One can encrypt data in a standardized fashion, e.g. with openssl using a command such as openssl enc -e -aes-256-cbc
. This results in a raw stream of encrypted data, which lacks the ability for efficiently changing the encryption key. Changing the encryption key requires decrypting the data with the old key and encrypting it again with the new one.
I'm looking for a standard format (and associated tools) that would create a stream starting with a metadata header, which would contain as a minimum the data's encryption key encrypted with a master or key-wrapping key. This would allow efficient "rekeying" by changing only the master or key-wrapping key. If the header also contained the encryption method used and its parameters, that would further simplify administration. Alternatively, this header could also exist as a separate file.
I thought that such a scheme would be fairly standard (e.g. for storing encrypted backups) and extensively documented. Following comments I received on the question, I realized that the scheme is not well-known and that there are disagreements regarding the terminology. I checked a few books (through their index entries), and could not find it authoritatively described. The books I checked were Security in Computing (Pfleeger, Pfleeger Margulies, 2015), Applied Cryptography (Schneier, 1996), and Security Engineering (Anderson, 2001). From those only Schneier alludes to the scheme on p. 184.