This is a draft of a PR to produce a derived symmetric key that's HIS compliant from an existing key. The approach is like so:
First, validate that the input key conforms to the highly identifiable secret (HIS) v1 standard. This requires providing the checksum seed only (the signature is obtained from the key itself) and a textual input that uniquely identifies the derived key.
Retrieve the signature from the key and generate a derived key checksum seed by XOR'ing the original.
Using the input key as the secret, produce an HMAC cryptographic hash of the textual input.
The resulting 32-byte hash is then transformed into an HIS v1 key by adding the fixed signature and the computed Marvin32 checksum of the HMAC, Marvin being initialized with the derived key checksum seed.
The output is a 39-byte base64-encoded value that preserve the full 32-byte HMAC bytes.
This is a draft of a PR to produce a derived symmetric key that's HIS compliant from an existing key. The approach is like so:
highly identifiable secret(HIS) v1 standard. This requires providing the checksum seed only (the signature is obtained from the key itself) and a textual input that uniquely identifies the derived key.The output is a 39-byte base64-encoded value that preserve the full 32-byte HMAC bytes.