key Derivation Function

A key derivation function (or KDF) is used to derive (close to) uniformly distributed string/s from a secret value with high entropy (but no other guarantee regarding its distribution).

The Key Derivation Function Interface:

public SecretKey deriveKey(byte[] entropySource, int inOff, int inLen, int outLen)

Generates a new secret key from the given seed.

Parameters:
  • entropySource – the secret key that is the seed for the key generation
  • inOff – the offset within the entropySource to take the bytes from
  • inLen – the length of the seed
  • outLen – the required output key length
Returns:

SecretKey the derivated key.

There is another variation of this function, that also takes into account an initial vector (iv):

public SecretKey deriveKey(byte[] entropySource, int inOff, int inLen, int outLen, byte[] iv)

Generates a new secret key from the given seed and iv.

Parameters:
  • entropySource – the secret key that is the seed for the key generation
  • inOff – the offset within the entropySource to take the bytes from
  • inLen – the length of the seed
  • outLen – the required output key length
  • iv – info for the key generation
Returns:

SecretKey the derivated key.

Basic Usage

KeyDerivationFunction kdf = new HKDF(new BcHMAC());
byte[] source = "...";
int targetLen = 128;
byte[] kdfed = kdf.deriveKey(source, 0, source.length, targetLen).getEncoded();