[This feature is a licensed version feature] Those who require a license can obtain a 30-day license from the [Program Key Issuance] page.
KeyWrap is a type of symmetric key cryptography algorithm designed to encrypt (encapsulate) a cryptographic key.
In other words, it is a standard technology (RFC3394) that encrypts a key to protect it on a common device.
This feature is a standard method for encrypting keys.
RFC3394 specifies the AES Key Wrap Algorithm, which uses AES for internal encryption.
Note that other block ciphers can also be used, but they don’t appear to be standardized yet.
There are two key wrap methods: KW and KWP, which differ in the presence or absence of padding for the source key.
Then, you can obtain the KeyWrap value by using the key encryption function in BerEditor. To access the key encryption function, select Encryption -> Key Management -> Key Encryption.
KeyWrap Encryption
Encrypting the key value Let’s try it.
- 1 First, select the key encryption method. : KW
-
- There are two methods, KW and KWP, and you can choose whether to use padding.
-
- 2 Enter the key value to be encrypted.
- 3 KEK stands for Key Encryption Key. Enter the key value used for encryption.
- 4 Select Encryption (KeyWrap).
- 5 Execute.
- 6 This is the resulting key value after KeyWrap.
KeyUnwrap Decryption
Decrypts the encrypted key value. Let’s try it.
- 1 Select KW. Select the same option as when encrypting.
- 2 Enter the KeyWrapped encryption key.
- 3 Enter the same KEK value used for encryption.
- 4 Select Unwrap to decrypt.
- 5 Execute Run.
- 6 Displays the decrypted key value.
Enter the 24-byte KeyWrap generated during encryption as the input value.
Enter the same KEK value and click “Decrypt.”
The resulting 16-byte key value will be displayed.
Conclusion
Usually, keys are used during encryption/decryption. To safely store these keys, we used the standard KeyWrap/KeyUnwrap.
For reference, the internal key algorithm used is the AES algorithm.