Libgcypt provides a general purpose function to derive keys from strings.
Derive a key from a passphrase. keysize gives the requested size of the keys in octets. keybuffer is a caller provided buffer filled on success with the derived key. The input passphrase is taken from passphrase which is an arbitrary memory buffer of passphraselen octets. algo specifies the KDF algorithm to use; see below. subalgo specifies an algorithm used internally by the KDF algorithms; this is usually a hash algorithm but certain KDF algorithms may use it differently. salt is a salt of length saltlen octets, as needed by most KDF algorithms. iterations is a positive integer parameter to most KDFs.
On success 0 is returned; on failure an error code.
Currently supported KDFs (parameter algo):
- The OpenPGP simple S2K algorithm (cf. RFC4880). Its use is strongly deprecated. salt and iterations are not needed and may be passed as
- The OpenPGP salted S2K algorithm (cf. RFC4880). Usually not used. iterations is not needed and may be passed as
0. saltlen must be given as 8.
- The OpenPGP iterated+salted S2K algorithm (cf. RFC4880). This is the default for most OpenPGP applications. saltlen must be given as 8. Note that OpenPGP defines a special encoding of the iterations; however this function takes the plain decoded iteration count.
- The PKCS#5 Passphrase Based Key Derivation Function number 2.