Module Contents¶
Functions¶
|
Compute argon2id based secret from user email and password only. This uses Argon2id |
|
Expand |
|
|
- autobahn.xbr._wallet.stretch_argon2_secret(email: str, password: str, salt: Optional[bytes] = None) bytes [source]¶
Compute argon2id based secret from user email and password only. This uses Argon2id for stretching a potentially weak user password/PIN and subsequent HKDF based key extending to derive private key material (PKM) for different usage contexts.
The Argon2 parameters used are the following:
kdf
argon2id-13
time cost
4096
memory cost
512
parallelism
1
See draft-irtf-cfrg-argon2 and argon2-cffi.
- Parameters
email – User email.
password – User password.
salt – Optional salt to use (must be 16 bytes long). If none is given, compute salt from email as
salt = SHA256(email)[:16]
.
- Returns
The computed private key material (256b, 32 octets).
- autobahn.xbr._wallet.expand_argon2_secret(pkm: bytes, context: bytes, salt: Optional[bytes] = None) bytes [source]¶
Expand
pkm
andcontext
into a key of lengthbytes
using HKDF’s expand function based on HMAC SHA-512). See the HKDF draft RFC and paper for usage notes.- Parameters
pkm –
context –
salt –
- Returns