A PHP library for AES Key Wrap (RFC 3394) algorithm with padding (RFC 5649) support.
Supports AES key sizes of 128, 192 and 256 bits.
- PHP >=7.2
- openssl
- hash
This library is available on Packagist.
composer require sop/aes-kw
Here are some simple usage examples. Namespaces are omitted for brevity.
Wrap a key of 16 bytes using a 16-byte key encryption key.
$kek = '0123456789abcdef'; // 128-bit key encryption key
$key = 'MySecretPassword'; // key to encrypt
$algo = new AESKW128();
$ciphertext = $algo->wrap($key, $kek);
echo bin2hex($ciphertext);
Outputs:
89efdbc3501f1f5e952a4bbae1329c9f1a47b9fd61b48dee
Unwrap a key from previous example. $kek
and $algo
variables are the same.
$ciphertext
variable contains the output from a wrapping procedure.
$key = $algo->unwrap($ciphertext, $kek);
echo $key;
Outputs:
MySecretPassword
Wrapping a key that is not a multiple of 64 bits requires padding.
$kek = '012345678901234567890123'; // 192-bit key encryption key
$key = 'My hovercraft is full of eels.'; // passphrase to encrypt
$algo = new AESKW192();
$ciphertext = $algo->wrapPad($key, $kek);
echo bin2hex($ciphertext);
Outputs:
f319811450badfe4385b5534bf26fa6f9fdcd1a593b3ae6b707f15c1015bbf3faf58619818bd8784
Key that was wrapped with padding must be unwrapped with unwrapPad
.
$key = $algo->unwrapPad($ciphertext, $kek);
echo $key;
Outputs:
My hovercraft is full of eels.
This project is licensed under the MIT License.