Module AESKeyWrap
In: lib/aes_key_wrap/version.rb
lib/aes_key_wrap.rb

A Ruby implementation of AES Key Wrap, a.k.a RFC 3394, a.k.a NIST Key Wrapping

Methods

unwrap   unwrap!   wrap  

Constants

VERSION = '1.0.1'
DEFAULT_IV = 0xA6A6A6A6A6A6A6A6
UnwrapFailedError = Class.new(StandardError)

Public Class methods

unwrap(wrapped_key, kek, expected_iv=DEFAULT_IV)

Unwraps an encrypted key using a key-encrypting key (KEK)

This is an implementation of the "index based" algorithm specified in section 2.2.2 of RFC 3394: www.ietf.org/rfc/rfc3394.txt

@param wrapped_key [String] The wrapped key (cyphertext), as a binary string @param kek [String] The key-encrypting key, as a binary string @param expected_iv [Integer] The IV used to wrap the key, as an unsigned 64bit integer @return [String] The unwrapped (plaintext) key as a binary string, or 

                 `nil` if unwrapping failed due to `expected_iv` not matching the
                 decrypted IV

@see unwrap!

unwrap!(*args)

Exception-throwing version of unwrap

@see unwrap

wrap(unwrapped_key, kek, iv=DEFAULT_IV)

Wraps a key using a key-encrypting key (KEK)

This is an implementation of the "index based" algorithm specified in section 2.2.1 of RFC 3394: www.ietf.org/rfc/rfc3394.txt

@param unwrapped_key [String] The plaintext key to be wrapped, as a binary string @param kek [String] The key-encrypting key, as a binary_string @param iv [Integer] The "initial value", as unsigned 64bit integer @return [String] The wrapped key, as a binary string

[Validate]