HKDF: Difference between salt and info

Question

I want to do generate individual AES keys for a number of smart cards, based on a random master key (key diversification) and the serial number of the card.

According to the answers to this question HKDF is the/one way to go.

HKDF has three inputs, ikm, salt and info. Feeding in the serial number as part of ikm seems to be incorrect usage (and maybe dangerous because it makes the IKM less random?). That leaves salt and info, which one should I use?

score 3 · Answer 1 · edited Oct 07 '21 at 07:59

3

If all you're using HKDF for is deriving subkeys from a uniformly random master key, you don't really need the Extract part of HKDF. So you can simply use your master key directly as the IKM input to HKDF-Expand, and the serial number (plus possibly other identifying information, if you e.g. may need to derive multiple keys per card) as the info input.

edited Oct 07 '21 at 07:59

Community

1

answered Mar 06 '19 at 20:42

Ilmari Karonen

46,700
5
112
189

HKDF: Difference between salt and info

1 Answers1