1Metadata-Version: 1.1 2Name: hkdf 3Version: 0.0.3 4Summary: HMAC-based Extract-and-Expand Key Derivation Function (HKDF) 5Home-page: https://github.com/casebeer/python-hkdf 6Author: Christopher H. Casebeer 7Author-email: UNKNOWN 8License: UNKNOWN 9Description: HKDF - HMAC Key Derivation Function 10 =================================== 11 12 This module implements the HMAC Key Derivation function, defined at 13 14 http://tools.ietf.org/html/draft-krawczyk-hkdf-01 15 16 There are two interfaces: a functional interface, with separate extract 17 and expand functions as defined in the draft RFC, and a wrapper class for 18 these functions. 19 20 Functional interface 21 -------------------- 22 23 To use the functional interface, pass the pseudorandom key generated 24 by hmac_extract([salt], [input key material]) to hmac_expand(...). 25 ``salt`` should be a random, non-secret, site-specific string, but may be 26 set to None. See section 3.1 of the HKDF draft for more details. 27 28 In addition to the PRK output by hmac_extract, hmac_expand takes an 29 ``info`` argument, which permits generating multiple keys based on the 30 same PRK, and a ``length`` argument, which defines the number of bytes 31 of output key material to generate. ``length`` must be less than or equal 32 to 255 time the block size, in bytes, of the hash function being used. 33 See section 3.2 of the HKDF draft for more information on using the ``info`` 34 argument. 35 36 The hash function to use can be specified for both hmac_extract and 37 hmac_expand as the ``hash`` kw argument, and defaults to SHA-256 as implemented 38 by the hashlib module. It must be the same for both extracting and expanding. 39 40 Example:: 41 42 prk = hkdf_extract("8e94ef805b93e683ff18".decode("hex"), "asecretpassword") 43 key = hkdf_expand(prk, "context1", 16) 44 45 ``Hkdf`` wrapper class 46 ---------------------- 47 48 To use the wrapper class, instantiate the Hkdf() class with a salt, input 49 key material, and optionally, a hash function. You may then call 50 expand([info], [length]) on the Hkdf instance to generate output key 51 material:: 52 53 kdf = Hkdf("8e94ef805b93e683ff18".decode("hex"), "asecretpassword") 54 key = kdf.expand("context1", 16) 55 56 HKDF-Extract and HKDF-Expand definitions from the draft RFC 57 ----------------------------------------------------------- 58 59 > Step 1: Extract 60 > 61 > PRK = HKDF-Extract(salt, IKM) 62 > 63 > Options: 64 > Hash a hash function; HashLen denotes the length of the 65 > hash function output in octets 66 > Inputs: 67 > salt optional salt value (a non-secret random value); 68 > if not provided, it is set to a string of HashLen zeros. 69 > IKM input keying material 70 > Output: 71 > PRK a pseudo-random key (of HashLen octets) 72 > 73 > The output PRK is calculated as follows: 74 > 75 > PRK = HMAC-Hash(salt, IKM) 76 > 77 > Step 2: Expand 78 > 79 > OKM = HKDF-Expand(PRK, info, L) 80 > 81 > Options: 82 > Hash a hash function; HashLen denotes the length of the 83 > hash function output in octets 84 > Inputs: 85 > PRK a pseudo-random key of at least HashLen octets 86 > (usually, the output from the Extract step) 87 > info optional context and application specific information 88 > (can be a zero-length string) 89 > L length of output keying material in octets 90 > (<= 255*HashLen) 91 > Output: 92 > OKM output keying material (of L octets) 93 > 94 > The output OKM is calculated as follows: 95 > 96 > N = ceil(L/HashLen) 97 > T = T(1) | T(2) | T(3) | ... | T(N) 98 > OKM = first L octets of T 99 > 100 > where: 101 > T(0) = empty string (zero length) 102 > T(1) = HMAC-Hash(PRK, T(0) | info | 0x01) 103 > T(2) = HMAC-Hash(PRK, T(1) | info | 0x02) 104 > T(3) = HMAC-Hash(PRK, T(2) | info | 0x03) 105 > ... 106 > 107 > (where the constant concatenated to the end of each T(n) is a 108 > single octet.) 109 110 Changelog 111 --------- 112 113 - 0.0.3 – Move documentation from module docstring to README.rst 114 - 0.0.2 – Python 3.3, 3.4 support 115 - 0.0.1 – Initial release 116 117 Please report any bugs at 118 119 https://www.github.com/casebeer/python-hkdf 120 121 122 123Platform: UNKNOWN 124Classifier: License :: OSI Approved :: BSD License 125Classifier: Intended Audience :: Developers 126Classifier: Programming Language :: Python :: 2.6 127Classifier: Programming Language :: Python :: 2.7 128Classifier: Programming Language :: Python :: 3.3 129Classifier: Programming Language :: Python :: 3.4 130