While perusing PKCS#11 I came across a couple of descriptions for
wrapping one secret (symmetric) key inside another. It is in section
11.18.2 and 11.18.4 or thereabouts.
The most usable method is the "naive" method I'd mentioned before which
involves the following.
1. Take the content encryption key.
2. Pad to a multiple of the wrapping cipher block length using PKCS
padding (as mentioned in PKCS#7 and PKCS#5).
3. Encrypt using the wrapping cipher.
The fact that this can be done with a library that implements enough
of PKCS#11 has the advantage that neither the wrapping key nor the
content encryption key have to be revealed outside the library
internals. Any other method would require at least one key being
revealed in plain text in the implementation.
An additional EncryptionAlgorithmIdentifier added to the CMS would allow
separate IVs and separate encryption algorithms to be used for content
encryption and key wrapping.
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: via homepage.