3.5.3 HMAC-based key derivation function (HKDF)
All Application Manual Name SummaryHelp

Availability::- use_module(library(crypto)).(can be autoloaded)
Source[det]crypto_data_hkdf(+Data, +Length, -Bytes, +Options)
Concentrate possibly dispersed entropy of Data and then expand it to the desired length. Bytes is unified with a list of bytes of length Length, and is suitable as input keying material and initialization vectors to the symmetric encryption predicates.

Admissible options are:

algorithm(+Algorithm)
A hashing algorithm as specified to crypto_data_hash/3. The default is a cryptographically secure algorithm. If you specify a variable, then it is unified with the algorithm that was used.
info(+Info)
Optional context and application specific information, specified as an atom, string or list of bytes. The default is the zero length atom” .
salt(+List)
Optionally, a list of bytes that are used as salt. The default is all zeroes.
encoding(+Atom)
Either utf8 (default) or octet, denoting the representation of Data as in crypto_data_hash/3.

The info/1 option can be used to generate multiple keys from a single master key, using for example values such as key and iv, or the name of a file that is to be encrypted.

This predicate requires OpenSSL 1.1.0 or greater.

See also
- crypto_n_random_bytes/2 to obtain a suitable salt.
- crypto_data_hash/3 to compute a HMAC signature.