Using WebCrypto to wrap and store a key with AES-CBC encryption.


This is the 128 bits we want to save as an encryption/decryption key.

This will be saved.

Password Salt:

Use this as salt when deriving a wrapping key using the password.

This is what you need to remember.


This password is used to wrap and unwrap the encryption/decryption key.
Type whatever you want here.

Password Derived Wrapping/Unwrapping Key:

The password and the password salt are used to derive this key using the hash method you choose.
Press the button to derive the wrapping/unwrapping key.
Hash method: 

Wrap the key:

Press this button to wrap the original key using the wrapping key and the key wrapping salt.

This will be saved.

Key Wrapping/Unwrapping Salt:

This salt is the initialization vector used when wrapping the key.

The password derived wrapping key is used along with the above wrapping/unwrapping salt to wrap (encrypt) the key we want to store.

Wrapped Key:

As a Uint8Array: 

Unwrap The Key:

To unwrap the key we need to do the following:
  1. Get the password from the user.
  2. Use the password along with the password salt to derive the unwrapping key.
  3. Use the unwrapping key along with the unwrapping salt (vector) to unwrap the key.
Press the button to unwrap the key.
The recovered key should be the same as the original key (hilighted in green) from above.
A green background indicates that the two keys are the same.