Closed squell closed 6 months ago
RFC 9180 essentially uses a KDF:
base_nonce
together with a sequence numberbase_nonce
is generated using LabeledExpand
, which calls Expand
:Expand(prk, info, L): Expand a pseudorandom key prk using optional string info into L bytes of output keying material.
Which is specified by the KDF.
E.g. to see what a secure construction is.