Package com.google.crypto.tink.subtle
Class Kwp
- java.lang.Object
-
- com.google.crypto.tink.subtle.Kwp
-
- All Implemented Interfaces:
KeyWrap
@Deprecated public class Kwp extends java.lang.Object implements KeyWrap
Deprecated.Tink does not support KeyWrap anymore. This implementation was fallback code for old providers that did not implement KWP. It implements the same functionality asCipher.getInstance("AESWRAPPAD");. Some provider use a different algorithm name:Cipher.getInstance("AES/KWP/NoPadding");.Implements the key wrapping primitive KWP defined in NIST SP 800 38f. The same encryption mode is also defined in RFC 5649. The NIST document is used here as a primary reference, since it contains a security analysis and further recommendations. In particular, Section 8 of NIST SP 800 38f suggests that the allowed key sizes may be restricted. The implementation in this class requires that the key sizes are in the range MIN_WRAP_KEY_SIZE and MAX_WRAP_KEY_SIZE.The minimum of 16 bytes has been chosen, because 128 bit keys are the smallest key sizes used in tink. Additionally, wrapping short keys with KWP does not use the function W and hence prevents using security arguments based on the assumption that W is strong pseudorandom. (I.e. one consequence of using a strong pseudorandom permutation as an underlying function is that leaking partial information about decrypted bytes is not useful for an attack.)
The upper bound for the key size is somewhat arbitrary. Setting an upper bound is motivated by the analysis in section A.4 of NIST SP 800 38f: forgeries of long messages is simpler than forgeries of short message.
-
-
Constructor Summary
Constructors Constructor Description Kwp(byte[] key)Deprecated.Construct a new Instance for KWP.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description byte[]unwrap(byte[] data)Deprecated.Unwraps a wrapped key.byte[]wrap(byte[] data)Deprecated.Wraps some key materialdata.
-