Cryptography Reference
In-Depth Information
[
cnonce=”
base64 cnonce-value
”
]
[
opaque=”
base64 opaque-value
”
]
[
message-qop=”
qop-value
”
]
[
nc=
8lhex nc-value
]
The algorithm and opaque-value must be the same as in the challenge. The qop-
value must be in the suggested list from the challenge. Here 32lhex and 8lhex means 32
or 8 lowercase hexadecimal digits. Credentials must respond to the challenge following
the computation below.
Computation of request-digest-value
: if qop-value is
auth
(as for authentication)
or
auth-int
(as for authentication with integrity protection), then
request-digest-value
=
KD
H
(
A
1)
(
nonce-value
:
nc-value
:
cnonce-value
:
qop-value
:
H
(
A
2))
otherwise
request-digest-value
=
KD
H
(
A
1)
(
nonce-value
:
H
(
A
2))
where
A
1 and
A
2 are computed as detailed below.
Computation of A
1: if algorithm is MD5 then
A
1
=
username-value
:
realm-value
:
passwd
and if algorithm is
MD5-sess
(as for MD5-hashed
A
1 for the whole session),
then
A
1
=
H
(
username-value
:
realm-value
:
passwd
):
nonce-value
:
cnonce-value
where the hash value is computed once for the session (so that it does not
compromise the confidentiality of passwd).
Computation of A
2: if qop-value is
auth
then
A
2
=
Method
:
digest-uri-value
and if qop-value is
auth-int
then
A
2
=
Method
:
digest-uri-value
:
H
(
entity-body
)
where Method, digest-uri-value, and entity-body are part of the HTTP/1.1
standard.
As in the basic protocol, the server checks the correctness of the response and provides
or denies access to the client.
Search WWH ::
Custom Search