Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Rubygem for HMAC-based Key Derivation Function
Ruby Shell
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
spec
.gitignore
.rspec
.rvmrc
.travis.yml
Gemfile
LICENSE
README.md Include LICENSE file
Rakefile
hkdf.gemspec

README.md

HKDF Build Status

This is a ruby implementation of RFC 5869: HMAC-based Extract-and-Expand Key Derivation Function. The goal of HKDF is to take some source key material and generate suitable cryptographic keys from it.

Usage

hkdf = HKDF.new('source key material')
hkdf.next_bytes(32)
 => "\f#\xF4b\x98\x9B\x7Fw>|/|k\xF4k\xB7\xB9\x11e\xC5\x92\xD1\fH\xFDG\x94vt\xB4\x14\xCE"

The default algorithm is HMAC-SHA256, you can override this and other defaults by providing an options hash during construction.

hkdf = HKDF.new('source key material', :salt => 'NaCl', :algorithm => 'SHA1', :info => 'the 411')
hkdf.next_bytes(16)
 => "\xC0<\x13\x85\x8C\x84z\xCE\xC7\xCE+\xFF\x1C\xEB\xE6\xBC"

You can also give an IO object as the source. It will be read in as a stream to generate the key. The optional argument :read_size can be used to control how many bytes are read from the IO at a time.

hkdf = HKDF.new(File.new('/tmp/filename'), :read_size => 512)
hkdf.next_bytes(32)
 => "\f#\xF4b\x98\x9B\x7Fw>|/|k\xF4k\xB7\xB9\x11e\xC5\x92\xD1\fH\xFDG\x94vt\xB4\x14\xCE"
Something went wrong with that request. Please try again.