[Cryptech Tech] AES SIV mode for key wrapping?

Russ Housley housley at vigilsec.com
Wed Mar 18 20:22:26 UTC 2015


Randy:

> first, the key wrapping does not need to be compatible with anyone else
> as one does not port keys between hsm vendors.

This makes a huge assumption that is not the whole picture.  I'm thinking of wrapping AES keys as well as public/private key pairs.

Consider this common scenario:
1) Use DH or ECDH to generate a pairwise key with each recipient -- these keys will be a key-encryption keys (KEKs).
2) Generate a content-encryption key (CEK), and encrypt the contents that will be delivered to all of the recipients with it.
3) Wrap the CEK in each of the KEKs.
4) transmit the wrapped CEKs and the encrypted content.

Also, there are some Internet-Drafts that talk about centrally generated public/private key pairs.  These get wrapped for distribution.  Do we want to be able to import one of these?


Russ





More information about the Tech mailing list