Generate Domain

Namespace: Infocyph\\Epicrypt\\Generate

Scope

• random bytes

• random strings

• nonces

• salts

• key material

• derived key material

• token material

Random Bytes and Strings

use Infocyph\Epicrypt\Generate\RandomBytesGenerator;

$random = new RandomBytesGenerator();
$bytes = $random->bytes(32);
$string = $random->string(40, prefix: 'ep_', postfix: '_v1');

Nonce and Salt

use Infocyph\Epicrypt\Generate\NonceGenerator;
use Infocyph\Epicrypt\Generate\SaltGenerator;

$nonce = (new NonceGenerator())->generate();
$salt = (new SaltGenerator())->generate();

Key and Token Material

use Infocyph\Epicrypt\Generate\KeyMaterial\KeyMaterialGenerator;
use Infocyph\Epicrypt\Generate\KeyMaterial\TokenMaterialGenerator;

$keyMaterial = (new KeyMaterialGenerator())->generate(32); // Base64URL by default
$tokenMaterial = (new TokenMaterialGenerator())->generate(48);

Purpose-Aware Key Material

use Infocyph\Epicrypt\Generate\KeyMaterial\Enum\KeyPurpose;
use Infocyph\Epicrypt\Generate\KeyMaterial\KeyMaterialGenerator;
use Infocyph\Epicrypt\Security\Policy\SecurityProfile;

$generator = new KeyMaterialGenerator();
$aeadKey = $generator->forPurpose(KeyPurpose::AEAD, SecurityProfile::MODERN);
$masterSecret = $generator->forMasterSecret();

Key Derivation

use Infocyph\Epicrypt\Generate\KeyMaterial\KeyDeriver;

$deriver = new KeyDeriver();
$hkdfKey = $deriver->hkdf($inputKeyMaterial, 32, [
    'info' => 'app:encryption',
    'salt' => $salt,
]);

$passwordKey = $deriver->deriveFromPassword('password', $salt, 32);
$subkey = $deriver->subkey($rootKey, 1, 32, ['context' => 'EPCKDF01']);