hash_hkdf()
(PHP 7 >= 7.1.2)
Generate a HKDF key derivation of a supplied key input
说明
hash_hkdf(string $algo,string $ikm[,int $length= 0[,string $info=''[,string $salt='']]]): string
参数
- $algo
Name of selected hashing algorithm (i.e."sha256","sha512","haval160,4", etc..)Seehash_algos()for a list of supported algorithms.
Note:
Non-cryptographic hash functions are not allowed.
- $ikm
Input keying material (raw binary). Cannot be empty.
- $length
Desired output length in bytes. Cannot be greater than 255 times the chosen hash function size.
If$lengthis0, the output length will default to the chosen hash function size.
- $info
Application/context-specific info string.
- $salt
Salt to use during derivation.
While optional, adding random salt significantly improves the strength of HKDF.
返回值
Returns a string containing a raw binary representation of the derived key (also known as output keying material - OKM);orFALSE
on failure.
错误/异常
AnE_WARNING
will be raised if$ikmis empty,$algois unknown/non-cryptographic,$lengthis less than0or too large (greater than 255 times the size of the hash function).
范例
Example #1hash_hkdf()example
<?php // Generate a random key, and salt to strengthen it during derivation. $inputKey = random_bytes(32); $salt = random_bytes(16); // Derive a pair of separate keys, using the same input created above. $encryptionKey = hash_hkdf('sha256', $inputKey, 32, 'aes-256-encryption', $salt); $authenticationKey = hash_hkdf('sha256', $inputKey, 32, 'sha-256-authentication', $salt); var_dump($encryptionKey !== $authenticationKey); // bool(true) ?>
The above example produces a pair of separate keys, suitable for creation of an encrypt-then-HMAC construct, using AES-256 and SHA-256 for encryption and authentication respectively.
参见
hash_pbkdf2()
生成所提供密码的 PBKDF2 密钥导出- » RFC 5869
- » userland implementation