1

There are 1 answers

6
Maarten Bodewes On BEST ANSWER

Just generating a secret value is generally not enough to generate a key using key agreement. Although the secret should contain enough entropy for a symmetric key, it is unlikely to be uniformly distributed. Hence a key agreement should - at least in theory - contain a key based key derivation function. Now these key derivation functions have optional parameters to derive specific keys. The methods you pointed to may be used to supply these additional parameters.

Normally, for new protocols, it is probably best to not use these properties. If you require multiple keys, perform an additional key based key derivation function on the output (or use SHA-512, and extract two keys). Other implementations may not supply these parameters at all. It's probably best to only use these properties if an existing protocol requires them.