Type Alias fxfs_crypto::WrappedKey

source ·

pub type WrappedKey = WrappedKeyV32;

Aliased Type§

struct WrappedKey {
    pub wrapping_key_id: u64,
    pub key: WrappedKeyBytesV32,
}

Fields§

§wrapping_key_id: u64

The identifier of the wrapping key. The identifier has meaning to whatever is doing the unwrapping.

§key: WrappedKeyBytesV32

AES 256 requires a 512 bit key, which is made of two 256 bit keys, one for the data and one for the tweak. It is safe to use the same 256 bit key for both (see https://csrc.nist.gov/CSRC/media/Projects/Block-Cipher-Techniques/documents/BCM/Comments/XTS/follow-up_XTS_comments-Ball.pdf) which is what we do here. Since the key is wrapped with AES-GCM-SIV, there are an additional 16 bytes paid per key (so the actual key material is 32 bytes once unwrapped).