Private Static computeComputes the FixedInfo parameter for Concat KDF, which binds the derived key material to the
context of the key agreement transaction.
Input data to construct FixedInfo.
FixedInfo as a Uint8Array.
This implementation follows the recommended format for FixedInfo specified in section
5.8.1.2.1 of the NIST.800-56A publication.
FixedInfo is a bit string equal to the following concatenation:
AlgorithmID || PartyUInfo || PartyVInfo {|| SuppPubInfo }{|| SuppPrivInfo }.
SuppPubInfo is the key length in bits, big endian encoded as a 32-bit number. For example,
128 would be [0, 0, 0, 128] and 256 would be [0, 0, 1, 0].
Static deriveDerives a key of a specified length from the input parameters.
Input parameters for key derivation.
Additional public information to use in key derivation.
The desired length of the derived key in bits.
The shared secret key to derive from.
The derived key as a Uint8Array.
// Key Derivation
const derivedKeyingMaterial = await ConcatKdf.deriveKey({
sharedSecret: utils.randomBytes(32),
keyDataLen: 128,
fixedInfo: {
algorithmId: "A128GCM",
partyUInfo: "Alice",
partyVInfo: "Bob",
suppPubInfo: 128,
},
});
If the keyDataLen would require multiple rounds.
Private Static toEncodes input data as a length-prefixed byte string, or as a fixed-length bit string if specified.
If variableLength = true, return the data in the form Datalen || Data, where Data is a variable-length string of zero or more (eight-bit) bytes, and Datalen is a fixed-length, big-endian counter that indicates the length (in bytes) of Data.
If variableLength = false, return the data formatted as a fixed-length bit string.
Input data and options for the conversion.
The input data to encode. Must be a type convertible to Uint8Array by the Convert class.
Optional variableWhether to output the data as variable length. Default is true.
The input data encoded as a Uint8Array.
If fixed-length data is not a number.
An implementation of the Concatenation Key Derivation Function (ConcatKDF) as specified in NIST.800-56A, a single-step key-derivation function (SSKDF). ConcatKDF produces a derived key from a secret key (like a shared secret from ECDH), and other optional public information. This implementation specifically uses SHA-256 as the pseudorandom function (PRF).
Note: This implementation allows for only a single round / repetition using the function
K(1) = H(counter || Z || FixedInfo), where:K(1)is the derived key material after one roundHis the SHA-256 hashing functioncounteris a 32-bit, big-endian bit string counter set to 0x00000001Zis the shared secret value obtained from a key agreement protocolFixedInfois a bit string used to ensure that the derived keying material is adequately "bound" to the key-agreement transaction.Example
Additional Information:
Z, or "shared secret": The shared secret value obtained from a key agreement protocol, such as Diffie-Hellman, ECDH (Elliptic Curve Diffie-Hellman). Importantly, this shared secret is not directly used as the encryption or authentication key, but as an input to a key derivation function (KDF), such as Concat KDF, to generate the actual key. This adds an extra layer of security, as even if the shared secret gets compromised, the actual encryption or authentication key stays safe. This shared secretZvalue is kept confidential between the two parties in the key agreement protocol.See