====== WvdS.System.Security.Cryptography.KeyDerivation Namespace ======

Contains classes for key derivation (KDF) with PQ support.

----

===== Classes =====

^  Class  ^  Description  ^
| [[.:keyderivationextensions|KeyDerivationExtensions]] | KDF functions (HKDF, PBKDF2, Argon2id) |
| [[.:hybridkeymaterial|HybridKeyMaterial]] | Container for derived keys |
| [[.:tlskeymaterial|TlsKeyMaterial]] | TLS-style key material |
| [[.:tls13keyschedule|Tls13KeySchedule]] | TLS 1.3 key schedule |

----

===== Supported KDFs =====

^  Function  ^  Standard  ^  Usage  ^
| HKDF | RFC 5869((RFC 5869: https://datatracker.ietf.org/doc/html/rfc5869)) | Session keys from shared secret |
| PBKDF2 | RFC 8018((RFC 8018: https://datatracker.ietf.org/doc/html/rfc8018)) | Password-based keys |
| Argon2id | RFC 9106((RFC 9106: https://datatracker.ietf.org/doc/html/rfc9106)) | Memory-hard KDF |

----

===== Example =====

<code csharp>
using WvdS.System.Security.Cryptography.KeyDerivation;

byte[] sharedSecret = /* from ML-KEM */;
byte[] salt = RandomNumberGenerator.GetBytes(32);

// HKDF for session keys
byte[] aesKey = KeyDerivationExtensions.DeriveKey(
    sharedSecret,
    outputLength: 32,
    salt: salt,
    info: Encoding.UTF8.GetBytes("AES-256-GCM"));

// Hybrid key derivation
byte[] hybridKey = KeyDerivationExtensions.DeriveHybridKey(
    classicSecret: ecdhSecret,
    pqSecret: mlKemSecret,
    outputLength: 32);
</code>

----

===== See Also =====

  * [[..:keyexchange:start|KeyExchange Namespace]]
  * [[..:encryption:start|Encryption Namespace]]
  * [[en:int:pqcrypt:api:start|API Overview]]

{{tag>namespace kdf hkdf pbkdf2 argon2id}}

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//