diff --git a/Cargo.lock b/Cargo.lock
index 7d9e83ec6..7b43ba4df 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -74,6 +74,16 @@ dependencies = [
  "aes 0.8.4",
 ]
 
+[[package]]
+name = "aes-kw"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "40e4645e6ea320665abf87e13821f9a37ab204b34bcb18e34e7d1dcf2366516e"
+dependencies = [
+ "aes 0.9.0",
+ "const-oid 0.10.2",
+]
+
 [[package]]
 name = "aho-corasick"
 version = "1.1.4"
@@ -626,7 +636,7 @@ dependencies = [
  "bitflags 2.11.1",
  "cexpr",
  "clang-sys",
- "itertools 0.10.5",
+ "itertools 0.13.0",
  "log",
  "prettyplease",
  "proc-macro2",
@@ -646,7 +656,7 @@ dependencies = [
  "bitflags 2.11.1",
  "cexpr",
  "clang-sys",
- "itertools 0.10.5",
+ "itertools 0.13.0",
  "log",
  "prettyplease",
  "proc-macro2",
@@ -1607,7 +1617,7 @@ name = "crypto"
 version = "0.1.0"
 dependencies = [
  "aes-gcm",
- "aes-kw",
+ "aes-kw 0.3.0",
  "anyhow",
  "base64 0.22.1",
  "concat-kdf",
@@ -5050,7 +5060,7 @@ dependencies = [
  "aead",
  "aes 0.8.4",
  "aes-gcm",
- "aes-kw",
+ "aes-kw 0.2.1",
  "argon2",
  "base64 0.22.1",
  "bitfields",
diff --git a/attestation-agent/deps/crypto/Cargo.toml b/attestation-agent/deps/crypto/Cargo.toml
index 1805e0cd3..0fe94e7b6 100644
--- a/attestation-agent/deps/crypto/Cargo.toml
+++ b/attestation-agent/deps/crypto/Cargo.toml
@@ -8,7 +8,7 @@ license = "Apache-2.0"
 
 [dependencies]
 aes-gcm = { workspace = true, optional = true }
-aes-kw = { version = "0.2.1", optional = true }
+aes-kw = { version = "0.3.0", optional = true }
 anyhow.workspace = true
 base64.workspace = true
 concat-kdf = { version = "0.1.0", optional = true }
diff --git a/attestation-agent/deps/crypto/src/rust/ec.rs b/attestation-agent/deps/crypto/src/rust/ec.rs
index cd28b716f..6f29da31a 100644
--- a/attestation-agent/deps/crypto/src/rust/ec.rs
+++ b/attestation-agent/deps/crypto/src/rust/ec.rs
@@ -8,8 +8,7 @@ use crate::{
     AES_GCM_256_KEY_BITS,
 };
 
-use aes_gcm::aead::generic_array::GenericArray;
-use aes_kw::{Kek, KekAes256};
+use aes_kw::{KeyInit, KwAes256};
 use anyhow::{anyhow, Result};
 use p256::{
     ecdh::diffie_hellman as diffie_hellman_p256,
@@ -156,10 +155,10 @@ impl EcKeyPair {
                 let unwrapping_key: [u8; 32] = unwrapping_key
                     .try_into()
                     .map_err(|_| anyhow!("invalid bytes length of AES wrapping key"))?;
-                let unwrapping_key: KekAes256 = Kek::new(&GenericArray::from(unwrapping_key));
+                let unwrapping_key = KwAes256::new(&unwrapping_key.into());
                 let mut decrypted_key = vec![0; encrypted_key.len() - 8];
                 unwrapping_key
-                    .unwrap(&encrypted_key, &mut decrypted_key)
+                    .unwrap_key(&encrypted_key, &mut decrypted_key)
                     .map_err(|e| anyhow!("failed to unwrap key: {e:?}"))?;
 
                 Ok(decrypted_key)