Questions tagged [key-wrap]

Question 1

I'm trying to understand exactly what nonce-misuse AES-GCM-SIV mode mitigates. Wikipedia says, "In the event a nonce is misused (i.e., used more than once), nothing is revealed except in the ...

Question 2

I am having a hard time understanding this concept as I am new to this world. AES key wrapping says it operates on blocks of 64-bit. I thought 64-bit blocks are not considered safe? Also, doesn’t AES ...

Question 3

AES-128 encrypting the key versus AES Key Wrap. Which one would be the more secure mode of operation to protect encryption keys in storage? Specifically, will both method have same security level ...

Question 4

I'm trying to use LibSodium to implement Key Wrapping using SIV mode (Synthetic Initialization Vector). I'm using this answer as a guide, but I want be sure I understand it correctly. My biggest doubt ...

Question 5

In AES Key Wrap, we apply 6n AES encryptions for an input of n 64-bit blocks. Informally speaking, we wrap the key 6 times. What is the motivation behind 6? Why not 4 or 10? Is there something like a ...

Question 6

It is well-known that AES-GCM requires the IV to be unique for each message that is encrypted with the same key. If the IV ever repeats, with the same key, then AES-GCM fails catastrophically. Now, ...

Question 7

assuming that I have an RSA key of length 4k bit which I'm interested to wrap using AES-GCM, and I have a (limited) AES-GCM cipher which can only encrypt limited input in size (say 256-bit/512-bit ...

Question 8

In PKCS#11 documentation § 2.1.23 is described how to wrap and unwrap a target asymmetric key of any length and type using an RSA key, called CKM_RSA_AES_KEY_WRAP. ...

Question 9

I want to wrap a private key out of a HSM, using an external EC key pair (master key) and then verify that I can recover it. The wrapping occurs as follows: Generate a secret AES key in the HSM, ...

Question 10

The iOS version of Signal application (not the protocol) includes a form of key wrap that I've never seen elsewhere: SHA256-HMAC-SIV. It's used to encrypt your master key with your ...

Question 11

I ask because some vendors of HSM try to avoid the export of wrapped secret key from HSM to insecure storage – storage that does not belong to these vendor’s HSM infrastructure. For example, Thales ...

Question 12

Given a random 256bit key used for data encryption with Streaming AES GCM I would like to wrap it for backup with AES GCM. Is it safe to use ...

Question 13

I am looking at wrapping AES keys with RSA. In NIST SP 800-57 Part 1 Recommendation for Key Management, pg 55 it is estimated that the RSA security-strength equivalent of symmetric AES-256 key would ...

Question 14

Is there any protocol for remote secret key storage without disclosure the key value for remote server administrator?

Question 15

Am following the instructions on https://datatracker.ietf.org/doc/html/rfc5649#section-3 ("AES Key Wrap with Padding Algorithm") and I have gotten to a point where I need to generate the <...

Stack Exchange Network

Questions tagged [key-wrap]

AES-GSM-SIV nonce reuse

AES key wrapping (rfc3394) block size

Security of AES-128 encryption compared to wrapping

SIV Key wrapping with Libsodium

Why is s=6n in AES Key Wrap?

AES-GCM with a fixed IV but a random "wrapped" key

Question about Asymmetric key wrapping using (limited) AES-GCM

Is it possible to wrap a RSA private key using a EC key pair?

Wrap-unwrap of private key using EC master key

Signal's Key Wrap: is it safe and is it custom?

Can export of wrapped secret key to insecure storage be cryptographically secure?

Wrap AES 256bit key with Argon2 without losing entropy

Wrapping "stronger" keys with "weaker" ones?

How to make remote key storage

Generating Alternative Initial Value while wrapping keys with AES

Hot Network Questions