Example: tdgssauth Wrap and Unwrap - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-04-05
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantageā„¢

The example shows wrapping a string to protect it with a signature. Run:

tdgssauth -u userconfhigh -m td2 -i 198.51.100.20 -T "this is a test"

The user's name (-u) is the same as it is specified in a bteq .logon command. The -m option specifies the logon mechanism to use (TD2 in this case). The -i option specifies the IP address from which the user will connect. -T wraps and unwraps the string.

Result:

 Status: not authenticated, not authorized
     Actual mechanism employed: TD2 [OID 1.3.6.1.4.1.191.1.1012.1.1.9]

 Security context capabilities: replay detection
                                out of sequence detection
                                confidentiality
                                integrity
                                protection ready
                                exportable security context

 Minimum quality of protection: 3 (High) with confidentiality and integrity
                       Options: none

          String to be wrapped: this is a test
                Requesting QoP: 3 (High)
    Requesting Confidentiality: yes

Wrapped text (by client side):
  00000000: ff 6e 79 ed f9 b3 fa 42 ee 79 3e c1 b0 7a af ab *.ny....B.y>..z..*
  00000010: e9 ce 82 c5 3e bd 49 e3 a6 70 95 ab 42 9a 95 6b *....>.I..p..B..k*
  00000020: d2 1b 2a 8e c6 f1 04 91 24 78 5d 50 e5 8b 69 8a *..*.....$x]P..i.*
  00000030: 86 2a 0f ab 75 f6 3d 7e 19 14 3f d3 35 6d 77 74 *.*..u.=~..?.5mwt*
  00000040: 03 07 04 03 00 00 00 40 00 00 00 00 00 00 00 01 *.......@........*

Unwrapped text (by server side):
  00000000: 74 68 69 73 20 69 73 20 61 20 74 65 73 74       *this is a test*

            Actual QoP applied: 3 (High)
       Confidentiality applied: yes

Wrapped text (by server side):
  00000000: d9 f0 77 7b 1a 9c 75 2e 3e 65 6e 75 ee 9a 07 33 *..w{..u.>enu...3*
  00000010: a5 b3 f0 8e 04 3e 24 15 a8 6e b8 29 97 68 43 c5 *.....>$..n.).hC.*
  00000020: 4f dc f3 d5 14 70 9d e1 27 38 9a de 50 3c 95 fd *O....p..'8..P<..*
  00000030: 8d cf 2f e9 b1 ed 77 18 aa ca 53 7d 05 61 50 dc *../...w...S}.aP.*
  00000040: 03 07 84 03 00 00 00 40 00 00 00 00 00 00 00 01 *.......@........*

Unwrapped text (by client side):
  00000000: 74 68 69 73 20 69 73 20 61 20 74 65 73 74       *this is a test*

            Actual QoP applied: 3 (High)
       Confidentiality applied: yes

The -T option specifies a string to wrap and unwrap. Wrapping causes the text to be protected with a signature and to optionally be encrypted (see the -c and -e options in Using tdgssauth Syntax). The tool uses the QoP configured for the session when invoking the wrap function in TDGSS. In this case, the client side wrapped the message and turned it into an 80-byte string. The 80-byte string is passed to the server side of TDGSS and requests the server side to unwrap the string back to the original string. The server then wraps the string it unwrapped and generates a different 80-byte string. The client unwraps the string from the server side back to the original string.

The -T option can be used with any mechanism and any number of -T options may be specified.