I gave the section on key wrapping to one of our developers to implement and
just finished reviewing the code which he produced. As is not too
supprising, the code which was generated was incorrect and therefore I am
proposing changes to make it easier to implement the code correctly.
1. In section 12.6. Delete the last paragraph. It is no longer needed due
to other changes being made.
2. Replace section 12.6.2 with the following:
1. Modify the content-encryption key to meet any restrictions on the
key. For example, adjust the parity bits for each DES key comprising a
Triple-DES key.
2. Compute a 16-bit key checksum value on the content-encryption key as
described above.
3. Generate a 32-bit random salt value.
4. Concatenate the salt, content-encryption key, and key checksum value.
5. Pad the data to a multiple block size of the key encryptoin algorithm
using the procedures from section 6.3.
6. Encrypt the result with the key-encryption algorithm key. Use an IV
with each octet equal to 'A5' hexadecimal.
Some key-encryption algorithm identifiers include an IV as part of the
parameters. The IV should be encoded as above, but must be ignored and the
above constant used if not correctly encoded.
3. No changes to section 12.6.3
jim