Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [key-wrap]

Key Wrap constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material.

The Key Wrap algorithms are intended for applications such as protecting keys while in untrusted storage or transmitting keys over untrusted communications networks. The constructions are typically built from standard primitives such as block ciphers and cryptographic hash functions.

46 questions
33
votes
2 answers

Why do we need special key-wrap algorithms?

Wikipedia says: Key Wrap constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material. We are using these algorithms to encrypt (and authenticate) a key, using a symmetric algorithm…
Paŭlo Ebermann
  • 22,946
  • 7
  • 82
  • 119
13
votes
1 answer

What is the difference between "wrapping" a key and encrypting?

I wanted to implement a way to generate an RSA public/private key pair and protect the private key with a password. Looking into the Web crypto api, I thought the wrapKey/unwrapKey pair was the way to go. But then I got confused, and the…
Vlad
  • 579
  • 1
  • 4
  • 13
9
votes
2 answers

Is AES-Keywrap (NIST SP 800-38F) quantum-safe?

Having looked at the paper "Breaking Symmetric Cryptosystems using Quantum Period Finding", I'm unsure as to whether the AES-Keywrap as defined by NIST SP 800-38F is safe against the described attack or not. I also came up empty handed on…
thera
  • 346
  • 2
  • 8
7
votes
2 answers

How much extra security does key wrapping provide?

Wikipedia says: Key Wrap. Key Wrap constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material. The Key Wrap algorithms are intended for applications such as protecting keys while in…
Saptarshi Basu
  • 528
  • 5
  • 17
7
votes
1 answer

How does a key wrapping like RFC 3394 secure my cryptographic keys?

So I'm messing around in the BouncyCastle library with the RFC 3394 AES Key Wrap engine and I'm trying to understand the benefit of it. The problem I'm running into is how to store keys securely on a device like a phone or even a laptop or desktop.…
hobeau
  • 863
  • 1
  • 10
  • 11
6
votes
1 answer

Is it OK to use a data-encryption key for key wrapping, too?

Our industry (area of cheap networked devices) has a standard that defines the usage of keys for both authentication and encryption using EAX mode of AES. This standard does not define key management, and someone wants to change this key material in…
StoverFlo
  • 61
  • 1
5
votes
2 answers

How is NIST's Key Wrap (using AES GCM) different than normal AES GCM Authenticated encryption?

From what I could gather, it seems like that NIST's key wrap (publication) provides similar security like AES-GCM Authenticated encryption. If this is true, why did we need a separate specification for key wrap in the first place ?
Akash
  • 71
  • 1
  • 3
5
votes
2 answers

Can RFC 5649 be used to wrap multiple keys with the same KEK?

I am unable to convince myself that RFC5649 is secure when storing multiple keys with the same KEK. My point is: RFC5649 uses AES-ECB, therefore the usual weakness of this method applies, namely an observer can deduce equalities among sections of…
cassisbonbon
  • 53
  • 3
5
votes
1 answer

Changing the IV of the AES key wrap algorithm

The first 64-bit block to be encrypted is defined by the spec to be A6A6A6A6A6A6A6A6 Is their any merit in changing this to another value eg. B0B0B0B0B0B0B0B0? You retain the strong integrity check although maybe at the cost of interoperability,…
err
  • 195
  • 2
  • 8
4
votes
1 answer

PKCS11: CKA_VALUE_LEN attribute and Unwrap key

In PKCS11 specification v2.40, we see some confusion with CKA_VALUE_LEN attribute and UnwrapKey behavior. From PKCS11 spec 2.40 section 2.8.2, 2 -> MUST not be specified when object is created with C_CreateObject. 3 -> MUST be specified when object…
Brahmaji Kommanaboyina
  • 63
  • 3
4
votes
1 answer

Does the AES-KW (Key Wrap Algorithm) perform authenticated encryption?

The RFC for AES-KW doesn't actually mention authentication. It only mentions integrity, where the unwrapping/decryption process should produce an identical IV of A6A6A6A6A6A6A6A6. Is this integrity check effectively performing authentication, or is…
Shruggie
  • 247
  • 3
  • 9
4
votes
2 answers

Encrypting 256 bit AES keys with AES ECB?

What are the pros/cons of using AES ECB mode to encrypt encryption keys (data encryption keys or DEKs)? Aware of the significant weaknesses when it come to encrypting low-entropy data that's greater than a block size and also aware of AES Key…
DeepSpace101
  • 1,717
  • 3
  • 17
  • 24
4
votes
1 answer

Why is s=6n in AES Key Wrap?

In AES Key Wrap, we apply 6n AES encryptions for an input of n 64-bit blocks. Informally speaking, we wrap the key 6 times. What is the motivation behind 6? Why not 4 or 10? Is there something like a treshold or trade-off coming from security vs…
guestQWERTY
  • 41
  • 2
3
votes
1 answer

AEAD: Is it secure to decrypt the content encryption key before verifying the MAC?

The JSON Web Encryption (JWE) standard defines a number of encryption modes with the same basic form: First, the a unique content encryption key (CEK) is generated and used to encrypt the payload with associated data in an AEAD mode (e.g. AES-CBC…
Neil Madden
  • 557
  • 3
  • 13
3
votes
2 answers

Tweakable encryption algorithms vs Key wrapping

I have read many articles about Key wrapping and tweakable cipher modes. However, I don't understand the main difference between them? What you recommend for Key storage and Key Archive.
Gev_sedrakyan
  • 125
  • 1
  • 1
  • 5
1
2 3 4