Rubygem for HMAC-based Key Derivation Function
Ruby Shell
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib Clean up implementation Sep 19, 2014
spec Fix tests that were not asserting Mar 10, 2016
.gitignore Add bin to gitignore Dec 26, 2013
.rspec Allow source to be an IO object and remain backwards compatible to st… Sep 23, 2012
.rvmrc Create the hkdf gem Apr 14, 2012
.travis.yml Use latest versions of ruby releases for ci Mar 10, 2016
Gemfile Use https for rubygems source Mar 10, 2016
LICENSE Include LICENSE file Apr 26, 2013
README.md
Rakefile Remove console rake task Aug 7, 2013
hkdf.gemspec Downgrade rake to support older rubies Mar 10, 2016

README.md

HKDF Build Status

This is a ruby implementation of RFC 5869: HMAC-based Extract-and-Expand Key Derivation Function. The goal of HKDF is to take some source key material and generate suitable cryptographic keys from it.

Usage

hkdf = HKDF.new('source key material')
hkdf.next_bytes(32)
 => "\f#\xF4b\x98\x9B\x7Fw>|/|k\xF4k\xB7\xB9\x11e\xC5\x92\xD1\fH\xFDG\x94vt\xB4\x14\xCE"

The default algorithm is HMAC-SHA256, you can override this and other defaults by providing an options hash during construction.

hkdf = HKDF.new('source key material', :salt => 'NaCl', :algorithm => 'SHA1', :info => 'the 411')
hkdf.next_bytes(16)
 => "\xC0<\x13\x85\x8C\x84z\xCE\xC7\xCE+\xFF\x1C\xEB\xE6\xBC"

You can also give an IO object as the source. It will be read in as a stream to generate the key. The optional argument :read_size can be used to control how many bytes are read from the IO at a time.

hkdf = HKDF.new(File.new('/tmp/filename'), :read_size => 512)
hkdf.next_bytes(32)
 => "\f#\xF4b\x98\x9B\x7Fw>|/|k\xF4k\xB7\xB9\x11e\xC5\x92\xD1\fH\xFDG\x94vt\xB4\x14\xCE"