KdfBytes Method

Generate a key-encryption key (KEK) from input keying material (IKM) using a key derivation function (KDF).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.25611 (23.0.0.0)

Syntax

public static byte[] Bytes(
	int dkLen,
	byte[] ikm,
	KdfKdfAlg kdfAlg = KdfKdfAlg.X963,
	KdfHashAlg hashAlg = KdfHashAlg.Sha1,
	byte[] sharedInfo = null,
	string paramString = ""
)

Public Shared Function Bytes ( 
	dkLen As Integer,
	ikm As Byte(),
	Optional kdfAlg As KdfKdfAlg = KdfKdfAlg.X963,
	Optional hashAlg As KdfHashAlg = KdfHashAlg.Sha1,
	Optional sharedInfo As Byte() = Nothing,
	Optional paramString As String = ""
) As Byte()

Parameters

dkLen Int32: Required length of output key material in bytes.
ikm Byte: Input key material/shared secret.
kdfAlg KdfKdfAlg (Optional): Key derivation function to use.
hashAlg KdfHashAlg (Optional): Hash algorithm to use with the key derivation function (default is SHA-1)
sharedInfo Byte (Optional): SharedInfo (optional)
paramString String (Optional): Optional parameters. Set as "" for defaults. Pass attribute-value salt=<hex-digits> to set the optional salt parameter for the HKDF algorithm, e.g. "salt=606162636465666768696a6b6c6d6e6f;"

Return Value

Byte
Output key material (KEK).

Example

Copy

// [RFC 5869] A.1.  Test Case 1 Basic test case with SHA-256
int nbytes = 42;
byte[] zz = "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b".FromHex();
byte [] info = "f0f1f2f3f4f5f6f7f8f9".FromHex();
byte[] kek = Kdf.Bytes(nbytes, zz, Kdf.KdfAlg.Hkdf, Kdf.HashAlg.Sha256, info, "salt=000102030405060708090a0b0c");
Console.WriteLine("KEK={0}", Cnv.ToHex(kek));
// KEK=3CB25F25FAACD57A90434F64D0362F2A2D2D0A90CF1A5A4C5DB02D56ECC4C5BF34007208D5B887185865

Reference

Kdf Class

CryptoSysPKI Namespace