class Epithet::Keygen

Key derivation helper

Constants

DEFAULT_SCRYPT_PARAMS

Default parameters for scrypt.

DEFAULT_SCRYPT_PARAMS = {
  salt: 'epithet-default',
  N: 1<<17,
  r: 8,
  p: 1,
  length: 32
}.freeze

Public Class Methods

new (ikm: nil, passphrase: nil, digest: "sha256", scrypt: DEFAULT_SCRYPT_PARAMS)

Source

# File lib/epithet.rb, line 200
def initialize(ikm: nil, passphrase: nil, digest: "sha256", scrypt: DEFAULT_SCRYPT_PARAMS)
  if (passphrase.nil? && ikm.nil?) || (!passphrase.nil? && !ikm.nil?)
    raise ArgumentError, "keygen requires either ikm or passphrase"
  end

  @ikm = ikm || OpenSSL::KDF.scrypt(passphrase, **scrypt)
  @digest = digest
end

Create a new key generator from either high-entropy key material, or a supplied passphrase.

Public Instance Methods

generate (info, salt, length)

Source

# File lib/epithet.rb, line 214
def generate(info, salt, length)
  OpenSSL::KDF.hkdf(@ikm, hash: @digest, info: info, salt: salt, length: length)
end

Derive a key via HKDF.

inspect ()

Source

# File lib/epithet.rb, line 209
def inspect
  "#<#{self.class}:#{'%#016x' % (object_id << 1)} digest=#{@digest}>"
end