hkdf

Expand function #

Expand derives a key from the given hash, key, and optional context info, returning a []byte of length keyLength that can be used as cryptographic key. The extraction step is skipped. The key should have been generated by [Extract], or be a uniformly random or pseudorandom cryptographically strong key. See RFC 5869, Section 3.3. Most common scenarios will want to use [Key] instead.

func Expand(h func() H, pseudorandomKey []byte, info string, keyLength int) ([]byte, error)

Extract function #

Extract generates a pseudorandom key for use with [Expand] from an input secret and an optional independent salt. Only use this function if you need to reuse the extracted key with multiple Expand invocations and different context values. Most common scenarios, including the generation of multiple keys, should use [Key] instead.

func Extract(h func() H, secret []byte, salt []byte) ([]byte, error)

Key function #

Key derives a key from the given hash, secret, salt and context info, returning a []byte of length keyLength that can be used as cryptographic key. Salt and info can be nil.

func Key(h func() Hash, secret []byte, salt []byte, info string, keyLength int) ([]byte, error)

checkFIPS140Only function #

func checkFIPS140Only(h func() Hash, key []byte) error