RFC 3537 (rfc3537) - Page 2 of 9
Wrapping a Hashed Message Authentication Code (HMAC) key with a Triple-Data Encryption Standard (DES) Key or an Advanced Encryption Standard (AES) Key
Alternative Format: Original Text Document
RFC 3537 HMAC Key Wrap May 2003
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119
[STDWORDS].
2. HMAC Key Guidelines
[HMAC] suggests that the key be at least as long as the output (L) of
the hash function being used. When keys longer than the block size
of the hash algorithm are used, they are hashed and the resulting
hash value is used. Using keys much longer than L provides no
security benefit, unless the random function used to create the key
has low entropy output.
3. HMAC Key Wrapping and Unwrapping with Triple-DES
This section specifies the algorithms for wrapping and unwrapping an
HMAC key with a 3DES KEK [3DES].
The 3DES wrapping of HMAC keys is based on the algorithm defined in
Section 3 of [3DES-WRAP]. The major differences are due to the fact
that an HMAC key is of variable length and the HMAC key has no
particular parity.
In the algorithm description, "a || b" is used to represent 'a'
concatenated with 'b'.
3.1 Wrapping an HMAC Key with a Triple-DES Key-Encryption Key
This algorithm encrypts an HMAC key with a 3DES KEK. The algorithm
is:
1. Let the HMAC key be called KEY, and let the length of KEY in
octets be called LENGTH. LENGTH is a single octet.
2. Let LKEY = LENGTH || KEY.
3. Let LKEYPAD = LKEY || PAD. If the length of LKEY is a multiple
of 8, the PAD has a length of zero. If the length of LKEY is not
a multiple of 8, then PAD contains the fewest number of random
octets to make the length of LKEYPAD a multiple of 8.
4. Compute an 8 octet key checksum value on LKEYPAD as described in
Section 2 of [3DES-WRAP], call the result ICV.
5. Let LKEYPADICV = LKEYPAD || ICV.
6. Generate 8 octets at random, call the result IV.
Schaad & Housley Standards Track