The shared secret. The codec derives two independent 32-byte sub-keys from
it via HKDF-SHA256 — one for AES-256-GCM, one for the bind/payload HMAC — so
the cipher key and the MAC key never share bytes regardless of how long this
secret is. MUST be >= 32 bytes when supplied.
The shared secret. The codec derives two independent 32-byte sub-keys from it via HKDF-SHA256 — one for AES-256-GCM, one for the bind/payload HMAC — so the cipher key and the MAC key never share bytes regardless of how long this secret is. MUST be >= 32 bytes when supplied.