deriveBits abstract method
Derive key from salt
, info
and password specified as keyData
in
importRawKey.
The length
of the key to be derived must be specified in bits as a
multiple of 8.
Using sufficiently large random salt
makes hard for an adversary to
precompute the most likely keys using a dictionary of common passwords.
The salt
also serves make the same password have yield different keys.
For details on salt
see RFC 5869 section 3.1.
The info
serves to bind the derived key to an application specific
context. For example, if the same keyData
is used to derive keys for
different use cases, then using a different info
for each purpose
ensures that the derived keys are different.
For details on info
see RFC 5869 section 3.2.
Example
import 'dart:convert' show utf8, base64;
import 'package:webcrypto/webcrypto.dart';
// Provide a password to be used for key derivation
final key = await HkdfSecretKey.importRawKey(utf8.decode(
'my-password-in-plain-text',
));
// Derive a key from password
final derivedKey = await HkdfSecretKey.deriveBits(
256, // number of bits to derive.
Hash.sha256,
utf8.decode('unique salt'),
utf8.decode('creating derivedKey in example'),
);
// Print the derived key, this could also be used as basis for other new
// symmetric cryptographic keys.
print(base64.encode(derivedKey));
Implementation
Future<Uint8List> deriveBits(
int length,
Hash hash,
List<int> salt,
List<int> info,
);