CI_Encryption::hkdf()

hkdf($key[, $digest = 'sha512'[, $salt = NULL[, $length = NULL[, $info = '']]]])

Parameters:	$key (string) – Input key material $digest (string) – A SHA-2 family digest algorithm $salt (string) – Optional salt $length (int) – Optional output length $info (string) – Optional context/application-specific info
Returns:	A pseudo-random key or FALSE on failure
Return type:	string

Derives a key from another, presumably weaker key.

This method is used internally to derive an encryption and HMAC key from your configured encryption_key.

It is publicly available due to its otherwise general purpose. It is described in RFC 5869.

However, as opposed to the description in RFC 5869, this implementation doesn’t support SHA1.

Example:

$hmac_key = $this->encryption->hkdf(
        $key,
        'sha512',
        NULL,
        NULL,
        'authentication'
);

// $hmac_key is a pseudo-random key with a length of 64 bytes

Links:

http://www.codeigniter.com/user_guide/libraries/encryption.html#CI_Encryption::hkdf

doc_CodeIgniter

2025-01-10 15:47:30

Comments