hkdf | Rubygem for HMAC-based Key Derivation Function | Cryptography library

@jakub's solution ended up solving the problem for me. I uninstalled the version of rust that was installed through pacman. To replace it, I installed rustup and then using rustup, installed the latest nightly version of rust (1.60). Once I did that, installing the cryptography package worked just fine.

If you are using rustup, just make sure that you add ~/.cargo/bin to your PATH before installation. Also, the command I used to install rust through rustup was rustup toolchain install nightly.

in your .env file creates an environment variable:

Try to upgrade pip: python -m pip install --upgrade pip

With help of @Topaco i ended up making this function:

what i did:

The referenced Python code uses P-384 (aka secp384r1) as elliptic curve. This is compatible with the WebCrypto API, which supports three curves P-256 (aka secp256r1), P-384 and P-521 (aka secp521r1), see EcKeyImportParams.

The following WebCrypto code generates a shared secret using ECDH and derives an AES key from the shared secret using HKDF. In detail the following happens:

• To allow comparison of the derived key with that of the referenced Python code, predefined EC keys are applied. The private key is imported as PKCS#8, the public key as X.509/SPKI. Note that due to a Firefox bug concerning the import of EC keys, the script below cannot be run in the Firefox browser.
• After the import the shared secret is created with ECDH using deriveBits() (and not deriveKey()).
• The shared secret is imported with importKey() and then the AES key is derived using HKDF, again with deriveBits().

HKDF is defined in RFC5869. It is intended to generate keys from some cryptographically secure "keying material" (IKM). It is not intended for stretching a human-generated password. As discussed in section 4 Applications of HKDF:

On the other hand, it is anticipated that some applications will not be able to use HKDF "as-is" due to specific operational requirements, or will be able to use it but without the full benefits of the scheme. One significant example is the derivation of cryptographic keys from a source of low entropy, such as a user's password. The extract step in HKDF can concentrate existing entropy but cannot amplify entropy. In the case of password-based KDFs, a main goal is to slow down dictionary attacks using two ingredients: a salt value, and the intentional slowing of the key derivation computation. HKDF naturally accommodates the use of salt; however, a slowing down mechanism is not part of this specification. Applications interested in a password-based KDF should consider whether, for example, [PKCS5] meets their needs better than HKDF.

I don't believe that CryptoKit offers a PBKDF of any kind (PBKDF2, scrypt, bcrypt, argon2). It's a very limited framework (I have yet to find a situation where it was useful). You will likely need to continue to use CommonCrypto for this, or implement it yourself (or use something like CryptoSwift, which I believe implements several).

The issue is that your pip version is too old to install one of this project's subdependencies, cryptography, which is using newer features.

Upgrading pip with the following will make it possible to install this package:

Actually, the whole encoding and decoding is correct. The one thing in the end, that was the problem was that I (by mistake) reversed the array I read one too many times.

Reversing arrays since certain keys are encoded in little endian, while in order to represent it as a BigInteger in JVM, you have to reverse the little endian so it becomes big endian.

Hopefully this helps everyone in the future who will get stuck on any similar problems.

If there will be any questions, simply comment here or send me a message here. I'll do my best to help you out.