Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Rubygem for HMAC-based Key Derivation Function

branch: master
README.md

HKDF Build Status

This is a ruby implementation of RFC 5869: HMAC-based Extract-and-Expand Key Derivation Function. The goal of HKDF is to take some source key material and generate suitable cryptographic keys from it.

Usage

hkdf = HKDF.new('source key material')
hkdf.next_bytes(32)
 => "\f#\xF4b\x98\x9B\x7Fw>|/|k\xF4k\xB7\xB9\x11e\xC5\x92\xD1\fH\xFDG\x94vt\xB4\x14\xCE"

The default algorithm is HMAC-SHA256, you can override this and other defaults by providing an options hash during construction.

hkdf = HKDF.new('source key material', :salt => 'NaCl', :algorithm => 'SHA1', :info => 'the 411')
hkdf.next_bytes(16)
 => "\xC0<\x13\x85\x8C\x84z\xCE\xC7\xCE+\xFF\x1C\xEB\xE6\xBC"

You can also give an IO object as the source. It will be read in as a stream to generate the key. The optional argument :read_size can be used to control how many bytes are read from the IO at a time.

hkdf = HKDF.new(File.new('/tmp/filename'), :read_size => 512)
hkdf.next_bytes(32)
 => "\f#\xF4b\x98\x9B\x7Fw>|/|k\xF4k\xB7\xB9\x11e\xC5\x92\xD1\fH\xFDG\x94vt\xB4\x14\xCE"
Something went wrong with that request. Please try again.