Inhaltsverzeichnis

WvdS.System.Security.Cryptography.KeyDerivation Namespace

Contains classes for key derivation (KDF) with PQ support.

Classes

Class Description
KeyDerivationExtensions KDF functions (HKDF, PBKDF2, Argon2id)
HybridKeyMaterial Container for derived keys
TlsKeyMaterial TLS-style key material
Tls13KeySchedule TLS 1.3 key schedule

Supported KDFs

Function Standard Usage
HKDF RFC 58691) Session keys from shared secret
PBKDF2 RFC 80182) Password-based keys
Argon2id RFC 91063) Memory-hard KDF

Example

using WvdS.System.Security.Cryptography.KeyDerivation;
 
byte[] sharedSecret = /* from ML-KEM */;
byte[] salt = RandomNumberGenerator.GetBytes(32);
 
// HKDF for session keys
byte[] aesKey = KeyDerivationExtensions.DeriveKey(
    sharedSecret,
    outputLength: 32,
    salt: salt,
    info: Encoding.UTF8.GetBytes("AES-256-GCM"));
 
// Hybrid key derivation
byte[] hybridKey = KeyDerivationExtensions.DeriveHybridKey(
    classicSecret: ecdhSecret,
    pqSecret: mlKemSecret,
    outputLength: 32);

See Also

, , , ,

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

1)
RFC 5869: https://datatracker.ietf.org/doc/html/rfc5869
2)
RFC 8018: https://datatracker.ietf.org/doc/html/rfc8018
3)
RFC 9106: https://datatracker.ietf.org/doc/html/rfc9106