What is HKDF (HKDF)?

What is HKDF (HKDF)?

HKDF is HMAC-based Extract-and-Expand key derivation function by Krawczyk and Eronen. HKDF is state of the art and used in protocols like IPsec. The Crypto++ implementation is from Cryptographic Extraction and Key Derivation: The HKDF Scheme and RFC 5869, HMAC-based Extract-and-Expand Key Derivation Function (HKDF) .

What is the crypto++ implementation of HKDF?

The Crypto++ implementation is from Cryptographic Extraction and Key Derivation: The HKDF Scheme and RFC 5869, HMAC-based Extract-and-Expand Key Derivation Function (HKDF) . HKDF provides the KeyDerivationFunction interface rather than the MessageAuthenticationCode interface.

How does HKDF extract a PRK?

HKDF extracts a pseudorandom key (PRK) using an HMAC hash function (e.g. HMAC – SHA256) on an optional salt (acting as a key) and any potentially weak input key material (IKM) (acting as data).

What is KDF in crypto++?

The KDF interface consists of a default constructor and a method DeriveKey which derives a user key form the parameters. All Crypto++ hashes derive from HashTransformation. The base class provides functions like Update, Final and Verify. You can swap-in any hash for any other hash in your program.