This tool extracts and decodes Kerberos keytab files, allowing you to recover service principal names and encrypted keys for authentication troubleshooting.
Supported Tools:
Extract principals, realms, encryption types, KVNO values, and key material from Base64-encoded Kerberos keytab data.
A keytab file stores Kerberos principals and their associated secret keys so services can authenticate without manually entering a password. It is commonly used in Active Directory, Linux Kerberos environments, service accounts, and automation workflows where Kerberos authentication is required.
Input:
BQIAAABKAAEAEGtleWRlY3J5cHRvci5DT00AA3NhdQAAAAFp/EXCAQASACALGr9VDolyrBlePg+SBrj64U+FXvVtlIrrCFwxxYlm0gAAAAE=
Output:
KeyTab Version: 0x0502 Total Entries: 1 Entry 1 Principal: sau@keydecryptor.COM Realm: keydecryptor.COM Encryption Type: AES256-CTS-HMAC-SHA1-96 Etype ID: 18 KVNO: 1 Key: 0b1abf550e8972ac195e3e0f9206b8fae14f855ef56d948aeb085c31c58966d2
What does a keytab extractor show?
It parses Base64-encoded keytab content and displays readable details such as the Kerberos principal, realm, encryption type, key version number, and extracted key bytes.
Why are keytab files sensitive?
Keytab files contain secret keys that can allow authentication as a service or user principal. They should be protected like passwords and never exposed publicly.
What encryption types can appear in a keytab?
Common entries include RC4-HMAC, AES128, AES256, DES, and 3DES depending on the Kerberos configuration and account settings.