[−][src]Module libhydrogen::kdf
Key derivation
Multiple secret subkeys can be derived from a single, high-entropy master key.
With the master key and a key identifier, a subkey can be deterministically computed. However, given a subkey, an attacker cannot compute the master key nor any other subkeys.
The derive_from_key API can derive up to 2^64 keys from a single master key and context, and individual subkeys can have an arbitrary length between 128 (16 bytes) and 524,280 bits (65535 bytes).
Examples
// these must come from a high entropy source such as a hardware RNG. // A password is not ok. let master_key_data=[64,33,195,234,107,63,107,237,113,199, 183,130,203,194,247,31,76,51,203,163, 126,238,206,125,225,74,103,105,133,181, 61,189]; let master = libhydrogen::kdf::Key::from(master_key_data); let context = libhydrogen::kdf::Context::default(); let subkey1 = libhydrogen::kdf::derive_from_key(32, 1, &context, &master).unwrap(); let subkey2 = libhydrogen::kdf::derive_from_key(32, 2, &context, &master).unwrap();
Structs
Context | |
Key |
Constants
BYTES_MAX | |
BYTES_MIN | |
CONTEXTBYTES | |
KEYBYTES |
Functions
derive_from_key | Derives a subkey_id-th subkey of length subkey_len bytes using the master key and the context. |