A standalone Java 7 implementation of HMAC-based key derivation function (HKDF) defined in RFC 5869 first described by Hugo Krawczyk. HKDF follows the "extract-then-expand" paradigm which is compatible to NIST 800-56C Rev. 1 two step KDF
SecretKey
types instead of byte array - helps to be compatible with some security frameworks #4The interface HkdfMacFactory changed to accept SecretKey
and two new methods where added for creating
a secret key from a raw byte source and to return the mac length in bytes. See the default implementation
for details on how to implement this if you need a custom impl.
extract(ikm,salt)
to a more RFC compliant extract(salt,ikm)
(also extractAndExpand()
)