autobahn.xbr._wallet

Module Contents

Functions

stretch_argon2_secret(→ bytes)

Compute argon2id based secret from user email and password only. This uses Argon2id

expand_argon2_secret(→ bytes)

Expand pkm and context into a key of length bytes using

pkm_from_argon2_secret(→ bytes)

param email
autobahn.xbr._wallet.stretch_argon2_secret(email: str, password: str, salt: Optional[bytes] = None) bytes[source]

Compute argon2id based secret from user email and password only. This uses Argon2id for stretching a potentially weak user password/PIN and subsequent HKDF based key extending to derive private key material (PKM) for different usage contexts.

The Argon2 parameters used are the following:

  • kdf argon2id-13

  • time cost 4096

  • memory cost 512

  • parallelism 1

See draft-irtf-cfrg-argon2 and argon2-cffi.

Parameters

  • email – User email.

  • password – User password.

  • salt – Optional salt to use (must be 16 bytes long). If none is given, compute salt from email as salt = SHA256(email)[:16].

Returns

The computed private key material (256b, 32 octets).

autobahn.xbr._wallet.expand_argon2_secret(pkm: bytes, context: bytes, salt: Optional[bytes] = None) bytes[source]

Expand pkm and context into a key of length bytes using HKDF’s expand function based on HMAC SHA-512). See the HKDF draft RFC and paper for usage notes.

Parameters

  • pkm

  • context

  • salt

Returns

autobahn.xbr._wallet.pkm_from_argon2_secret(email: str, password: str, context: str, salt: Optional[bytes] = None) bytes[source]
Parameters

  • email

  • password

  • context

  • salt

Returns