class Sodium::Kdf
- Sodium::Kdf
- Reference
- Object
Overview
Included Modules
- Sodium::Wipe
Defined in:
sodium/kdf.crConstant Summary
-
CONTEXT_SIZE =
LibSodium.crypto_kdf_contextbytes
-
KEY_SIZE =
LibSodium.crypto_kdf_keybytes.to_i
Constructors
-
.new(bytes : Bytes, erase = false)
Use an existing KDF key.
-
.new(sbuf : SecureBuffer)
Use an existing KDF SecureBuffer key.
-
.new
Generate a new random KDF key.
Instance Method Summary
-
#derive(context, subkey_id, subkey_size) : SecureBuffer
Derive a consistent subkey based on
context
andsubkey_id
. -
#derive_aead_xchacha20poly1305_ietf(context, subkey_id) : Cipher::Aead::XChaCha20Poly1305Ietf
Convenience method to create a new CryptoBox::Aead::XChaCha20Poly1305Ietf without handling the key.
-
#derive_cryptobox(context, subkey_id) : CryptoBox::SecretKey
Convenience method to create a new CryptoBox::Secret without handling the key.
-
#derive_secretbox(context, subkey_id) : SecretBox
Convenience method to create a new SecretBox without handling the key.
-
#derive_sign(context, subkey_id) : Sign::SecretKey
Convenience method to create a new Sign::Secret without handling the key.
-
#to_slice : Bytes
Returns key
Constructor Detail
Use an existing KDF key.
- Copies key to a new SecureBuffer
- Optionally erases bytes after copying if erase is set
Generate a new random KDF key.
Make sure to save kdf.to_slice before kdf goes out of scope.
Instance Method Detail
Derive a consistent subkey based on context
and subkey_id
.
context and subkey don't need to be secret
- context must be 8 bytes
- subkey_size must be 16..64 bytes as of libsodium 1.0.17
Returns a SecureBuffer. May transfer ownership to SecretBox or SecretKey without copying.
Convenience method to create a new CryptoBox::Aead::XChaCha20Poly1305Ietf without handling the key.
See derive() for further information on context and subkey_id.
Convenience method to create a new CryptoBox::Secret without handling the key.
See derive() for further information on context and subkey_id.
Convenience method to create a new SecretBox without handling the key.
See derive() for further information on context and subkey_id.
Convenience method to create a new Sign::Secret without handling the key.
See derive() for further information on context and subkey_id.