1

I am trying to use BouncyCastle's AES Key Wrap in order to carry out deterministic encryption. But I am getting the following error:

Org.BouncyCastle.Crypto.DataLengthException: 'wrap data must be a multiple of 8 bytes'

Here is my code:

    static void Main(string[] args)
    {
        var txt = UTF8Encoding.UTF8.GetBytes("Some text here.");
        var key = UTF8Encoding.UTF8.GetBytes("aaaaaaaaaaaaaaaa");
        var encyptedBytes = Wrap(key, txt);
    }

    public static byte[] Wrap(byte[] kek, byte[] plaint)
    {
        var en = new AesWrapEngine();
        en.Init(true, new KeyParameter(kek));
        return en.Wrap(plaint, 0, plaint.Length);
    }

    public static byte[] Unwrap(byte[] kek, byte[] ciphert)
    {
        var en = new AesWrapEngine();
        en.Init(false, new KeyParameter(kek));
        return en.Unwrap(ciphert, 0, ciphert.Length);
    }

How can I make it work for an input of any size?

John L.
  • 1,825
  • 5
  • 18
  • 45
  • 2
    Why should it work or an input of any size? Today's key sizes are multiples of 8 (an AES key is 16/24/32, Salsa20 32 and older DES is 8 or 24 when TDES). If you want to encrypt data of any size then use "regular" AES encryption. – Michael Fehr Jan 26 '21 at 15:08
  • @MichaelFehr I want a deterministic mode of operation. – John L. Jan 26 '21 at 15:10
  • 2
    The AES key wrap algorithm is intended for encrypting a key, see [RFC 3394](https://tools.ietf.org/html/rfc3394#section-2). You seem to simply want to encrypt a plaintext, see e.g. [here](https://stackoverflow.com/a/29893607/9014097) (with and without BC). – Topaco Jan 26 '21 at 15:11

1 Answers1

1

Use AESWrapPadEngine instead. AESWrapEngine implements RFC3394 which requires the input to be a multiple of the block size. AESWrapPadEngine implements RFC5649 which allows for the input to be any random length.

Muhammad Saqlain
  • 2,112
  • 4
  • 33
  • 48
Mike StJohns
  • 11
  • 1