Class HkdfUtilities

Namespace: Yubico.Core.Cryptography

Assembly: Yubico.Core.dll

public static class HkdfUtilities

Inheritance: object

HkdfUtilities

Methods

DeriveKey(ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, int)

Derives a key using the HKDF (HMAC-based Key Derivation Function) as specified in RFC 5869 using SHA-256.

public static Memory<byte> DeriveKey(ReadOnlySpan<byte> inputKeyMaterial, ReadOnlySpan<byte> salt = default, ReadOnlySpan<byte> contextInfo = default, int length = 32)

Parameters

inputKeyMaterial ReadOnlySpan<byte>: The input key material (IKM).
salt ReadOnlySpan<byte>: Optional salt value. If not provided, a zero-length salt will be used.
contextInfo ReadOnlySpan<byte>: Optional context information (info).
length int: The desired length of the output key material (OKM). If not specified, defaults to 32 bytes.

Returns

Memory<byte>: A Memory<byte> containing the derived key.

Remarks

Uses BCL HMACSHA256 directly. The .ToArray() calls on Span inputs are required by the BCL HMAC.Key setter and ComputeHash API — they only accept byte[], not Span. The intermediate pseudo-random key (PRK) is zeroed via CryptographicOperations.ZeroMemory after use.

Table of Contents

Class HkdfUtilities

Methods

DeriveKey(ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, int)

Parameters

Returns

Remarks