.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Crypt::KeyDerivation 3pm" .TH Crypt::KeyDerivation 3pm "2020-11-09" "perl v5.32.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Crypt::KeyDerivation \- PBKDF1, PBKDF2 and HKDF key derivation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use Crypt::KeyDerivation \*(Aq:all\*(Aq; \& \& ### PBKDF1/2 \& $derived_key1 = pbkdf1($password, $salt, $iteration_count, $hash_name, $len); \& $derived_key2 = pbkdf2($password, $salt, $iteration_count, $hash_name, $len); \& \& ### HKDF & co. \& $derived_key3 = hkdf($keying_material, $salt, $hash_name, $len, $info); \& $prk = hkdf_extract($keying_material, $salt, $hash_name); \& $okm1 = hkdf_expand($prk, $hash_name, $len, $info); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Provides an interface to Key derivation functions: .IP "\(bu" 4 \&\s-1PBKDF1\s0 and \s-1PBKDF\s0 according to PKCS#5 v2.0 .IP "\(bu" 4 \&\s-1HKDF\s0 (+ related) according to .SH "FUNCTIONS" .IX Header "FUNCTIONS" .SS "pbkdf1" .IX Subsection "pbkdf1" \&\fB\s-1BEWARE:\s0\fR if you are not sure, do not use \f(CW\*(C`pbkdf1\*(C'\fR but rather choose \f(CW\*(C`pbkdf2\*(C'\fR. .PP .Vb 7 \& $derived_key = pbkdf1($password, $salt, $iteration_count, $hash_name, $len); \& #or \& $derived_key = pbkdf1($password, $salt, $iteration_count, $hash_name); \& #or \& $derived_key = pbkdf1($password, $salt, $iteration_count); \& #or \& $derived_key = pbkdf1($password, $salt); \& \& # $password ......... input keying material (password) \& # $salt ............. salt/nonce (expected length: 8) \& # $iteration_count .. optional, DEFAULT: 5000 \& # $hash_name ........ optional, DEFAULT: \*(AqSHA256\*(Aq \& # $len .............. optional, derived key len, DEFAULT: 32 .Ve .SS "pbkdf2" .IX Subsection "pbkdf2" .Vb 7 \& $derived_key = pbkdf2($password, $salt, $iteration_count, $hash_name, $len); \& #or \& $derived_key = pbkdf2($password, $salt, $iteration_count, $hash_name); \& #or \& $derived_key = pbkdf2($password, $salt, $iteration_count); \& #or \& $derived_key = pbkdf2($password, $salt); \& \& # $password ......... input keying material (password) \& # $salt ............. salt/nonce \& # $iteration_count .. optional, DEFAULT: 5000 \& # $hash_name ........ optional, DEFAULT: \*(AqSHA256\*(Aq \& # $len .............. optional, derived key len, DEFAULT: 32 .Ve .SS "hkdf" .IX Subsection "hkdf" .Vb 7 \& $okm2 = hkdf($password, $salt, $hash_name, $len, $info); \& #or \& $okm2 = hkdf($password, $salt, $hash_name, $len); \& #or \& $okm2 = hkdf($password, $salt, $hash_name); \& #or \& $okm2 = hkdf($password, $salt); \& \& # $password ... input keying material (password) \& # $salt ....... salt/nonce, if undef defaults to HashLen zero octets \& # $hash_name .. optional, DEFAULT: \*(AqSHA256\*(Aq \& # $len ........ optional, derived key len, DEFAULT: 32 \& # $info ....... optional context and application specific information, DEFAULT: \*(Aq\*(Aq .Ve .SS "hkdf_extract" .IX Subsection "hkdf_extract" .Vb 3 \& $prk = hkdf_extract($password, $salt, $hash_name); \& #or \& $prk = hkdf_extract($password, $salt, $hash_name); \& \& # $password ... input keying material (password) \& # $salt ....... salt/nonce, if undef defaults to HashLen zero octets \& # $hash_name .. optional, DEFAULT: \*(AqSHA256\*(Aq .Ve .SS "hkdf_expand" .IX Subsection "hkdf_expand" .Vb 7 \& $okm = hkdf_expand($pseudokey, $hash_name, $len, $info); \& #or \& $okm = hkdf_expand($pseudokey, $hash_name, $len); \& #or \& $okm = hkdf_expand($pseudokey, $hash_name); \& #or \& $okm = hkdf_expand($pseudokey); \& \& # $pseudokey .. input keying material \& # $hash_name .. optional, DEFAULT: \*(AqSHA256\*(Aq \& # $len ........ optional, derived key len, DEFAULT: 32 \& # $info ....... optional context and application specific information, DEFAULT: \*(Aq\*(Aq .Ve