W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

padded AES key wrap

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 23 Feb 2009 19:53:07 +0100
Message-Id: <8C31C495-797A-4A3C-88BC-B0F2EE621039@w3.org>
To: XMLSec WG Public List <public-xmlsec@w3.org>
When we last talked about the padded AES key wrap proposed by Housley  
and Dworkin, the question came up whether or not that algorithm gives  
the same values as its unpadded cousin, for the key lengths that are  
supported by both.

The spec:

   http://tools.ietf.org/html/draft-housley-aes-key-wrap-with-pad-00

... makes clear that the values will be different, due to a different  
choice of an alternate initial value; see section 3.

I suggest that we include a reference to this algorithm (with  
algorithm URI) in the FPWD for Encryption, as an optional algorithm.   
(I have some thoughts about optional vs mandatory, but think it's too  
late to do anything about them till we publish the FPWD.)

Specifically, I propose adding:

> 5.6.4 AES Key Wrap with Padding
>
> Identifiers and Requirements
>   http://www.w3.org/2009/xmlenc11#kw-aes-128-pad	(OPTIONAL)
>   http://www.w3.org/2009/xmlenc11#kw-aes-192-pad	(OPTIONAL)
>   http://www.w3.org/2009/xmlenc11#kw-aes-256-pad	(OPTIONAL)
>
> These identifiers are used for symmetric key wrapping using the AES  
> key wrap with padding algorithm with a 128, 192, and 256 bit AES key  
> encrypting key, respectively.
>
> Implementation of AES key wrap with padding is defined in [draft- 
> housley].  The algorithm is defined for inputs between 9 and 2^32  
> octets.  Unlike the unpadded AES Key Wrap algorithm, the input  
> length is not constrained to multiples of 64 bits (8 octets).
>
> Note that the wrapped key will be distinct from the one generated by  
> the unpadded AES Key Wrap algorithm, even if the input length is a  
> multiple of 64 bits.

Bibliography entry:

> [draft-housley] Advanced Encryption Standard (AES) Key Wrap  
> Algorithm with Padding. R. Housley, M. Dworkin. Internet-Draft (Work  
> in Progress), 29 January 2009. http://tools.ietf.org/html/draft-housley-aes-key-wrap-with-pad-00


Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>
Received on Monday, 23 February 2009 18:53:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT