Next: KExp15 key wrapping mechanism, Up: Key wrapping mechanisms [Index]
Key is encrypted using XChaCha20-Poly1305 algorithm. Random 192-bit nonce is prepended to the ciphertext. KEK has 256-bit length.
NONCE = random(24 bytes) NONCE || XChaCha20-Poly1305(key=KEK, ad="", nonce=NONCE, data=CEK)