deriveKey method

  1. @override
Future<SecretKey> deriveKey({
  1. required SecretKey secretKey,
  2. required List<int> nonce,
})

Generates a new secret key from a secret key and a nonce.

The nonce ("salt") should be some random sequence of bytes. Nonce does not need to be protected. If possible, you should have a different nonce for each key derivation.

Implementation

@override
Future<SecretKey> deriveKey({
  required SecretKey secretKey,
  required List<int> nonce,
}) async {
  final macAlgorithm = this.macAlgorithm;
  if (macAlgorithm is Hmac) {
    final hashAlgorithm = macAlgorithm.hashAlgorithm;
    if (hashAlgorithm is Blake2s) {
      final result = await compute(
        _computeDeriveKeyHmacBlake2s,
        await _args(secretKey, nonce),
        debugLabel: _debugLabel,
      );
      return SecretKeyData(result);
    }
    if (hashAlgorithm is Sha256) {
      final result = await compute(
        _computeDeriveKeyHmacSha256,
        await _args(secretKey, nonce),
        debugLabel: _debugLabel,
      );
      return SecretKeyData(result);
    }
    if (hashAlgorithm is Sha512) {
      final result = await compute(
        _computeDeriveKeyHmacSha512,
        await _args(secretKey, nonce),
        debugLabel: _debugLabel,
      );
      return SecretKeyData(result);
    }
  }
  return await DartPbkdf2(
    macAlgorithm: macAlgorithm,
    iterations: iterations,
    bits: bits,
  ).deriveKey(
    secretKey: secretKey,
    nonce: nonce,
  );
}