├── .gitignore
├── LICENSE
├── README.md
├── example.js
├── index.js
├── package.json
└── test.js


/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | sandbox.js
3 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2019 Hyperdivision ApS
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # derive-key
 2 | 
 3 | Derive a named key from a high-entropy master key
 4 | 
 5 | ```
 6 | npm install derive-key
 7 | ```
 8 | 
 9 | ## Usage
10 | 
11 | ``` js
12 | const derive = require('derive-key')
13 | const masterKey = crypto.randomBytes(32) // make sure this is high-entropy master key, eg. from a CSPRNG
14 | 
15 | const key = derive('a namespace', masterKey, 'my-named-key')
16 | 
17 | console.log('the derived key is:', key)
18 | ```
19 | 
20 | ## API
21 | 
22 | #### `outputKey = derive(namespace, masterKey, name, [outputKey])`
23 | 
24 | Derive a named key from a 32 byte high-entropy master key. This can be 32-bytes of
25 | cryptographically secure randomness, eg from a CSPRNG. Do **NOT** use low entropy
26 | soruces such a passwords, passphrases or randomness from a predictable RNG.
27 | 
28 | The namespace should be an ascii string (fx your application name) and name can be a buffer
29 | or string reflecting the name of the key you want to derive.
30 | 
31 | Optionally you can pass in the output key parameter and the result will be written into this
32 | buffer instead of a new buffer being allocated internally.
33 | 
34 | ## License
35 | 
36 | MIT
37 | 


--------------------------------------------------------------------------------
/example.js:
--------------------------------------------------------------------------------
 1 | const derive = require('./')
 2 | 
 3 | const ns = 'test'
 4 | const input = 'google.com'
 5 | const masterKey = Buffer.alloc(32)
 6 | 
 7 | const out = derive(ns, masterKey, input)
 8 | 
 9 | console.log(out)
10 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
 1 | const blake2b = require('blake2b-universal')
 2 | 
 3 | module.exports = derive
 4 | 
 5 | function derive (ns, masterKey, input, output) {
 6 |   if (!output) output = Buffer.alloc(32)
 7 | 
 8 |   blake2b.batch(output, [
 9 |     Buffer.from(Buffer.byteLength(ns, 'ascii') + '\n' + ns, 'ascii'),
10 |     Buffer.isBuffer(input) ? input : Buffer.from(input)
11 |   ], masterKey)
12 | 
13 |   return output
14 | }
15 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "derive-key",
 3 |   "version": "1.0.1",
 4 |   "description": "Derive a named key from a master key",
 5 |   "main": "index.js",
 6 |   "dependencies": {
 7 |     "blake2b-universal": "^1.0.0"
 8 |   },
 9 |   "devDependencies": {
10 |     "standard": "^12.0.1",
11 |     "tape": "^4.10.2"
12 |   },
13 |   "scripts": {
14 |     "test": "standard && tape test.js"
15 |   },
16 |   "repository": {
17 |     "type": "git",
18 |     "url": "https://github.com/hyperdivision/derive-key.git"
19 |   },
20 |   "author": "Mathias Buus (@mafintosh)",
21 |   "license": "MIT",
22 |   "bugs": {
23 |     "url": "https://github.com/hyperdivision/derive-key/issues"
24 |   },
25 |   "homepage": "https://github.com/hyperdivision/derive-key"
26 | }
27 | 


--------------------------------------------------------------------------------
/test.js:
--------------------------------------------------------------------------------
 1 | const tape = require('tape')
 2 | const derive = require('./')
 3 | 
 4 | tape('can derive', function (t) {
 5 |   const mk = Buffer.alloc(32)
 6 | 
 7 |   t.deepEquals(derive('test', mk, 'a'), derive('test', mk, 'a'))
 8 |   t.notDeepEquals(derive('test', mk, 'b'), derive('test', mk, 'a'))
 9 |   t.notDeepEquals(derive('test 2', mk, 'a'), derive('test', mk, 'a'))
10 | 
11 |   t.end()
12 | })
13 | 


--------------------------------------------------------------------------------