Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [key-wrap]

Key Wrap constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material.

The Key Wrap algorithms are intended for applications such as protecting keys while in untrusted storage or transmitting keys over untrusted communications networks. The constructions are typically built from standard primitives such as block ciphers and cryptographic hash functions.

43 questions
9
votes
2 answers

Is AES-Keywrap (NIST SP 800-38F) quantum-safe?

Having looked at the paper "Breaking Symmetric Cryptosystems using Quantum Period Finding", I'm unsure as to whether the AES-Keywrap as defined by NIST SP 800-38F is safe against the described attack or not. I also came up empty handed on…
thera
  • 346
  • 2
  • 8
2
votes
1 answer

Can export of wrapped secret key to insecure storage be cryptographically secure?

I ask because some vendors of HSM try to avoid the export of wrapped secret key from HSM to insecure storage – storage that does not belong to these vendor’s HSM infrastructure. For example, Thales prefer to backup keys to another Thales HSM – most…
Vlad
  • 81
  • 9
1
vote
1 answer

How to make remote key storage

Is there any protocol for remote secret key storage without disclosure the key value for remote server administrator?
Rinat Shakirov
  • 21
  • 3
1
vote
0 answers

AES Keywrap implementation supporting 8 byte keys

NIST SP800-38F specifies key wrapping algorithms. An important distinction between KW (without padding) and KWP (with padding) seems to be that KW cannot be used to wrap keys of length 8 bytes i.e. 1 semiblock in the NIST specification. On the other…
sce
  • 257
  • 2
  • 6
1
vote
1 answer

Wrapping "stronger" keys with "weaker" ones?

I am looking at wrapping AES keys with RSA. In NIST SP 800-57 Part 1 Recommendation for Key Management, pg 55 it is estimated that the RSA security-strength equivalent of symmetric AES-256 key would be a RSA key with 15360 bits modulus. This RSA key…
Lajos Pajtek
  • 13
  • 3