Return a DerivedKeyMaterial type which is suitable for further key derivation
Derive a symmetric key of the requested length from the VetKey
As an alternative to this function consider using asDerivedKeyMaterial, which uses the WebCrypto API and prevents export of the underlying key.
The domainSep
parameter should be a string unique to your application and
also your usage of the resulting key. For example say your application
"my-app" is deriving two keys, one for usage "foo" and the other for
"bar". You might use as domain separators "my-app-foo" and "my-app-bar".
Return the VetKey bytes, aka the BLS signature
Use the raw bytes only if your design makes use of the fact that VetKeys are BLS signatures (eg for random beacon or threshold BLS signature generation). If you are using VetKD for key distribution, instead use deriveSymmetricKey or asHkdfCryptoKey
Static
deserializeDeserialize a VetKey from the 48 byte encoding of the BLS signature
This deserializes the same value as returned by signatureBytes
A VetKey (verifiably encrypted threshold key)
This is the end product of executing the VetKD protocol.
Internally a VetKey is a valid BLS signature for the bytestring
input
which provided when calling thevetkd_derive_encrypted_key
management canister interface.For certain usages, such as a beacon, the VetKey is actually used directly. However the more common usage of VetKD protocol is for distribution of encryption keys (eg AES keys to encrypt content).