[OpenSSL Home][Home]
In the following we will generate an encryption key based on a key/password, a hashing method, a salt value and a key derviation method (HKDF, PBKDF2, SCRYPT, SSKDF, X963KDF and X942KDF-CONCAT):
Key Derivaton Function (KDF) with OpenSSL
[OpenSSL Home][Home]
In the following we will generate an encryption key based on a key/password, a hashing method, a salt value and a key derviation method (HKDF, PBKDF2, SCRYPT, SSKDF, X963KDF and X942KDF-CONCAT):
|
A Key Derivation Function (KDF) allows us to generate an encryption key based on a hashing method, a secret and a salt value. For HKDFwith a key of "Test", a SHA-384 hash and a salt of "mysalt":
openssl kdf -keylen 32 -kdfopt digest:sha384 -kdfopt key:Test -kdfopt salt:mysalt -kdfopt info:label HKDF Password/key: Test Salt: mysalt Method: HKDF Digest: sha384 Size: 32 ============ Derived key: 64:92:2B:94:03:C7:00:A5:15:7E:98:AA:3B:E7:F3:6B:DB:1E:B6:DB:1D:D1:50:5D:93:51:47:51:49:F0:6D:EB
For PBKDF2 with a password of "Test", a SHA-384 hash and a salt of "mysalt":
openssl kdf -keylen 32 -kdfopt digest:sha384 -kdfopt pass:Test -kdfopt salt:mysalt -kdfopt info:label PBKDF2 Password/key: Test Salt: mysalt Method: PBKDF2 Digest: sha384 Size: 32 ============ Derived key: 3E:76:69:2C:DE:70:C7:A9:7A:E6:75:28:C1:9C:DC:61:D7:A7:BF:8A:11:CE:97:97:97:42:A7:3F:0E:60:22:C8
And for SCRYPT, with a password of "Test", a SHA-384 hash and a salt of "mysalt":
openssl kdf -keylen 32 -kdfopt pass:Test -kdfopt salt:mysalt -kdfopt n:1024 -kdfopt r:8 -kdfopt p:16 -kdfopt maxmem_bytes:10485760 SCRYPT Password/key: Test Salt: mysalt Method: SCRYPT Digest: sha384 Size: 32 ============ Derived key: DB:69:83:9A:FB:52:94:6F:81:56:A9:F7:C5:E9:DA:6A:89:36:94:44:79:12:18:69:A7:A6:54:6D:D3:28:5F:1D