- The client sends a request to the KDC, stating that it wants to be authenticated.
- The KDC responds with a challenge by sending the client a nonce and expects to receive back an encrypted nonce using the client's
secret_key. - The client receives the challenge, encrypts the nonce as instructed, and sends the encrypted nonce back to the KDC.
- The KDC decrypts the nonce and compares it to the one it originally sent to the client. If they match, it proves that the client possesses the correct
secret_key(proof of access to the shared secret, i.e.,secret_key). - The KDC generates a shared key for the
PrnSrvand the client. - The KDC creates a ticket (an encrypted message containing client information and the shared key), which is encrypted using
PrnSrv'ssecret_key(established for secure communication between the KDC andPrnSrv). - The KDC sends the ticket along with the shared key to the client, completing the authentication process.
- The client uses the shared key for further communication with
PrnSrv. - The client sends the ticket to
PrnSrv. PrnSrvreceives the ticket, decrypts it using itssecret_key, and verifies the client's authentication (i.e., it checks whether the client's information matches the details contained in the ticket).- Upon successful authentication,
PrnSrvaccepts the client's text for conversion to PDF. PrnSrvconverts the text to a PDF usingenscriptandps2pdf.PrnSrvsends the PDF size along with the PDF data itself to the client.- The client saves the PDF data to a file.
All communication mentioned above is encrypted using:
- The
client-KDCshared secret, - The
KDC-PrnSrvshared secret, - The
client-PrnSrvshared secret generated by the KDC upon authentication.
These secrets ensure secure communication between the client and KDC, KDC and PrnSrv, and client and PrnSrv, respectively.
This protocol is heavily inspired by Kerberos.
mkdir build
cd build
cmake ..
makeLaunch three shell instances: run
./kdcin the first,./prnsrvin the second, and./clientin the third for testing.