Howto

Example: Converting a password into a cryptographic key

The following code snippets are actually compiled and run during the BouncyGPG build process. This ensures that all examples are correct. Usage with Bouncy-GPGCryptographic key derivation functions should be used to derive a key from a password (or any other source material). Bouncy-GPG uses SCrypt for key stretching. The following snippet will derive a 256 bit key from a strong password. The derivation process is configured by SCryptKeyStretchingParameters.forStrongInputKeyMaterial(). This will give a very quick key derivation and is only secure because the password is very long and random. »

Example: Deriving record specific keys

The following code snippets are actually compiled and run during the BouncyGPG build process. This ensures that all examples are correct. To derive another key from one (master key) a key derivation function should be used. HKDF defined in RFC5869 is such a function. Internally HKDF uses an HMAC to derive multiple keys fro one master key. To quote from RFC5869: A key derivation function (KDF) is a basic and essential component of cryptographic systems. »