2 files changed, 12 insertions, 3 deletions

diff --git a/src/include/krb5/encryption.h b/src/include/krb5/encryption.h
index 65fd77961..cf6ee7399 100644
--- a/src/include/krb5/encryption.h
+++ b/src/include/krb5/encryption.h
@@ -22,6 +22,12 @@ typedef struct _krb5_keyblock {
     krb5_octet *contents;
 } krb5_keyblock;
 
+typedef struct _krb5_encrypted_keyblock {
+    krb5_keytype keytype;
+    int length;
+    krb5_octet *contents;
+} krb5_encrypted_keyblock;
+
 typedef struct _krb5_checksum {
     krb5_cksumtype checksum_type;	/* checksum type */
     int length;
diff --git a/src/include/krb5/kdb.h b/src/include/krb5/kdb.h
index b8b77b085..c42d8d585 100644
--- a/src/include/krb5/kdb.h
+++ b/src/include/krb5/kdb.h
@@ -18,7 +18,7 @@
 
 typedef struct _krb5_db_entry {
     krb5_principal principal;
-    krb5_keyblock key;
+    krb5_encrypted_keyblock key;
     krb5_kvno kvno;
     krb5_deltat	max_life;
     krb5_deltat	max_renewable_life;
@@ -40,6 +40,9 @@ typedef struct _krb5_db_entry {
 /* XXX depends on knowledge of krb5_parse_name() formats */
 #define KRB5_KDB_M_NAME		"K/M"	/* Kerberos/Master */
 
+#define KDB_CONVERT_KEY_TO_DB(in,out) krb5_kdb_encrypt_key(&master_encblock, in, out)
+#define KDB_CONVERT_KEY_OUTOF_DB(in, out) krb5_kdb_decrypt_key(&master_encblock, in, out)
+
 /* prompts used by default when reading the KDC password from the keyboard. */
 #define KRB5_KDC_MKEY_1	"Enter KDC database master key:"
 #define KRB5_KDC_MKEY_2	"Re-enter KDC database master key to verify:"
@@ -89,10 +92,10 @@ krb5_error_code krb5_db_store_mkey PROTOTYPE((char *,
 krb5_error_code krb5_kdb_encrypt_key
 	PROTOTYPE((krb5_encrypt_block *,
 		   const krb5_keyblock *,
-		   krb5_keyblock *));
+		   krb5_encrypted_keyblock *));
 krb5_error_code krb5_kdb_decrypt_key
 	PROTOTYPE((krb5_encrypt_block *,
-		   const krb5_keyblock *,
+		   const krb5_encrypted_keyblock *,
 		   krb5_keyblock *));
 krb5_error_code krb5_db_setup_mkey_name
 	PROTOTYPE((const char *, const char *, char **, krb5_principal *));