> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Monday, 26 March, 2012 01:52
> I was going through the RFC of AES and it does say we get the IV upon
> unwrapping . Check the below link
> http://www.ietf.org/rfc/rfc3394.txt
Not really. 2.2.3 says
In the final step of
On Mon, Mar 26, 2012 at 1:49 AM, Prashanth kumar N
wrote:
>
> [SNIP]
>> > > <<>> : In my case, i would be storing the wrapped key and
>> > not the original
>> > > key. So when user tries to decrypt the wrapped key, he would get the
>> > > original key but how do i make sure that is the right key.
Hi Dave,
I was going through the RFC of AES and it does say we get the IV upon
unwrapping . Check the below link
http://www.ietf.org/rfc/rfc3394.txt
-Prashanth
On Fri, Mar 23, 2012 at 9:24 AM, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> > Sent: Wednesda
Hi Dave,
I was going through the RFC of AES and it does say we get the IV upon
unwrapping . Check the below link
http://www.ietf.org/rfc/rfc3394.txt
-Prashanth
pkumarn wrote:
>
> Let me go to my white board and see what best i can choose. Issue is we
> don't want to sore any keys as it is, so
Let me go to my white board and see what best i can choose. Issue is we don't
want to sore any keys as it is, so is the reason to choose key wrapping.
pkumarn wrote:
>
> One more thanks from side for replying to this query.,.. my comments
> inline...
>
>
> So are you saying that their is n
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Wednesday, 21 March, 2012 02:02
> One more thanks from side for replying to this query.,.. my comments
> inline...
>
Aside: Usenet convention is response lines, including 'inline'
ones, have no prefix, and (all) quoted lines do
One more thanks from side for replying to this query.,.. my comments
inline...
So are you saying that their is no way to extract IV and check back if the
decrypted key matches the encrypted key? I feel this would give space for
more vulnerabilities as one needs to make sure before using the decr
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Monday, 19 March, 2012 09:17
> I have a requirement of wrapping a 512-bit DEK witk 256 bit
> KEK. I picked up
> openssl API and figured out that it provides AES_wrap_key()
> to do the job. I
OpenSSL's AES_{wrap,unwrap}_key doe
Hi,
I have a requirement of wrapping a 512-bit DEK witk 256 bit KEK. I picked up
openssl API and figured out that it provides AES_wrap_key() to do the job. I
wrote a small program (snippet below) to get the job done but when i check
out the values in "dek", i see all values as zero. Not sure what
