Joachim Strömbergson <joachim.stromberg...@assured.se> writes: >I think Rob, Russ etc need to respond regarding suggestions of changing >wrapping methods than RFC 3394/RFC 5649 used today.
I'm kinda puzzled why the NIST key wrap was used at all, thus my earlier question about use cases. That key wrap was designed to wrap an AES key in another AES key, not as a means of transporting PKC private keys around. The standardised mechanism for crypto devices to store and wrap private keys is PKCS #15. So if the point of doing key wrap is to allow keys to be moved to/from hardware devices then using the NIST key wrap is going to defeat that purpose. OTOH if the point is to ensure that keys can only be moved to/from other Cryptech hardware then maybe that serves the purpose. Without usage cases it's impossible to tell whether any set goal has been met or not. Peter. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
