Key wrapping is the process of encrypting one key using another key, in order to securely store it or transmit it over an untrusted channel. Key wrapping may rely on either symmetric or asymmetric cryptography, depending on the context.
In Key Management Service, key wrapping is used to securely import user-provided cryptographic keys. Importing keys requires an import job, and each import job has an import method that specifies the key wrapping protocol to use.
KMS expects specific formats for imported key material. Before your key material is wrapped for import, you may need to convert it to the format expected by KMS. Formatting keys for import contains details of the required formats, and provides instructions on how you can convert your keys to the required format if necessary.
Once your key material is formatted properly, the
gcloud command-line tool can
automatically wrap your key material before securely transmitting it to
KMS. For details, see Importing a key.
Alternatively, you may manually wrap your keys using the appropriate
cryptographic protocols. Wrapping a key using OpenSSL on Linux provides
one example of how you can do this.
KMS provides the following import methods:
|Import method||Import job key type||Key wrapping algorithm|
|RSA_OAEP_3072_SHA1_AES_256 (recommended)||3072-bit RSA||RSAES-OAEP with SHA-1 + AES-KWP|
|RSA_OAEP_4096_SHA1_AES_256||4096-bit RSA||RSAES-OAEP with SHA-1 + AES-KWP|
Key wrapping algorithms
The import methods provided by KMS correspond to the following key wrapping algorithms:
RSAES-OAEP with SHA-1 + AES-KWP
This key wrapping algorithm is a hybrid encryption scheme that consists of both an asymmetric key wrapping operation and a symmetric key wrapping operation:
- The public key from the import job is used with RSAES-OAEP, using MGF-1 and the SHA-1 digest algorithm, to encrypt a one-time-use AES-256 key. The one-time-use AES-256 key is generated at the time the wrapping is performed.
- The one-time-use AES-256 key from step 1 is used to encrypt the target key material using AES Key Wrap with Padding.
The wrapped key material for import is a single byte array consisting of the results of step 1, followed by the results of step 2. In other words, the results of steps 1 and 2 are concatenated together to form the wrapped key material.
This algorithm is the same as the PKCS #11 key wrapping algorithm CKM_RSA_AES_KEY_WRAP. If you are importing a key from an HSM, and your HSM supports this algorithm, you may use it directly. Alternatively, steps 1 and 2 above can be performed with the PKCS #11 mechanisms CKM_RSA_PKCS_OAEP and CKM_AES_KEY_WRAP_PAD respectively.
If your source HSM (or other key provider if not using HSM) does not support the RSA AES key wrap mechanism, you need to manually wrap your key material using your import job's public key. For one example of how to do this using OpenSSL, see Wrapping a key using OpenSSL on Linux.