CryptoSys PKI Pro Manual

Hpke.DerivePrivateKey Method

Derive an EC private key in a deterministic manner from input keying material using the DeriveKeyPair algorithm in RFC9180.

Syntax

[C#]
public static string DerivePrivateKey(
	byte[] ikm,
	Hpke.CurveName curveName,
	Hpke.OutputOpts opts
)
[VB.NET]
Public Shared Function DerivePrivateKey ( _
	ikm As Byte(), _
	curveName As Hpke.CurveName, _
	opts As Hpke.OutputOpts _
) As String

Parameters

ikm
Input key material (ikm). This must have length in bytes at least as long as the key to be produced.
curveName
Type: Hpke.CurveName
Curve name
opts
Type: Hpke.OutputOpts
Output options (default=internal key format)

Return Value

Derived private key in string form or an empty string on error.

Remarks

By default the key is output as an ephemeral "internal" key string, which can be used directly with Ecc.SaveKey, Ecc.SaveEncKey, Ecc.PublicKeyFromPrivate, Ecc.DHSharedSecret and Ecc.QueryKey. If opts is set to `OutputOpts.KeyAsHex` then the key is output in serialized hexadecimal form in the same manner as the test vectors in [RFC9180] (without the clamping). The KDF to be used is fixed by the EC curve group as follows:
EC curveKDF
P-256HKDF-SHA256
P-384HKDF-SHA384
P-521HKDF-SHA512
X25519HKDF-SHA256
X448HKDF-SHA512

Example

[C#]
string ikmhex = "7268600d403fce431561aef583ee1613527cff655c1343f29812e66706df3234";
string skhex = Hpke.DerivePrivateKey(Cnv.FromHex(ikmhex), Hpke.CurveName.X25519, Hpke.OutputOpts.KeyAsHex);
// 52c4a758a802cd8b936eceea314432798d5baf2d7e9235dc084ab1b9cfa2f736

See Also

VB6/C equivalent: HPKE_DerivePrivateKey

[Contents] [Index]

[PREV: Hmac.HexFromHex Method...]   [Contents]   [Index]   
   [NEXT: Hpke.LabeledExpand Method...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-01-01T11:51:59Z.