"Jim Schaad" <jimsch(_at_)nwlink(_dot_)com> writes:
It is true that the wrapping algorithm in RFC 3211 exists and could be used
for the HMAC wrapping process. However the pure Triple-DES wrap algorithm was
required to implement CMS, and it is still a required algorithm for
impliementing Diffie-Hellman key management in the cmsalg.
... which virtually nothing implements. Hardly a strong argument for using it.
Given that it is a required algorithm, it seems to be a good base to expand
But it still has the problem that every single little variation requires a
completely new RFC to handle it, whereas the RFC 3211 wrap covers any algorithm
type and key combination. You implement it once, and it works for everything.
(In fact the 3211 wrap is parameterised, something I added at your insistence,
so there's no reason it can't be adapted to do whatever you need).
The AES key wrap algorithm is currently on track to become the standard key
wrap algorithm for use with AES. Again, given that it is expected to be the
standard algorithm, it seems to be a good base to expand on.
It's yet another special-case variation which people have to implement.
I personally have some security reservations about the key wrap algorithm
given in RFC 3211. Triple-DES key wrap received significant peer review.
See my private reply.