cryptography icon indicating copy to clipboard operation
cryptography copied to clipboard

Published 20 hours ago verified publisher icon dint-dev

Make HKDF nonce optional

Open CDDelta opened this issue 4 years ago • 0 comments

In version 2.0.0-nullsafety.2 of cryptography, the Dart implementation of HKDF requires a non-empty nonce which differs from the web crypto implementation and past versions of the package.

Providing Uint8List(0) as a nonce like below throws an error.

  final keyByteLength = 256 ~/ 8;
  final kdf = Hkdf(hmac: Hmac(Sha256()), outputLength: keyByteLength);
  
  final derivedKey = await kdf.deriveKey(
    secretKey: secretKey,
    info: utf8.encode('some info'),
    nonce: Uint8List(0),
  );

My use case for this is to deterministically generate a key from a user-provided key without any additional inputs.

CDDelta avatar Jan 27 '21 01:01 CDDelta