Key derivation
BLAKE2b can be used as a key derivation function (KDF) for high-entropy keys. It takes the following parameters to produce 256 to 512 bits of output keying material:
This allows you to derive new, distinct keys from a high-entropy master key. For example, separate keys for encryption and authentication with Encrypt-then-MAC by changing the personalisation constant, salt, and/or info.
256-bit keys are recommended. Larger keys are unnecessary.
Fills a span with output keying material computed from input keying material, a personalisation constant, a salt, and optional additional contextual info.
BLAKE2b.DeriveKey(Span<byte> outputKeyingMaterial, ReadOnlySpan<byte> inputKeyingMaterial, ReadOnlySpan<byte> personalisation, ReadOnlySpan<byte> salt, ReadOnlySpan<byte> info = default)
outputKeyingMaterial
has a length less than MinKeySize
or greater than MaxKeySize
.inputKeyingMaterial
has a length less than MinKeySize
or greater than MaxKeySize
.personalisation
has a length not equal to PersonalSize
.salt
has a length not equal to SaltSize
.The key could not be derived.
The input keying material MUST be high in entropy (e.g. a shared secret).
Do NOT use the same output keying material for multiple purposes (e.g. encryption and authentication). You should derive separate keys using the same input keying material and personalisation but different salts and/or info.
If you intend to feed multiple variable-length inputs into the info, beware of canonicalization attacks. Please read the Concat page for more information.
Last modified 3mo ago