| File::KDBX::KDF(3pm) | User Contributed Perl Documentation | File::KDBX::KDF(3pm) |
File::KDBX::KDF - A key derivation function
version 0.906
A KDF (key derivation function) is used in the transformation of a master key (i.e. one or more component keys) to produce the final encryption key protecting a KDBX database. The File::KDBX distribution comes with several pre-registered KDFs ready to go:
NOTE: If you want your KDBX file to be readable by other KeePass implementations, you must use a UUID and algorithm that they support. From the list above, all are well-supported except the AES challenge-response variant which is kind of a pseudo KDF and isn't usually written into files. All of these are good. AES has a longer track record, but Argon2 has better ASIC resistance.
You can also "register" your own KDF. Here is a skeleton:
package File::KDBX::KDF::MyKDF;
use parent 'File::KDBX::KDF';
File::KDBX::KDF->register(
# $uuid, $package, %args
"\x12\x34\x56\x78\x9a\xbc\xde\xfg\x12\x34\x56\x78\x9a\xbc\xde\xfg" => __PACKAGE__,
);
sub init { ... } # optional
sub _transform { my ($key) = @_; ... }
$uuid => $kdf->uuid;
Get the UUID used to determine which function to use.
$seed = $kdf->seed;
Get the seed (or salt, depending on the function).
$kdf = File::KDBX::KDF->new(parameters => \%params);
Construct a new KDF.
$kdf = $kdf->init(%attributes);
Called by "new" to set attributes. You normally shouldn't call this. Returns itself to allow method chaining.
$transformed_key = $kdf->transform($key);
$transformed_key = $kdf->transform($key, $challenge);
Transform a key. The input key can be either a File::KDBX::Key or a raw binary key, and the transformed key will be a raw key.
This can take awhile, depending on the KDF parameters.
If a challenge is provided (and the KDF is AES except for the KeePassXC variant), it will be passed to the key so challenge-response keys can produce raw keys. See "raw_key" in File::KDBX::Key.
$kdf->randomize_seed;
Generate and set a new random seed/salt.
File::KDBX::KDF->register($uuid => $package, %args);
Register a KDF. Registered KDFs can be used to encrypt and decrypt KDBX databases. A KDF's UUID must be unique and musn't change. A KDF UUID is written into each KDBX file and the associated KDF must be registered with the same UUID in order to decrypt the KDBX file.
$package should be a Perl package relative to "File::KDBX::KDF::" or prefixed with a "+" if it is a fully-qualified package. %args are passed as-is to the KDF's "init" method.
File::KDBX::KDF->unregister($uuid);
Unregister a KDF. Unregistered KDFs can no longer be used to encrypt and decrypt KDBX databases, until reregistered (see "register").
Please report any bugs or feature requests on the bugtracker website <https://github.com/chazmcgarvey/File-KDBX/issues>
When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.
Charles McGarvey <ccm@cpan.org>
This software is copyright (c) 2022 by Charles McGarvey.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
| 2022-11-20 | perl v5.36.0 |