How Do We Protect An Encryption Key? Meet Key Wrapping
The protection of encryption keys is important, and where they often have to be protected. This is especially important for a symmetric key or for a private key of a public key pair. For this, we can use key wrapping and make sure the key cannot be used, unless we have a secret master key. One standard for this is RFC 5649 [here] and which defines the Advanced Encryption Standard (AES) Key Wrap algorithm (AES-KW1, AES-KW2). This page uses the Hazmat implementation of [RFC 3394]. With RFC 3394, the length of the key to be wrapped needs to be a multiple of 64 bits, whereas RFC 5549 eliminates this.
With AES-KW, we use an AES key-encryption key (KEK) with a length of 128, 192, or 256 bits, and where we will get 64-bit blocks as an output. If we can either generate this randomly or usea a key derivation function (such as HKDF) to generate a key of a given size. In this case we will generate a 16 byte (128 bit) key using HKDF. We can then encrypt data with a key (K1) and which will then be wrapped to give WRAP(K1). To decrypt, we then need the KEK to recover K1. The unwrapping process also checks the integrity of the key.
The protection of the keys by the KEK means that the wrapped keys could then be stored within a Cloud-based system (the red key in Figure 1), but where the KEK will then be protected from access. When the…
