Score:1

HKDF with predefined IV

fr flag

Can I generate from a randomly generated key let say three other keys via HKDF with predefined IVs, eg. Sha-256 of "apple", "banana", "pear"?

My use-case is an app that at the beginning generates one key from which is created every other key using HKDF for each individual DB and the IV for each generation is an SHA-256 of the DB's name. So every app has a different master key but the IVs for DBs are the same.

This paper says that the IV needs to be random but can be public, but I'm not sure whether that means that two apps cannot use the same IV for different master keys or that for a key generation with one master key I cannot use one IV twice (which would produce the same key of course).

Score:2
in flag

HKDF doesn't use any IV. HKDF uses a Salt during Extraction and an Info field during expansion phase. Both the Salt and the Info field are optional.

If you already have a randomly generated secret then you only need HKDF-Expand, in which case the salt is not used. You can skip HKDF-Extract as long as you use a 128 bit+ key and as long as you don't use the key for anything else (domain separation).

The Info field is used to derive keys for specific entities and / or purposes. In your case the Info field could consist of the ASCII encoding of "apple", "banana" or "pear".

There is usually no need to hash the Info field as it is used as part of the message input for HMAC (internal to HKDF). the only reason to do so is if both the label and the output is really large, because in that case the info will be processed multiple times by the hash function.

The salt can be used to differentiate keys as well (for salt >= 256 bit preferably), but usually you'd make sure that the input keying material is is refreshed if you need new session keys (with the same Info field).

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.