This library provides three classes:
AESKW\A128KW: AES 128 key wrapAESKW\A192KW: AES 192 key wrapAESKW\A256KW: AES 256 key wrap
In the following example, we will wrap the key key using the KEK kek and AES 128:
<?php
// We use the AES 128 algorithm
use AESKW\A128KW;
// The Key Encryption Key
$kek = hex2bin("000102030405060708090A0B0C0D0E0F");
// The key we want to wrap
$key = hex2bin("00112233445566778899AABBCCDDEEFF");
// We wrap the key
$wrapped_key = A128KW::wrap($kek, $key); // Must return "1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5"
// We unwrap the key
$unwrapped_key = A128KW::unwrap($kek, $wrapped_key); // The result must be the same value as the keyIn the following example, we will wrap the key key using the KEK kek using AES 128. The main difference with the RFC3394 is that you can wrap a key of any practical size:
<?php
// We use the AES 128 algorithm
use AESKW\A128KW;
// The Key Encryption Key
$kek = hex2bin("000102030405060708090A0B0C0D0E0F");
// The key we want to wrap. Please note that the size is not exactly a 64 bits-block
$key = hex2bin("0011223344");
// We wrap the key. Please note that the third parameter enable the key padding (RFC6549)
$wrapped_key = A128KW::wrap($kek, $key, true); // Must return "9E53E571ED4669A51A4B8724788F8C80"
// We unwrap the key. Please note that the third parameter enable the key padding (RFC6549)
$unwrapped_key = A128KW::unwrap($kek, $wrapped_key, true); // The result must be the same value as the key