CLOUDAPI

AES-128-WRAP-PAD ENCRYPTION TOOL

Other Crypto Algorithms

AES-128-CBC AES-128-CBC-CTS AES-128-CBC-HMAC-SHA1 AES-128-CBC-HMAC-SHA256 AES-128-CCM AES-128-CFB AES-128-CFB1 AES-128-CFB8 AES-128-CTR AES-128-ECB AES-128-GCM AES-128-GCM-SIV AES-128-OCB AES-128-OFB AES-128-SIV AES-128-WRAP AES-128-WRAP-INV AES-128-WRAP-PAD AES-128-WRAP-PAD-INV AES-128-XTS AES-192-CBC AES-192-CBC-CTS AES-192-CCM AES-192-CFB AES-192-CFB1 AES-192-CFB8 AES-192-CTR AES-192-ECB AES-192-GCM AES-192-GCM-SIV AES-192-OCB AES-192-OFB AES-192-SIV AES-192-WRAP AES-192-WRAP-INV AES-192-WRAP-PAD AES-192-WRAP-PAD-INV AES-256-CBC AES-256-CBC-CTS AES-256-CBC-HMAC-SHA1 AES-256-CBC-HMAC-SHA256 AES-256-CCM AES-256-CFB AES-256-CFB1 AES-256-CFB8 AES-256-CTR AES-256-ECB AES-256-GCM AES-256-GCM-SIV AES-256-OCB AES-256-OFB AES-256-SIV AES-256-WRAP AES-256-WRAP-INV AES-256-WRAP-PAD AES-256-WRAP-PAD-INV AES-256-XTS ARIA-128-CBC ARIA-128-CCM ARIA-128-CFB ARIA-128-CFB1 ARIA-128-CFB8 ARIA-128-CTR ARIA-128-ECB ARIA-128-GCM ARIA-128-OFB ARIA-192-CBC ARIA-192-CCM ARIA-192-CFB ARIA-192-CFB1 ARIA-192-CFB8 ARIA-192-CTR ARIA-192-ECB ARIA-192-GCM ARIA-192-OFB ARIA-256-CBC ARIA-256-CCM ARIA-256-CFB ARIA-256-CFB1 ARIA-256-CFB8 ARIA-256-CTR ARIA-256-ECB ARIA-256-GCM ARIA-256-OFB CAMELLIA-128-CBC CAMELLIA-128-CBC-CTS CAMELLIA-128-CFB CAMELLIA-128-CFB1 CAMELLIA-128-CFB8 CAMELLIA-128-CTR CAMELLIA-128-ECB CAMELLIA-128-OFB CAMELLIA-192-CBC CAMELLIA-192-CBC-CTS CAMELLIA-192-CFB CAMELLIA-192-CFB1 CAMELLIA-192-CFB8 CAMELLIA-192-CTR CAMELLIA-192-ECB CAMELLIA-192-OFB CAMELLIA-256-CBC CAMELLIA-256-CBC-CTS CAMELLIA-256-CFB CAMELLIA-256-CFB1 CAMELLIA-256-CFB8 CAMELLIA-256-CTR CAMELLIA-256-ECB CAMELLIA-256-OFB CHACHA20 CHACHA20-POLY1305 DES-EDE-CBC DES-EDE-CFB DES-EDE-ECB DES-EDE-OFB DES-EDE3-CBC DES-EDE3-CFB DES-EDE3-CFB1 DES-EDE3-CFB8 DES-EDE3-ECB DES-EDE3-OFB DES3-WRAP 

The AES-128-WRAP-PAD algorithm is a symmetric key cryptographic mechanism designed to securely wrap (encrypt) cryptographic keys with added padding. It is a variant of the AES key wrapping standard defined in RFC 5649, which extends the original AES key wrap specification (RFC 3394) to accommodate plaintext of arbitrary length through padding. The algorithm operates using a 128-bit key size, providing a balance of security and performance for key management purposes.

Key Features

  • Symmetric encryption: Uses a single 128-bit AES key for both encryption and decryption processes.
  • Key wrapping: Protects other keys by encrypting them securely while preserving their integrity.
  • Padding support: Adds padding to plaintext that does not align with the 64-bit block size required by AES key wrap.
  • Integrity verification: The algorithm includes mechanisms to detect modifications or corruption of wrapped keys during transport or storage.

Algorithm Steps

  1. Input preparation: The plaintext key material is divided into 64-bit blocks. If the total length is not a multiple of 64 bits, padding is applied according to the RFC 5649 specification.
  2. Initialization: An initial value (IV) is constructed, typically derived from a constant specified in the standard, which helps in integrity checking during the unwrap process.
  3. Iterative encryption: AES encryption in Electronic Codebook (ECB) mode is applied iteratively to the blocks, combining them with the IV through XOR operations to produce wrapped key blocks.
  4. Output generation: The final wrapped key consists of the encrypted blocks concatenated with the transformed IV. This output is of fixed length, including padding if applied.
  5. Decryption (unwrapping): The inverse process reverses the XOR and AES operations, removing padding if present and verifying the integrity of the recovered plaintext key material using the original IV.

Security Considerations

  • The use of a 128-bit AES key provides strong confidentiality suitable for key management systems.
  • Padding ensures that keys of arbitrary lengths can be safely wrapped without leaking structural information.
  • Integrity verification prevents undetected tampering with wrapped keys, mitigating risks during storage or transmission.
  • Compliance with RFC 5649 ensures interoperability across systems implementing AES key wrapping with padding.

Applications

AES-128-WRAP-PAD is commonly applied in secure storage of cryptographic keys, transmission of keys between secure modules, and scenarios where key length variability requires a robust padding mechanism. It is widely used in hardware security modules (HSMs), software key management systems, and other environments requiring authenticated key transport.

Any copying, distribution, or use of the materials from this service without authorization is strictly prohibited. Violations will be prosecuted under applicable law and may result in both civil and criminal liability.

© CLOUDAPI STUDIO 2026