<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] constructions are a class of [Symmetric Key Cryptography] [encryption] [algorithms] designed to encapsulate ([encrypt]) [cryptographic] [Keying material] 



[{$pagename}] [algorithms] are intended for [applications] such as protecting keys while in untrusted storage or transmitting keys over untrusted communications networks. The constructions are typically built from standard primitives such as [Block Ciphers] and [Cryptographic Hash Function Comparisons]


[{$pagename}] [algorithms] can be used in a similar application: to securely transport a session key by encrypting it under a long-term [Key Encrypting Key] .

!! [U2F] Key Wrapping
As described in the [U2F] [specification]: “[U2F] tokens might not store [Private Key] material, and instead might export a wrapped [Private Key] as part of the key handle” (from the implementation considerations document).

What does exporting a wrapped [Private Key] mean? Basically this (somewhat simplified): 

When a U2F device is registered, an [Elliptic Curve] key-pair (using the [secp256r1] curve, as specified in the U2F standard) is generated on the device itself. The [Private Key] is then [encrypted] using a [device] master [secret], forming the key handle, which is then sent together with the [Public Key] to be stored on the RP ([WebAuthn Relying Party]) server. To [authenticate], the [WebAuthn Relying Party] sends a challenge together with the key handle, and the [U2F] device [decrypts|Decryption] the wrapped [Private Key] to be able to produce a valid [Digital Signature] for the challenge.

Generally, this is a sound approach, and is secure when done correctly. It does have its drawbacks, however. One is that it feels less secure, as even though the [Private Key] is [encrypted], it does leave the device. In practice as long as the [encryption] used for the [{$pagename}] is strong, this [SHOULD NOT] a problem. Another issue is that it introduces additional complexity to the [protocol], as we now have a new cryptographic primitive ([encryption]), with possible pitfalls.


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Key_Wrap|Wikipedia:Key_Wrap|target='_blank'] - based on information obtained 2020-11-27 
* [#2] - [Yubico’s Take on U2F Key Wrapping|https://www.yubico.com/blog/yubicos-u2f-key-wrapping/|target='_blank'] - based on information obtained 2020-11-27 












</pre>