Skip on down to the menu.
Key wrapping and unwrapping.
I needed to test key wrapping and unwrapping using 128 bit AES-CBC, so I made a test page.
It may be helpful to you too. Right click on the page and choose inspect to see how it works.
AES-CBC Padding Test
I was stumped about why the encrypted output of a 16 byte block (128 bits) was 32 bytes long.
The documentation on this is so sparse I didn't notice that AES-CBC encryption always does PKCS#7 padding, no matter how long the input is.
Extra bytes are added to the end of every unencrypted block. The number of bytes added will be between 1 and 16 (0x01 and 0x10 hex). for a 16 byte packet of data it will add 16 bytes of 0x10 at the end and then encrypt.
So, the lesson for me was that I can't encrypt a 16 byte packet of data and get a 16 byte encrypted packet. I needed to limit my data packet to 15 bytes, which does produce a 16 byte encrypted data packet.