package hkdf
Import Path
crypto/hkdf (on go.dev)
Dependency Relation
imports 4 packages, and imported by 0 packages
Involved Source Files
Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) as defined in RFC 5869.
HKDF is a cryptographic key derivation function (KDF) with the goal of
expanding limited input keying material into one or more cryptographically
strong secret keys.
Code Examples
package main
import (
"bytes"
"crypto/hkdf"
"crypto/rand"
"crypto/sha256"
"fmt"
)
func main() {
// Underlying hash function for HMAC.
hash := sha256.New
keyLen := hash().Size()
// Cryptographically secure master secret.
secret := []byte{0x00, 0x01, 0x02, 0x03} // i.e. NOT this.
// Non-secret salt, optional (can be nil).
// Recommended: hash-length random value.
salt := make([]byte, hash().Size())
if _, err := rand.Read(salt); err != nil {
panic(err)
}
// Non-secret context info, optional (can be nil).
info := "hkdf example"
// Generate three 128-bit derived keys.
var keys [][]byte
for i := 0; i < 3; i++ {
key, err := hkdf.Key(hash, secret, salt, info, keyLen)
if err != nil {
panic(err)
}
keys = append(keys, key)
}
for i := range keys {
fmt.Printf("Key #%d: %v\n", i+1, !bytes.Equal(keys[i], make([]byte, 16)))
}
}
Package-Level Functions (total 3)
Type Parameters:
H: hash.Hash
Expand derives a key from the given hash, key, and optional context info,
returning a []byte of length keyLength that can be used as cryptographic key.
The extraction step is skipped.
The key should have been generated by [Extract], or be a uniformly
random or pseudorandom cryptographically strong key. See RFC 5869, Section
3.3. Most common scenarios will want to use [Key] instead.
Type Parameters:
H: hash.Hash
Extract generates a pseudorandom key for use with [Expand] from an input
secret and an optional independent salt.
Only use this function if you need to reuse the extracted key with multiple
Expand invocations and different context values. Most common scenarios,
including the generation of multiple keys, should use [Key] instead.
The pages are generated with Golds v0.7.3-preview. (GOOS=linux GOARCH=amd64) Golds is a Go 101 project developed by Tapir Liu. PR and bug reports are welcome and can be submitted to the issue list. Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds. |