PrfKeyDeriver

Derives an AES-256-GCM encryption key from PRF output using HKDF-SHA256.

The PRF output is 32 bytes of high-entropy keying material from the authenticator hardware. HKDF stretches it into a purpose-bound key.

Privacy: the PRF output never leaves the device. It's computed inside the authenticator and immediately fed into HKDF. The derived key is used for encryption and then wiped from memory.

Reference: RFC 5869 (HMAC-based Extract-and-Expand Key Derivation Function)