A C# implementation of the rfc5869 HMAC based Extract-and-Expand Key Derivation Function (HKDF) (https://tools.ietf.org/html/rfc5869)
- Follows the algorithm and tests from https://tools.ietf.org/html/rfc5869
- Uses Span for high performance
- Extract and Expand have been combined to simplify the API, just call the DeriveKey() method
Install-Package HKDFrfc5869
- Provide just the initial key material, use default values for other options
using HKDFrfc5869;
using var hkdf = new HKDF(HashAlgorithmName.SHA256);
var keyMaterial = hkdf.DeriveKey(new byte[1]);- Provide a salt
using HKDFrfc5869;
using var hkdf = new HKDF(HashAlgorithmName.SHA256);
var keyMaterial = hkdf.DeriveKey(new byte[1], salt: new byte[1]);- Provide a salt and info
using HKDFrfc5869;
using var hkdf = new HKDF(HashAlgorithmName.SHA256);
var keyMaterial = hkdf.DeriveKey(new byte[1], salt: new byte[1], info: new byte[1]);- Provide a salt, info and request that the material is 1024 bytes in length
using HKDFrfc5869;
using var hkdf = new HKDF(HashAlgorithmName.SHA256);
var keyMaterial = hkdf.DeriveKey(new byte[1], salt: new byte[1], info: new byte[1], outputLength: 1024);- Provide a salt, info and request that the material is 1024 bytes in length and use an alternative hash algorithm
using HKDFrfc5869;
using var hkdf = new HKDF(HashAlgorithmName.SHA512);
var keyMaterial = hkdf.DeriveKey(new byte[1], salt: new byte[1], info: new byte[1], outputLength: 1024);The algorithm defined by rfc5869 requires a single byte to be used in the intermediate hashed values, this means that the hashing algorithm can be used a maximum of 255 times. If the required keying material size is greater than 255 x the hash size then an exception will be thrown.