[Cryptech Tech] AES SIV mode for key wrapping?
Rob Austein
sra at hactrn.net
Tue Mar 17 09:36:56 UTC 2015
So our roadmap (under construction, but also under discussion today)
lists AES as a requirement for key wrapping for HSM backup.
Specifically, it lists SIV mode, which is one I hadn't heard of until
now. RFC 5297 is interesting, but I'm not competent to have an
opinion on crypto at this level.
Crypto guys (Russ, PeterG, etc), please confirm that SIV is the mode
we should be using for this, or tell us what we should use instead.
Is SIV also an appropriate mode to use for the encrypted key store
within the HSM?
More information about the Tech
mailing list