Aa function for deriving new secrets from an initial secret. It's defined as:
function Derive (key, feed_id, prev_msg_id, labels, length) {
var info = ['envelope', feed_id, prev_msg_id].concat(labels)
return HKDF.Expand(key, encode(info), length)
}keyis a cryptographic key you're deriving fromlabelsis an Array of stringsfeed_idandprev_msg_idare encoded in with the binary type-format-key (TFK) encoding- if there is no
prev_msg_id(because you're publishing the first message for this feed), we say the "key" part of the tfk encoding forprev_msg_idis a zero buffer of the same size, e.g.01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 │ │ └────────────────────┬────────────────────────────────────────────────────────────────────────┘ type │ hex encoded key format
- if there is no
HKDF.Expandis a hmac-like function which is specifically designed to generate random buffers of a given length.- we specify
sha256for hashing in HKDF-Expand - example of a node.js implementation : futoin-hkdf
- we specify
encodeis a shallow lenth-prefixed (SLP) encoding of an ordered list
We want to derive unique keys which are very unlikely to collide with other keys, where "unlikely" means:
- won't happen by chance
- won't be easy to trick a user to performing a particular derivation
By baking the context (feed_id and prev_msg_id) into the info used to derive new secrets,
we make the derive function very specific.
This has the side-effect that we can use zero'd nonces for encryption, because we can be very sure that the same key will not be generated twice.