V6 Cryptography - Key wrapping explanation #2246

danielcuthbert · 2024-11-05T14:42:30Z

danielcuthbert · 2024-11-05T15:41:06Z

I totally agree with this and feel we should not only explain what key wrapping is, but also when it should be used. My attempt at this is as follows (please by all means give feedback on if you feel it is legitimate and usable)

Cryptographic key wrapping is a method of protecting keys by encrypting a key using symmetric encryption in order to encapsulate said keys/material. The key used to encrypt the other key is called the wrapping key. This is often performed when you want to protect keys in places deemed untrustworthy, or send sensitive keys over untrusted networks or within applications.

james-bitherder · 2024-11-05T19:06:54Z

Suggested edit:
Cryptographic key wrap (and corresponding key unwrap) is a method of protecting an existing key by encapsulating (i.e. wrapping) it by employing an additional encryption mechanism so that the original key is not obviously exposed, e.g. during a transfer. This additional key used to protect the original key is referred to as the the wrap key.
This operation may be performed when it is desirable to protect keys in places deemed untrustworthy, or to send sensitive keys over untrusted networks or within applications.
However, serious consideration should be given to understanding the nature (e.g. the identity and the purpose) of the original key prior to committing to a wrap/unwrap procedure as this may have repercussions for both source and target systems/applications in terms of security and especially compliance which may include audit trails of a key's function (e.g. signing) as well as appropriate key storage.

randomstuff · 2024-11-05T19:46:53Z

I (so far) do not really know/understand (but I shall do my homework and find the answer 😉) why key wrapping as a special construct is useful in contrast to encrypting the key with some general encryption method (with some authentication). Maybe this should be clarified here?

danielcuthbert · 2024-11-06T15:03:53Z

It should, I'm just not sure if this is an Appendix addition over a requirement.

jmanico · 2024-11-06T15:05:07Z

...is key wrapping the same as envelope encryption?

danielcuthbert · 2024-11-06T15:56:16Z

@jmanico related but not the same. Envelope encryption involves encrypting the data using a data encryption key (DEK) and encrypting the DEK using the key encryption key (KEK) hence the envelope analogy

danielcuthbert added _5.0 - prep This needs to be addressed to prepare 5.0 V6 labels Nov 5, 2024

danielcuthbert self-assigned this Nov 5, 2024

danielcuthbert added the 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet label Nov 5, 2024

tghosth added _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine. AppendixV Appendix with crypto details and removed _5.0 - prep This needs to be addressed to prepare 5.0 V6 labels Nov 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

V6 Cryptography - Key wrapping explanation #2246

V6 Cryptography - Key wrapping explanation #2246

danielcuthbert commented Nov 5, 2024

danielcuthbert commented Nov 5, 2024

james-bitherder commented Nov 5, 2024

randomstuff commented Nov 5, 2024 •

edited

Loading

danielcuthbert commented Nov 6, 2024

jmanico commented Nov 6, 2024

danielcuthbert commented Nov 6, 2024

V6 Cryptography - Key wrapping explanation #2246

V6 Cryptography - Key wrapping explanation #2246

Comments

danielcuthbert commented Nov 5, 2024

danielcuthbert commented Nov 5, 2024

james-bitherder commented Nov 5, 2024

randomstuff commented Nov 5, 2024 • edited Loading

danielcuthbert commented Nov 6, 2024

jmanico commented Nov 6, 2024

danielcuthbert commented Nov 6, 2024

randomstuff commented Nov 5, 2024 •

edited

Loading