README.md

AES Key Wrap

A PHP library for AES Key Wrap (RFC 3394) algorithm with padding (RFC 5649) support.

Supports AES key sizes of 128, 192 and 256 bits.

Requirements

• PHP >=7.2
• openssl
• hash

Installation

This library is available on Packagist.

composer require sop/aes-kw

Code examples

Here are some simple usage examples. Namespaces are omitted for brevity.

Wrap a 128 bit key with AES-128

Wrap a key of 16 bytes using a 16-byte key encryption key.

$kek = '0123456789abcdef'; // 128-bit key encryption key
$key = 'MySecretPassword'; // key to encrypt
$algo = new AESKW128();
$ciphertext = $algo->wrap($key, $kek);
echo bin2hex($ciphertext);

Outputs:

89efdbc3501f1f5e952a4bbae1329c9f1a47b9fd61b48dee

Unwrap a key

Unwrap a key from previous example. $kek and $algo variables are the same. $ciphertext variable contains the output from a wrapping procedure.

$key = $algo->unwrap($ciphertext, $kek);
echo $key;

Outputs:

MySecretPassword

Wrap an arbitrary length passphrase with AES-192

Wrapping a key that is not a multiple of 64 bits requires padding.

$kek = '012345678901234567890123'; // 192-bit key encryption key
$key = 'My hovercraft is full of eels.'; // passphrase to encrypt
$algo = new AESKW192();
$ciphertext = $algo->wrapPad($key, $kek);
echo bin2hex($ciphertext);

Outputs:

f319811450badfe4385b5534bf26fa6f9fdcd1a593b3ae6b707f15c1015bbf3faf58619818bd8784

Unwrap a key with padding

Key that was wrapped with padding must be unwrapped with unwrapPad.

$key = $algo->unwrapPad($ciphertext, $kek);
echo $key;

Outputs:

My hovercraft is full of eels.

License

This project is licensed under the MIT License.