.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "Crypt::KeyDerivation 3"
.TH Crypt::KeyDerivation 3 "2022-01-07" "perl v5.26.3" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
Crypt::KeyDerivation \- PBKDF1, PBKDF2 and HKDF key derivation functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\&  use Crypt::KeyDerivation \*(Aq:all\*(Aq;
\&
\&  ### PBKDF1/2
\&  $derived_key1 = pbkdf1($password, $salt, $iteration_count, $hash_name, $len);
\&  $derived_key2 = pbkdf2($password, $salt, $iteration_count, $hash_name, $len);
\&
\&  ### HKDF & co.
\&  $derived_key3 = hkdf($keying_material, $salt, $hash_name, $len, $info);
\&  $prk  = hkdf_extract($keying_material, $salt, $hash_name);
\&  $okm1 = hkdf_expand($prk, $hash_name, $len, $info);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Provides an interface to Key derivation functions:
.IP "\(bu" 4
\&\s-1PBKDF1\s0 and \s-1PBKDF\s0 according to PKCS#5 v2.0 <https://tools.ietf.org/html/rfc2898>
.IP "\(bu" 4
\&\s-1HKDF\s0 (+ related) according to <https://tools.ietf.org/html/rfc5869>
.SH "FUNCTIONS"
.IX Header "FUNCTIONS"
.SS "pbkdf1"
.IX Subsection "pbkdf1"
\&\fB\s-1BEWARE:\s0\fR if you are not sure, do not use \f(CW\*(C`pbkdf1\*(C'\fR but rather choose \f(CW\*(C`pbkdf2\*(C'\fR.
.PP
.Vb 7
\&  $derived_key = pbkdf1($password, $salt, $iteration_count, $hash_name, $len);
\&  #or
\&  $derived_key = pbkdf1($password, $salt, $iteration_count, $hash_name);
\&  #or
\&  $derived_key = pbkdf1($password, $salt, $iteration_count);
\&  #or
\&  $derived_key = pbkdf1($password, $salt);
\&
\&  # $password ......... input keying material  (password)
\&  # $salt ............. salt/nonce (expected length: 8)
\&  # $iteration_count .. optional, DEFAULT: 5000
\&  # $hash_name ........ optional, DEFAULT: \*(AqSHA256\*(Aq
\&  # $len .............. optional, derived key len, DEFAULT: 32
.Ve
.SS "pbkdf2"
.IX Subsection "pbkdf2"
.Vb 7
\&  $derived_key = pbkdf2($password, $salt, $iteration_count, $hash_name, $len);
\&  #or
\&  $derived_key = pbkdf2($password, $salt, $iteration_count, $hash_name);
\&  #or
\&  $derived_key = pbkdf2($password, $salt, $iteration_count);
\&  #or
\&  $derived_key = pbkdf2($password, $salt);
\&
\&  # $password ......... input keying material (password)
\&  # $salt ............. salt/nonce
\&  # $iteration_count .. optional, DEFAULT: 5000
\&  # $hash_name ........ optional, DEFAULT: \*(AqSHA256\*(Aq
\&  # $len .............. optional, derived key len, DEFAULT: 32
.Ve
.SS "hkdf"
.IX Subsection "hkdf"
.Vb 7
\&  $okm2 = hkdf($password, $salt, $hash_name, $len, $info);
\&  #or
\&  $okm2 = hkdf($password, $salt, $hash_name, $len);
\&  #or
\&  $okm2 = hkdf($password, $salt, $hash_name);
\&  #or
\&  $okm2 = hkdf($password, $salt);
\&
\&  # $password ... input keying material (password)
\&  # $salt ....... salt/nonce, if undef defaults to HashLen zero octets
\&  # $hash_name .. optional, DEFAULT: \*(AqSHA256\*(Aq
\&  # $len ........ optional, derived key len, DEFAULT: 32
\&  # $info ....... optional context and application specific information, DEFAULT: \*(Aq\*(Aq
.Ve
.SS "hkdf_extract"
.IX Subsection "hkdf_extract"
.Vb 3
\&  $prk  = hkdf_extract($password, $salt, $hash_name);
\&  #or
\&  $prk  = hkdf_extract($password, $salt, $hash_name);
\&
\&  # $password ... input keying material (password)
\&  # $salt ....... salt/nonce, if undef defaults to HashLen zero octets
\&  # $hash_name .. optional, DEFAULT: \*(AqSHA256\*(Aq
.Ve
.SS "hkdf_expand"
.IX Subsection "hkdf_expand"
.Vb 7
\&  $okm = hkdf_expand($pseudokey, $hash_name, $len, $info);
\&  #or
\&  $okm = hkdf_expand($pseudokey, $hash_name, $len);
\&  #or
\&  $okm = hkdf_expand($pseudokey, $hash_name);
\&  #or
\&  $okm = hkdf_expand($pseudokey);
\&
\&  # $pseudokey .. input keying material
\&  # $hash_name .. optional, DEFAULT: \*(AqSHA256\*(Aq
\&  # $len ........ optional, derived key len, DEFAULT: 32
\&  # $info ....... optional context and application specific information, DEFAULT: \*(Aq\*(Aq
.Ve