Derive an encryption key to secure communication between devices using the Terminal API.
Two parties who wish to derive a key must:
- Share a variable length secret to derive the key material.
- Derive the key using PBKDF2_HMAC_SHA1
Include the following parameters:
Parameter Value salt AdyenNexoV1Salt salt length
If the program saves the resulting derived key, this computation is performed once for each shared secret.
The derived key material consists of 80 bytes: a 32 byte cipher key, a 32 byte HMAC key and a 16 byte initialization vector (IV). The IV is XORed with a random nonce that is generated per message on encryption.
A derived key is identified by both its
KeyIdentifierand its version.
Example C code using OpenSSL to derive the key material: