[Cryptech Tech] Key wrap in HW

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Jun 26 01:53:04 UTC 2018


Joachim Strömbergson <joachim.strombergson at assured.se> writes:

>I think Rob, Russ etc need to respond regarding suggestions of changing
>wrapping methods than RFC 3394/RFC 5649 used today.

I'm kinda puzzled why the NIST key wrap was used at all, thus my earlier
question about use cases.  That key wrap was designed to wrap an AES key in
another AES key, not as a means of transporting PKC private keys around.  The
standardised mechanism for crypto devices to store and wrap private keys is
PKCS #15.  

So if the point of doing key wrap is to allow keys to be moved to/from
hardware devices then using the NIST key wrap is going to defeat that purpose.
OTOH if the point is to ensure that keys can only be moved to/from other
Cryptech hardware then maybe that serves the purpose.  Without usage cases
it's impossible to tell whether any set goal has been met or not.

Peter.


More information about the Tech mailing list