| Copyright | (c) 2025 Jared Tobin |
|---|---|
| License | MIT |
| Maintainer | Jared Tobin <jared@ppad.tech> |
| Safe Haskell | Safe-Inferred |
| Language | Haskell2010 |
Crypto.KDF.PBKDF
Contents
Description
A pure PBKDF2 (password-based key derivation function) implementation, as specified by RFC2898.
Synopsis
- type HMAC = ByteString -> ByteString -> ByteString
- derive :: HMAC -> ByteString -> ByteString -> Word64 -> Word32 -> Maybe ByteString
HMAC synonym
type HMAC = ByteString -> ByteString -> ByteString Source #
A HMAC function, taking a key as the first argument and the input value as the second, producing a MAC digest.
(RFC2898 specifically requires a "pseudorandom function" of two arguments, but in practice this will usually be a HMAC function.)
>>>import qualified Crypto.Hash.SHA256 as SHA256>>>:t SHA256.hmacSHA256.hmac :: BS.ByteString -> BS.ByteString -> BS.ByteString>>>SHA256.hmac "my HMAC key" "my HMAC input"<256-bit MAC>
PBKDF2
Arguments
| :: HMAC | pseudo-random function (HMAC) |
| -> ByteString | password |
| -> ByteString | salt |
| -> Word64 | iteration count |
| -> Word32 | bytelength of derived key (max 0xffff_ffff * hlen) |
| -> Maybe ByteString | derived key |
Derive a key from a secret via the PBKDF2 key derivation function.
>>>:set -XOverloadedStrings>>>import qualified Crypto.Hash.SHA256 as SHA256>>>import qualified Data.ByteString as BS>>>import qualified Data.ByteString.Base16 as B16>>>let Just key = derive SHA256.hmac "passwd" "salt" 1 64>>>BS.take 16 (B16.encode key)"55ac046e56e3089f"