when dealing with S3 Client Side Encryption, it's using "AESWrap" (defined in rfc3394) algorithm to encrypt the data-key; I'm trying to play with openssl command line to see if it's possible decrypt it "AESWrap", does anyone know how to use call openssl decrypt AESWrap encrpyted content?
https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/package-summary.html
from Java programming, I can program by Cipher.getInstance("AESWrap") to do ENCRYPT_MODE or DECRYPT_MODE, wonder if openssl command line has an equivalent?
Cipher cipher = Cipher.getInstance("AESWrap");
cipher.init(Cipher.ENCRYPYT_MODE, kek);
byte[] encrypted = cipher.doFinal(datakeybytes);
@dave_thompson_085 seems know more on this? (from your https://crypto.stackexchange.com/a/28960 )
from this openssl wiki I'm not seeing how https://wiki.openssl.org/index.php/Command_Line_Utilities
BTW: by listing all available cipher algorithms, I found the "id-aes256-wrap", does anyone know this has any relation to AESWrap defined in RFC3394 ?
$ openssl list-cipher-algorithms | grep -i wrap
id-aes128-wrap
id-aes192-wrap
id-aes256-wrap
$ openssl version
OpenSSL 1.0.2g 1 Mar 2016
<= this is from a default installed openssl from a Ubuntu 17.10
