Build Status Test Coverage

AESKeyWrap

A Ruby implementation of AES Key Wrap, a.k.a RFC 3394, a.k.a NIST Key Wrap.

Usage

To wrap a key, call AESKeyWrap.wrap with:

  • The plain text key
  • A key-encrypting key (KEK)
  • An "initial value" (optional)
require 'aes_key_wrap'

plaintext_key = ['00112233445566778899AABBCCDDEEFF'].pack('H*') #binary string
kek =  ['000102030405060708090A0B0C0D0E0F'].pack('H*') # binary string
iv = ['DEADBEEFC0FFEEEE'].pack("H*") # binary string (always 8 bytes)

wrapped_key = AESKeyWrap.wrap(plaintext_key, kek, iv)  # iv is optional

To unwrap a key, call AESKeyWrap.unwrap:

unwrapped = AESKeyWrap.unwrap(wrapped_key, kek, iv)  # iv is optional

There also unwrap!, which throws an exception if unwrapping fails, instead of returning nil.

Contributing

Make sure it's got tests, then do the usual fork and pull request hooha.