Score:0

What is the advantage of AES key warp as opposed to adding a random nonce?

pk flag

I'm interested in methods of wrapping an AES DEK (Data Encryption Key) using AES KEK (Key Encryption Key). Is there an advantage to using AES key wrap (rfc3394) as opposed to simply adding a random nonce to the DEK before encrypting it?

Context: My KEK is based on a TPM 2.0 (Trusted Platform Module), the device specification does not include AES key wrap and supports a limited block cipher modes of operations (GCM not included). Therefore I'm wondering whether is sufficient wrap the key as follows

  • Prepare the plain text by appending a 32 byte random nonce to the DEK
  • Use CFB mode of operation
  • Use a random 16 byte IV (Initialization Vector)
  • Encrypt using the AES256 KEK based on the TPM
Score:2
fr flag

The advantage of AES key wrap is that it verifies the integrity of the data. When decrypting, the resulting IV must be checked, and if it's not the initial value, the data has been tampered with.

Using CFB is not a good mode of operation because it provides no integrity checking. If you want to use it, use it in the standard way, which is to provide a normal IV and not prepend data to the plaintext, and use a HMAC-SHA-256 to cover the encrypted data (not the plaintext) and the IV. The key you use in this case should be independent of the key you use to encrypt the data, but you could derive both using a single input with a KDF like HKDF.

kelalaka avatar
in flag
Another one is one can change the password without changing the DEK. Also, DEK can be truly random instead of password based.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.