MIT Kerberos Documentation

krb5_c_encrypt_iov - Encrypt data in place supporting AEAD (operates on keyblock).

krb5_error_code krb5_c_encrypt_iov(krb5_context context, const krb5_keyblock * keyblock, krb5_keyusage usage, const krb5_data * cipher_state, krb5_crypto_iov * data, size_t num_data)

[in] context - Library context

[in] keyblock - Encryption key

[in] usage - Key usage (see KRB5_KEYUSAGE types)

[in] cipher_state - Cipher state; specify NULL if not needed

[inout] data - IOV array. Modified in-place.

[in] num_data - Size of data

  • 0 Success; otherwise - Kerberos error codes

This function encrypts the data block data and stores the output in-place. The actual encryption key will be derived from keyblock and usage if key derivation is specified for the encryption type. If non-null, cipher_state specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API.


On return from a krb5_c_encrypt_iov() call, the data->length in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased.

This function is similar to krb5_k_encrypt_iov() , but operates on keyblock keyblock .