Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 3d8c66f9a01b8982902f69ae960fcc85aa43bfb8 / . / docs / hazmat / primitives / key-derivation-functions.rst
blob: e16a9900ce5badf03def7f1c4c4c5b9c61dd5427 [file] [log] [blame]
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]1.. hazmat::
2
3Key Derivation Functions
4========================
5
6.. currentmodule:: cryptography.hazmat.primitives.kdf
7
Paul Kehrer3d8c66f2014-01-28 17:36:50 -0600[diff] [blame^]8Key derivation functions derive key material from passwords or other data
9sources using a pseudo-random function (PRF). Each KDF is suitable for
10different tasks (cryptographic key derivation, password storage,
11key stretching) so match your needs to their capabilities.
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]12
Paul Kehrerb3f763f2014-01-28 16:42:15 -0600[diff] [blame]13.. class:: PBKDF2HMAC(algorithm, length, salt, iterations, backend):
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]14
Paul Kehrer5d1af212014-01-28 12:19:32 -0600[diff] [blame]15 .. versionadded:: 0.2
16
Paul Kehrer3d8c66f2014-01-28 17:36:50 -0600[diff] [blame^]17 PBKDF2 (Password Based Key Derivation Function 2) is typically used for
18 deriving a cryptographic key from a password. It may also be used for
19 key storage, but other key storage KDFs such as `scrypt`_ or `bcrypt`_
20 are generally considered better solutions since they are designed to be
21 slow.
22
Paul Kehrer5d1af212014-01-28 12:19:32 -0600[diff] [blame]23 This class conforms to the
24 :class:`~cryptography.hazmat.primitives.interfaces.KeyDerivationFunction`
25 interface.
26
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]27 .. doctest::
28
Paul Kehrer5d1af212014-01-28 12:19:32 -0600[diff] [blame]29 >>> import os
30 >>> from cryptography.hazmat.primitives import hashes
Paul Kehrerb3f763f2014-01-28 16:42:15 -0600[diff] [blame]31 >>> from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]32 >>> from cryptography.hazmat.backends import default_backend
33 >>> backend = default_backend()
34 >>> salt = os.urandom(16)
35 >>> # derive
Paul Kehrerb3f763f2014-01-28 16:42:15 -0600[diff] [blame]36 >>> kdf = PBKDF2HMAC(
37 ... algorithm=hashes.SHA256(),
38 ... length=32,
39 ... salt=salt,
Paul Kehrer1277bc72014-01-28 17:09:59 -0600[diff] [blame]40 ... iterations=100000,
Paul Kehrerb3f763f2014-01-28 16:42:15 -0600[diff] [blame]41 ... backend=backend
42 ... )
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]43 >>> key = kdf.derive(b"my great password")
44 >>> # verify
Paul Kehrerb3f763f2014-01-28 16:42:15 -0600[diff] [blame]45 >>> kdf = PBKDF2HMAC(
46 ... algorithm=hashes.SHA256(),
47 ... length=32,
48 ... salt=salt,
Paul Kehrer1277bc72014-01-28 17:09:59 -0600[diff] [blame]49 ... iterations=100000,
Paul Kehrerb3f763f2014-01-28 16:42:15 -0600[diff] [blame]50 ... backend=backend
51 ... )
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]52 >>> kdf.verify(b"my great password", key)
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]53
Paul Kehrer5d1af212014-01-28 12:19:32 -0600[diff] [blame]54 :param algorithm: An instance of a
55 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
56 provider.
57 :param int length: The desired length of the derived key. Maximum is
Paul Kehrerb3f763f2014-01-28 16:42:15 -0600[diff] [blame]58 (2\ :sup:`32` - 1) * ``algorithm.digest_size``.
Paul Kehrer5d1af212014-01-28 12:19:32 -0600[diff] [blame]59 :param bytes salt: A salt. `NIST SP 800-132`_ recommends 128-bits or
60 longer.
61 :param int iterations: The number of iterations to perform of the hash
Paul Kehrerb3f763f2014-01-28 16:42:15 -0600[diff] [blame]62 function. See OWASP's `Password Storage Cheat Sheet`_ for more
Paul Kehrer3d8c66f2014-01-28 17:36:50 -0600[diff] [blame^]63 detailed recommendations if you intend to use this for password storage.
Paul Kehrer5d1af212014-01-28 12:19:32 -0600[diff] [blame]64 :param backend: A
65 :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
66 provider.
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]67
Paul Kehrer3d8c66f2014-01-28 17:36:50 -0600[diff] [blame^]68 .. method:: derive(key_material)
69
70 :param key_material bytes: The input key material. For PBKDF2 this
71 should be a password.
72 :return: The new key.
73 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
74 :meth:`derive` or
75 :meth:`verify` is
76 called more than
77 once.
78
79 This generates and returns a new key from the supplied password.
80
81 .. method:: verify(key_material, expected_key)
82
83 :param key_material bytes: The input key material. This is the same as
84 ``key_material`` in :meth:`derive`.
85 :param expected_key bytes: The expected result of deriving a new key,
86 this is the same as the return value of
87 :meth:`derive`.
88 :raises cryptography.exceptions.InvalidKey: This is raised when the
89 derived key does not match
90 the expected key.
91 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
92 :meth:`derive` or
93 :meth:`verify` is
94 called more than
95 once.
96
97 This checks whether deriving a new key from the supplied
98 ``key_material`` generates the same key as the ``expected_key``, and
99 raises an exception if they do not match. This can be used for
100 checking whether a user's password attempt matches the stored derived
101 key.
102
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]103.. _`NIST SP 800-132`: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
Paul Kehrerb3f763f2014-01-28 16:42:15 -0600[diff] [blame]104.. _`Password Storage Cheat Sheet`: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
Paul Kehrer3d8c66f2014-01-28 17:36:50 -0600[diff] [blame^]105.. _`bcrypt`: http://en.wikipedia.org/wiki/Bcrypt
106.. _`scrypt`: http://en.wikipedia.org/wiki/Scrypt