Key strength and wrapping of key

Key strength can be measured as bits of security as described in the documentation of NIST and other organizations. Each individual key will have its bits of security computed, then the different key types (AES, DES, ECC, RSA, HMAC ) can then have their relative strengths compared on a single scale. When the raw value of a particular key falls between discreet values of the NIST table the lower value from the table will be used as the bits of security.

The following tables show some examples of the restrictions due to key strength. When wrapping an HMAC key with an AES key-encrypting key, the strength of the AES key-encrypting key depends on the attributes of the HMAC key.

Table 1. AES EXPORTER strength required for exporting an HMAC key under an AES EXPORTER
Key-usage field 2 in the HMAC key	Minimum strength of AES EXPORTER to adequately protect the HMAC key
SHA-256, SHA-384, SHA-512	256 bits
SHA-224	192 bits
SHA-1	128 bits

Table 2. Minimum RSA modulus length to adequately protect an AES key
Bit length of AES key to be exported	Minimum strength of RSA wrapping key to adequately protect the AES key
128	3072
192	7860
256	15360