identity/com.midnight.kuira.core.identity.backup/SeedDerivedKeyDeriver

SeedDerivedKeyDeriver

object SeedDerivedKeyDeriver

Derives the AES-256 key for the dust cloud backup from the wallet's dust seed via HKDF-SHA256.

Unlike PrfKeyDeriver (which keys the passkey/seed backup from a PRF output so it works without the seed), the dust backup is only ever read on a device that has already restored the seed — so we can derive the key straight from the in-hand dustSeed with no extra biometric/PRF ceremony.

Domain-separated from the wallet's dust spending use of the same seed (and from SEED_SALT / SIGIL_SALT / BACKUP_SALT) by a dedicated HKDF salt.

Reference: RFC 5869.

Functions

Link copied to clipboard
fun deriveDustBackupKey(ikm: ByteArray): ByteArray

Derives a 32-byte AES-256 key from dust-seed keying material.