Expand description
Key derivation functions
Kdf
implements libsodium’s key derivation functions, based on the
Blake2b hash function.
You should use Kdf
when you want to:
- create many subkeys from a main key, without having to risk leaking the main key
- ensure that if a subkey were to become compromised, one could not derive the main key
Rustaceous API example
use base64::encode;
use dryoc::kdf::*;
// Randomly generate a main key and context, using the default stack-allocated
// types
let key = Kdf::gen_with_defaults();
let subkey_id = 0;
let subkey = key.derive_subkey_to_vec(subkey_id).expect("derive failed");
println!("Subkey {}: {}", subkey_id, encode(&subkey));
Additional resources
- See https://doc.libsodium.org/key_derivation for additional details on key derivation
Modules
Structs
- Key derivation implementation based on Blake2b, compatible with libsodium’s
crypto_kdf_*
functions.