KdfForCms Method

Generate a key-encryption key (KEK) for ECDH key exchange in a CMS EnvelopedData object.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.30549 (23.1.0.0)

Syntax

public static byte[] ForCms(
	byte[] zz,
	KdfKeyWrapAlg keyWrapAlg,
	KdfKdfAlg kdfAlg = KdfKdfAlg.X963,
	KdfHashAlg hashAlg = KdfHashAlg.Sha1,
	byte[] ukm = null
)

Public Shared Function ForCms ( 
	zz As Byte(),
	keyWrapAlg As KdfKeyWrapAlg,
	Optional kdfAlg As KdfKdfAlg = KdfKdfAlg.X963,
	Optional hashAlg As KdfHashAlg = KdfHashAlg.Sha1,
	Optional ukm As Byte() = Nothing
) As Byte()

Parameters

zz Byte: Input key material/shared secret value (denoted variously as ZZ/Z/K/IKM)
keyWrapAlg KdfKeyWrapAlg: Key wrap algorithm (required, cannot be Default)
kdfAlg KdfKdfAlg (Optional): Key derivation function to use.
hashAlg KdfHashAlg (Optional): Hash algorithm to use with the key derivation function (default is SHA-1)
ukm Byte (Optional): Optional user key material (ukm)

Return Value

Byte
Output key material (KEK).

Remarks

This is a specialist function using the key definition algorithms described in [RFC5753] and [RFC8418] when used for key agreement with ECDH in a CMS EnvelopedData object. The key-encryption key is derived using the ECC-CMS-SharedInfo type, described in section 7.2 of [RFC5753].

Reference

Kdf Class

CryptoSysPKI Namespace