption  not
	      used.   Quality of protection (QOP) provided: If the GSS_KRB5-C-
	      CONF-QOP-DES confidentiality QOP was used to wrap	 the  message,
	      GSS_KRB5-C-INTEG-QOP-DES-MD5     is     returned.	     If	   the
	      CSF_GSS_KRB5_C_CONF_QOP_DES3 confidentiality  QOP	 was  used  to
	      wrap the message, CSF_GSS_KRB5_C_INTEG_QOP_DES3_MD5 is returned.

	      Specify  NULL  if	 this information is not required.  gss_wrap()
	      contains more information about QOPs.

       The gss_unwrap() function converts a previously protected message  back
       to a usable form by: Verifying the checksum to check message integrity.
       Decrypting the message if confidentiality was used.

       This function is used in conjunction with gss_wrap()  to	 protect  mes‐
       sages when they are transferred between an application and its peer.

       The  conf_state	parameter indicates whether the message was encrypted;
       the qop_state parameter indicates the strength of protection  that  was
       used to provide the confidentiality and integrity services.  gss_wrap()
       contains more information about QOPs.


       This function is a direct replacement  for  the	gss_unseal()  function
       used in GSS-API version 1 compliant products, including the HP Applica‐
       tion Security Toolkit.

       If the function returns GSS_S_COMPLETE, the message has been  decrypted
       and the checksum in the token verified successfully.

       If  the	function  returns  GSS_S_FAILURE,  the	token  may  be out-of-
       sequence, old, or a replay. To check for these conditions in  the  sup‐
       plementary  information	fields, AND the major status code with a named

       Storage associated with the output message buffer must be freed by  the
       application after use with a call to gss_release_buffer().

       GSS_S_COMPLETE		       00000000
       GSS_S_DEFECTIVE_TOKEN	       xx09xxxx
       GSS_S_DUPLICATE_TOKEN	       xxxx0002
       GSS_S_FAILURE		       xx0Dxxxx
       GSS_S_NO_CONTEXT		       xx08xxxx
       GSS_S_OLD_TOKEN		       xxxx0004
       GSS_S_UNSEQ_TOKEN	       xxxx0008

       Since  the HP implementation of DES3 is an extension of the GSS-API, it
       will not interoperate with other GSS-API vendors offering DES3.

       Functions:  gss_accept_sec_context(3),	      gss_init_sec_context(3),
       gss_release_buffer(3), gss_wrap(3)


List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net