Module dryoc::kdf

source ·
Expand description

Key derivation functions

Kdf implements libsodium’s key derivation functions, based on the Blake2b hash function.

You should use Kdf when you want to:

  • create many subkeys from a main key, without having to risk leaking the main key
  • ensure that if a subkey were to become compromised, one could not derive the main key

Rustaceous API example

use base64::encode;
use dryoc::kdf::*;

// Randomly generate a main key and context, using the default stack-allocated
// types
let key = Kdf::gen_with_defaults();
let subkey_id = 0;

let subkey = key.derive_subkey_to_vec(subkey_id).expect("derive failed");
println!("Subkey {}: {}", subkey_id, encode(&subkey));

Additional resources

Modules

Structs

  • Key derivation implementation based on Blake2b, compatible with libsodium’s crypto_kdf_* functions.

Type Definitions

  • Stack-allocated context type alias for key derivation with Kdf.
  • Stack-allocated key type alias for key derivation with Kdf.
  • Stack-allocated type alias for Kdf. Provided for convenience.