Module wrap 

Seed and key wrapping under a KEK.

wrap(kek, plaintext) generates a random 12-byte nonce, encrypts via AES-256-GCM with empty AAD, and returns nonce || ciphertext || tag. unwrap reads the nonce prefix and decrypts. Used for the wrapped-seed Auth model (per ADR-039) and per-member zone-key wraps.

Functions

unwrap

Unwrap a wrapped blob. Verifies the auth tag and returns the plaintext on success.

wrap

Wrap a plaintext blob under a KEK. Output layout: 12-byte nonce || ciphertext || 16-byte tag (the tag is appended by AES-GCM, so the total length is 12 + plaintext.len() + 16).