AES Key Wrap With Padding vs Without Padding
The difference between AES Key Wrap with padding and without padding lies in their input size requirements and handling of short or non-aligned data.
AES Key Wrap Without Padding (RFC 3394)
- Requires input length to be a multiple of 8 bytes (64 bits).
- No padding is added.
- Fails or is invalid if the plaintext key material is not a multiple of 8 bytes.
- Suitable for wrapping keys of fixed sizes (like 128, 192, or 256 bits).
Use Case: Wrapping symmetric keys where length is known and aligned.
AES Key Wrap With Padding (RFC 5649)
- Allows wrapping of key data of any length, even less than 8 bytes or not 8-byte aligned.
- Adds minimal padding to make the input a multiple of 8 bytes.
- Uses a modified initial value (IV) that encodes the original data length.
- Still provides integrity checking and uses the same wrapping core as RFC 3394.
Use Case: Wrapping arbitrary-length data, such as derived keys or custom key blobs.
Summary
| Feature | AES Key Wrap (No Padding) |
AES Key Wrap with Padding |
|---|---|---|
| RFC | RFC 3394 | RFC 5649 |
| Input size | Must be multiple of 8 | Any length |
| Padding | Not used | Used when needed |
| IV format | Fixed constant | Includes original length |
| Common usage | Wrapping symmetric keys | Wrapping variable-length data |