deriveKey method
Generates a new secret key from a secret key and a nonce.
The nonce ("salt") should be some random sequence of bytes. Nonce does not need to be protected. If possible, you should have a different nonce for each key derivation.
Implementation
@override
Future<SecretKey> deriveKey({
required SecretKey secretKey,
required List<int> nonce,
}) async {
final macAlgorithm = this.macAlgorithm;
if (macAlgorithm is Hmac) {
final hashAlgorithm = macAlgorithm.hashAlgorithm;
if (hashAlgorithm is Blake2s) {
final result = await compute(
_computeDeriveKeyHmacBlake2s,
await _args(secretKey, nonce),
debugLabel: _debugLabel,
);
return SecretKeyData(result);
}
if (hashAlgorithm is Sha256) {
final result = await compute(
_computeDeriveKeyHmacSha256,
await _args(secretKey, nonce),
debugLabel: _debugLabel,
);
return SecretKeyData(result);
}
if (hashAlgorithm is Sha512) {
final result = await compute(
_computeDeriveKeyHmacSha512,
await _args(secretKey, nonce),
debugLabel: _debugLabel,
);
return SecretKeyData(result);
}
}
return await DartPbkdf2(
macAlgorithm: macAlgorithm,
iterations: iterations,
bits: bits,
).deriveKey(
secretKey: secretKey,
nonce: nonce,
);
}