Apologies if this has been mentioned before but in the last version of
the key wrapping standard I have:
5. Generate the number of pad octets necessary to make the
result a multiple of the key-encryption algorithm block
size, then append them to the result.
This sounds as though it is incompatible with PKCS padding which adds a
block of padding octets if the result is already a multiple of the block
size.
Since (from what I can see) symmetric algorithms for the message
encryption use PKCS padding (see CMS 6.3) I see no real reason why it
shouldn't be also applied here: it does add a small additional integrity
check. Otherwise two different padding schemes would be applied, no
padding (for key wrap) and PKCS padding (for content encryption).
Steve.
--
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)drh-consultancy(_dot_)demon(_dot_)co(_dot_)uk
PGP key: via homepage.