// Copyright 2014 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package hkdf_test import ( "bytes" "crypto/rand" "crypto/sha256" "fmt" "io" "internal/x/crypto/hkdf" ) // Usage example that expands one master secret into three other // cryptographically secure keys. func Example_usage() { // Underlying hash function for HMAC. hash := sha256.New // Cryptographically secure master secret. secret := []byte{0x00, 0x01, 0x02, 0x03} // i.e. NOT this. // Non-secret salt, optional (can be nil). // Recommended: hash-length random value. salt := make([]byte, hash().Size()) if _, err := rand.Read(salt); err != nil { panic(err) } // Non-secret context info, optional (can be nil). info := []byte("hkdf example") // Generate three 128-bit derived keys. hkdf := hkdf.New(hash, secret, salt, info) var keys [][]byte for i := 0; i < 3; i++ { key := make([]byte, 16) if _, err := io.ReadFull(hkdf, key); err != nil { panic(err) } keys = append(keys, key) } for i := range keys { fmt.Printf("Key #%d: %v\n", i+1, !bytes.Equal(keys[i], make([]byte, 16))) } // Output: // Key #1: true // Key #2: true // Key #3: true }