{ "cells": [ { "cell_type": "markdown", "id": "ffcb2426-5881-49f2-a78c-32022c0bbd26", "metadata": {}, "source": [ "# Key Derivation" ] }, { "cell_type": "markdown", "id": "eac52b1f-245a-4b6d-afd2-18b31406ae45", "metadata": {}, "source": [ "Multiple secret subkeys can be derived from a single master key.\n", "\n", "Given the master key and a key identifier, a subkey can be deterministically computed. However, given a subkey, an attacker cannot compute the master key nor any other subkeys.\n", "\n", "The crypto_kdf API can derive up to 2^64 keys from a single master key and context, and individual subkeys can have an arbitrary length between 128 (16 bytes) and 512 bits (64 bytes)." ] }, { "cell_type": "code", "execution_count": 1, "id": "1bb90d87-694b-4c54-a945-4d0c0555109c", "metadata": { "tags": [] }, "outputs": [], "source": [ "%load_ext sql" ] }, { "cell_type": "code", "execution_count": 2, "id": "acbb8146-2d04-4787-b14b-1c12cb7ede59", "metadata": { "tags": [] }, "outputs": [], "source": [ "%config SqlMagic.feedback=False\n", "%config SqlMagic.displaycon=False\n", "%sql postgresql://postgres@/" ] }, { "cell_type": "code", "execution_count": 3, "id": "db873b15-f662-4785-890a-c37e811f4efb", "metadata": {}, "outputs": [ { "data": { "text/plain": [ "[]" ] }, "execution_count": 3, "metadata": {}, "output_type": "execute_result" } ], "source": [ "%%sql \n", "CREATE EXTENSION IF NOT EXISTS pgsodium;" ] }, { "cell_type": "markdown", "id": "0237cd39-c8ae-4c7b-8f75-0f4a77ea327e", "metadata": {}, "source": [ "### `derive_key(id integer, key_size integer = NULL, context bytea = 'pgsodium')`" ] }, { "cell_type": "code", "execution_count": 4, "id": "625f9bdb-3e65-4513-8c81-c34baa4c2118", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "b'\\xfd\\x95 Q%\\x16\\x9f\\xca5\\xac\\x18\\xf3\\x8az\\x98\\x9f\\x11fD\\x14\\x04|\\x02Q\\xe5M\\xbe\\xf7\\x82\\xf3|<'\n" ] } ], "source": [ "key = %sql select pgsodium.derive_key(42)\n", "print(key[0][0].tobytes())" ] }, { "cell_type": "code", "execution_count": 9, "id": "74764551-253b-4842-988a-1aa82b488a8f", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "b'\\xad\\xeeu\\x1d\\x1d\\xc3H\\xad\\x01\\x19\\xff\\x1alO\\x1e\\xf9e-\\xe2\\xf9\\x8b\\x9a\\x97>P\\x85\\x83C\\x9b$\\x04U!2+&\\xc4\\xdb\\x7f\\x07\\xb4\\x17\\xdf,\\x95\\xdce\\xa5x\\xb7A\\xaeG\\xc1=\\xff~N\\xdf\\xa1\\xfdc\\xf4J'\n" ] } ], "source": [ "key = %sql select pgsodium.derive_key(42, 64, 'foozbarz')\n", "print(key[0][0].tobytes())" ] } ], "metadata": { "kernelspec": { "display_name": "Python 3 (ipykernel)", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.9.2" } }, "nbformat": 4, "nbformat_minor": 5 }