synta 0.2.6

ASN.1 parser, decoder, and encoder library with DER/BER support and C FFI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

# Kerberos V5 Types


`synta.krb5` provides Kerberos V5 principal name types, constants, and PKINIT protocol
structures (RFC 4556, RFC 6112, RFC 8636).

```python
import synta.krb5
```

## Principal-name type constants

Integer constants from RFC 4120 §6.2:

| Constant | Value | Description |
|---|---|---|
| `NT_UNKNOWN` | 0 | Unknown |
| `NT_PRINCIPAL` | 1 | User/host principal |
| `NT_SRV_INST` | 2 | Service + instance (e.g. `krbtgt`) |
| `NT_SRV_HST` | 3 | Service + hostname |
| `NT_SRV_XHST` | 4 | Service + host (remaining components) |
| `NT_UID` | 5 | Unique ID |
| `NT_X500_PRINCIPAL` | 6 | Encoded X.500 DN |
| `NT_SMTP_NAME` | 7 | SMTP email address |
| `NT_ENTERPRISE` | 10 | Enterprise (UPN-style), RFC 6806 |
| `NT_WELLKNOWN` | 11 | Well-known (anonymous), RFC 8062 |
| `NT_SRV_HST_DOMAIN` | 12 | Host-based service, Windows MS-SFU |

## Encryption type constants

IANA Kerberos Encryption Type Numbers:

| Constant | Value | RFC / source | Notes |
|---|---|---|---|
| `ETYPE_DES_CBC_CRC` | 1 | RFC 6649 | Deprecated |
| `ETYPE_DES_CBC_MD4` | 2 | RFC 6649 | Deprecated |
| `ETYPE_DES_CBC_MD5` | 3 | RFC 6649 | Deprecated |
| `ETYPE_DES3_CBC_MD5` | 5 || Deprecated |
| `ETYPE_DES3_CBC_SHA1` | 7 || Deprecated |
| `ETYPE_DES_HMAC_SHA1` | 8 || Deprecated |
| `ETYPE_DES3_CBC_SHA1_KD` | 16 | RFC 3961 §6.3 | Deprecated |
| `ETYPE_AES128_CTS_HMAC_SHA1_96` | 17 | RFC 3962 | |
| `ETYPE_AES256_CTS_HMAC_SHA1_96` | 18 | RFC 3962 | |
| `ETYPE_AES128_CTS_HMAC_SHA256_128` | 19 | RFC 8009 | Recommended |
| `ETYPE_AES256_CTS_HMAC_SHA384_192` | 20 | RFC 8009 | Recommended |
| `ETYPE_RC4_HMAC` | 23 | MS-KILE | Deprecated |
| `ETYPE_RC4_HMAC_EXP` | 24 | MS-KILE | Deprecated |
| `ETYPE_CAMELLIA128_CTS_CMAC` | 25 | RFC 6803 | |
| `ETYPE_CAMELLIA256_CTS_CMAC` | 26 | RFC 6803 | |

## OID constant

```python
KRB5_PRINCIPAL_NAME_OID  # ObjectIdentifier("1.3.6.1.5.2.2") — id-pkinit-san
```

This is the `OtherName` type-id for `KRB5PrincipalName` entries in certificate SAN extensions.

See also:
- [Krb5PrincipalName](krb5-principal.md) — the principal name encoder/decoder class
- [PKINIT types](krb5-pkinit.md) — RFC 4556 protocol structures
- [PKINIT OIDs](../oids/oids.md)`PKINIT_SAN` and related OID constants