Module dryoc::kdf

Expand description

Key derivation functions

Kdf implements libsodium’s key derivation functions, based on the Blake2b hash function.

You should use Kdf when you want to:

create many subkeys from a main key, without having to risk leaking the main key
ensure that if a subkey were to become compromised, one could not derive the main key

Rustaceous API example

use base64::encode;
use dryoc::kdf::*;

// Randomly generate a main key and context, using the default stack-allocated
// types
let key = Kdf::gen_with_defaults();
let subkey_id = 0;

let subkey = key.derive_subkey_to_vec(subkey_id).expect("derive failed");
println!("Subkey {}: {}", subkey_id, encode(&subkey));

Additional resources

See https://doc.libsodium.org/key_derivation for additional details on key derivation

Modules

protectednightly

Protected memory type aliases for Kdf

Structs

Kdf

Key derivation implementation based on Blake2b, compatible with libsodium’s crypto_kdf_* functions.

Type Definitions

Context

Stack-allocated context type alias for key derivation with Kdf.

Key

Stack-allocated key type alias for key derivation with Kdf.

StackKdf

Stack-allocated type alias for Kdf. Provided for convenience.