Create Symmetric Key Using HKDF Algorithm

You can create a symmetric key from another AES key using HMAC-based Extract-and-Expand Key Derivation Function (HKDF). To do so:

1. Create an NAESession object. Pass the NAE username and password as arguments. You may also need to pass a client certificate, depending on your SSL settings.

2. Create an HKDFParameterSpecand pass the following objects as arguments:

   • keyName: Name of the symmetric key to be created.

   • ikmKeyName: AES key (128/192/256) using which another symmetric key is to be created.

   • DerivationAlgo: (Optional) Algorithm to be used for key creation. Possible options are SHA1, SHA256, SHA384, and SHA512.

   • salt: (Optional) User provided byte array used in the key creation.

   • info: User provided byte array used in the key creation. Optional.

   • size: Size of the key to be created. Key size can be 128, 192, and 256.

   • session: Object of NAESession.

3. Obtain an instance of KeyGenerator. Pass the key algorithm as an argument.

4. Call the generateKey method of the KeyGenerator class to create the key.

Code sample

The following code sample generates an AES key named keyName from AES key named ikmKeyName:

NAESession session = NAESession.getSession("user1", "password".toCharArray());
HKDFParameterSpec spec = new HKDFParameterSpec("keyName", 192, "ikmKeyName",session);
KeyGenerator gen= KeyGenerator.getInstance("AES", "IngrianProvider");
gen.init(spec);
gen.generateKey();