Module dryoc::kdf

Expand description

Key derivation functions

Kdf implements libsodium’s key derivation functions, based on the Blake2b hash function.

You should use Kdf when you want to:

create many subkeys from a main key, without having to risk leaking the main key
ensure that if a subkey were to become compromised, one could not derive the main key

Rustaceous API example

use base64::engine::general_purpose;
use base64::Engine as _;
use dryoc::kdf::*;

// Randomly generate a main key and context, using the default stack-allocated
// types
let key = Kdf::gen_with_defaults();
let subkey_id = 0;

let subkey = key.derive_subkey_to_vec(subkey_id).expect("derive failed");
println!(
    "Subkey {}: {}",
    subkey_id,
    general_purpose::STANDARD.encode(&subkey)
);

Additional resources

See https://doc.libsodium.org/key_derivation for additional details on key derivation

Modules

protectednightly
Protected memory type aliases for Kdf

Structs

Kdf
Key derivation implementation based on Blake2b, compatible with libsodium’s crypto_kdf_* functions.

Type Aliases

Context
Stack-allocated context type alias for key derivation with Kdf.
Key
Stack-allocated key type alias for key derivation with Kdf.
StackKdf
Stack-allocated type alias for Kdf. Provided for convenience.