(Android™) AES Key Wrap / Unwrap

Demonstrates the AesKeyWrap and AesKeyUnwrap methods that were added to Chilkat v9.5.0.66.

This example implements the AES Key Wrap Algorithm as described in RFC 3394. It demonstrates wrapping and unwrapping the test data provided in the RFC. This example requires Chilkat v9.5.0.66 or later.

Chilkat Android™ Downloads Android™ Java Libraries Android C/C++ Libraries

// Important: Don't forget to include the call to System.loadLibrary
// as shown at the bottom of this code sample.
package com.test;

import android.app.Activity;
import com.chilkatsoft.*;

import android.widget.TextView;
import android.os.Bundle;

public class SimpleActivity extends Activity {

  private static final String TAG = "Chilkat";

  // Called when the activity is first created.
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: This example requires Chilkat v9.5.0.66 or later.

    CkCrypt2 crypt = new CkCrypt2();

    // The KEK is the Key Encryption Key.  It's the AES key that is used
    // to wrap another AES key which is called the "Key Data".

    // The KEK can be 128-bit, 192-bit, or 256-bit.  
    // (In other words, it can be 16 bytes, 24 bytes, or 32 bytes)

    // The Key Data must be a multiple of 64-bits in length.  (i.e. a multiple of 8 bytes)
    // The AES Key Wrap algorithm can wrap not only AES keys, but any data that is a
    // multiple of 8 bytes in size.

    String kek;
    String keyData;
    String wrappedKey;
    String expected;
    String unwrappedKey;
    String encoding = "hex";

    // Use a 128-bit KEK to wrap a 128-bit AES key.
    kek = "000102030405060708090A0B0C0D0E0F";
    keyData = "00112233445566778899AABBCCDDEEFF";
    expected = "1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5";

    Log.i(TAG, "---- Use a 128-bit KEK to wrap a 128-bit AES key.");
    Log.i(TAG, "kek = " + kek);
    Log.i(TAG, "keyData = " + keyData);
    Log.i(TAG, "expected = " + expected);
    wrappedKey = crypt.aesKeyWrap(kek,keyData,encoding);
    Log.i(TAG, "computed = " + wrappedKey);
    unwrappedKey = crypt.aesKeyUnwrap(kek,wrappedKey,encoding);
    Log.i(TAG, "unwrapped = " + unwrappedKey);
    Log.i(TAG, "----");

    // Use a 192-bit KEK to wrap a 128-bit AES key.
    kek = "000102030405060708090A0B0C0D0E0F1011121314151617";
    keyData = "00112233445566778899AABBCCDDEEFF";
    expected = "96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D";

    Log.i(TAG, "---- Use a 192-bit KEK to wrap a 128-bit AES key.");
    Log.i(TAG, "kek = " + kek);
    Log.i(TAG, "keyData = " + keyData);
    Log.i(TAG, "expected = " + expected);
    wrappedKey = crypt.aesKeyWrap(kek,keyData,encoding);
    Log.i(TAG, "computed = " + wrappedKey);
    unwrappedKey = crypt.aesKeyUnwrap(kek,wrappedKey,encoding);
    Log.i(TAG, "unwrapped = " + unwrappedKey);
    Log.i(TAG, "----");

    // Use a 256-bit KEK to wrap a 128-bit AES key.
    kek = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F";
    keyData = "00112233445566778899AABBCCDDEEFF";
    expected = "64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7";

    Log.i(TAG, "---- Use a 256-bit KEK to wrap a 128-bit AES key.");
    Log.i(TAG, "kek = " + kek);
    Log.i(TAG, "keyData = " + keyData);
    Log.i(TAG, "expected = " + expected);
    wrappedKey = crypt.aesKeyWrap(kek,keyData,encoding);
    Log.i(TAG, "computed = " + wrappedKey);
    unwrappedKey = crypt.aesKeyUnwrap(kek,wrappedKey,encoding);
    Log.i(TAG, "unwrapped = " + unwrappedKey);
    Log.i(TAG, "----");

    // Use a 192-bit KEK to wrap a 192-bit AES key.
    kek = "000102030405060708090A0B0C0D0E0F1011121314151617";
    keyData = "00112233445566778899AABBCCDDEEFF0001020304050607";
    expected = "031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2";

    Log.i(TAG, "---- Use a 192-bit KEK to wrap a 192-bit AES key.");
    Log.i(TAG, "kek = " + kek);
    Log.i(TAG, "keyData = " + keyData);
    Log.i(TAG, "expected = " + expected);
    wrappedKey = crypt.aesKeyWrap(kek,keyData,encoding);
    Log.i(TAG, "computed = " + wrappedKey);
    unwrappedKey = crypt.aesKeyUnwrap(kek,wrappedKey,encoding);
    Log.i(TAG, "unwrapped = " + unwrappedKey);
    Log.i(TAG, "----");

    // Use a 256-bit KEK to wrap a 192-bit AES key.
    kek = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F";
    keyData = "00112233445566778899AABBCCDDEEFF0001020304050607";
    expected = "A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1";

    Log.i(TAG, "---- Use a 256-bit KEK to wrap a 192-bit AES key.");
    Log.i(TAG, "kek = " + kek);
    Log.i(TAG, "keyData = " + keyData);
    Log.i(TAG, "expected = " + expected);
    wrappedKey = crypt.aesKeyWrap(kek,keyData,encoding);
    Log.i(TAG, "computed = " + wrappedKey);
    unwrappedKey = crypt.aesKeyUnwrap(kek,wrappedKey,encoding);
    Log.i(TAG, "unwrapped = " + unwrappedKey);
    Log.i(TAG, "----");

    // Use a 256-bit KEK to wrap a 256-bit AES key.
    kek = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F";
    keyData = "00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F";
    expected = "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21";

    Log.i(TAG, "---- Use a 256-bit KEK to wrap a 256-bit AES key.");
    Log.i(TAG, "kek = " + kek);
    Log.i(TAG, "keyData = " + keyData);
    Log.i(TAG, "expected = " + expected);
    wrappedKey = crypt.aesKeyWrap(kek,keyData,encoding);
    Log.i(TAG, "computed = " + wrappedKey);
    unwrappedKey = crypt.aesKeyUnwrap(kek,wrappedKey,encoding);
    Log.i(TAG, "unwrapped = " + unwrappedKey);
    Log.i(TAG, "----");

    // The output:
    // 
    // 	---- Use a 128-bit KEK to wrap a 128-bit AES key.
    // 	kek = 000102030405060708090A0B0C0D0E0F
    // 	keyData = 00112233445566778899AABBCCDDEEFF
    // 	expected = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5
    // 	computed = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5
    // 	unwrapped = 00112233445566778899AABBCCDDEEFF
    // 	----
    // 	---- Use a 192-bit KEK to wrap a 128-bit AES key.
    // 	kek = 000102030405060708090A0B0C0D0E0F1011121314151617
    // 	keyData = 00112233445566778899AABBCCDDEEFF
    // 	expected = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D
    // 	computed = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D
    // 	unwrapped = 00112233445566778899AABBCCDDEEFF
    // 	----
    // 	---- Use a 256-bit KEK to wrap a 128-bit AES key.
    // 	kek = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
    // 	keyData = 00112233445566778899AABBCCDDEEFF
    // 	expected = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7
    // 	computed = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7
    // 	unwrapped = 00112233445566778899AABBCCDDEEFF
    // 	----
    // 	---- Use a 192-bit KEK to wrap a 192-bit AES key.
    // 	kek = 000102030405060708090A0B0C0D0E0F1011121314151617
    // 	keyData = 00112233445566778899AABBCCDDEEFF0001020304050607
    // 	expected = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2
    // 	computed = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2
    // 	unwrapped = 00112233445566778899AABBCCDDEEFF0001020304050607
    // 	----
    // 	---- Use a 256-bit KEK to wrap a 192-bit AES key.
    // 	kek = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
    // 	keyData = 00112233445566778899AABBCCDDEEFF0001020304050607
    // 	expected = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
    // 	computed = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
    // 	unwrapped = 00112233445566778899AABBCCDDEEFF0001020304050607
    // 	----
    // 	---- Use a 256-bit KEK to wrap a 256-bit AES key.
    // 	kek = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
    // 	keyData = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
    // 	expected = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
    // 	computed = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
    // 	unwrapped = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
    // 	----
    // 

  }

  static {
      System.loadLibrary("chilkat");

      // Note: If the incorrect library name is passed to System.loadLibrary,
      // then you will see the following error message at application startup:
      //"The application <your-application-name> has stopped unexpectedly. Please try again."
  }
}