this.signKey = deriveKey(mk, C2S_SIGN_CONSTANT);
        this.verifyKey = deriveKey(mk, S2C_SIGN_CONSTANT);

        if (log.isDebugEnabled()) {
            log.debug("Sign key is " + Hexdump.toHexString(this.signKey));
            log.debug("Verify key is " + Hexdump.toHexString(this.verifyKey));
        }

        this.sealClientKey = deriveKey(mk, C2S_SEAL_CONSTANT);

        byte[] baseKey = new byte[16];
        new SecureRandom().nextBytes(baseKey);

        byte[] derived1 = keyManager.deriveKey(baseKey, "label1", null, 32);
        byte[] derived2 = keyManager.deriveKey(baseKey, "label2", null, 32);
        byte[] derived3 = keyManager.deriveKey(baseKey, "label1", new byte[] { 1, 2, 3 }, 32);

        assertEquals(32, derived1.length, "Derived key should have correct length");

        }

        // Generate salt for key derivation
        this.salt = new byte[SALT_SIZE];
        secureRandom.nextBytes(this.salt);

        // Derive master key from password
        this.masterKey = deriveKey(masterPassword, salt);

        // Clear the master password after use
        Arrays.fill(masterPassword, '\0');
    }

    /**
     * Initialize secure credential storage with existing salt and password
     *

     * @param context key derivation context
     * @param length desired key length in bytes
     * @return derived key
     * @throws GeneralSecurityException if key derivation fails
     */
    public byte[] deriveKey(byte[] baseKey, String label, byte[] context, int length) throws GeneralSecurityException {
        checkNotClosed();

        // Simple KDF implementation (should be replaced with proper KDF like HKDF)

a stand-alone KDF. type CounterKDF struct { mac CMAC } // NewCounterKDF creates a new CounterKDF with the given key. func NewCounterKDF(b *aes.Block) *CounterKDF { return &CounterKDF{mac: *NewCMAC(b)} } // DeriveKey derives a key from the given label and context. func (kdf *CounterKDF) DeriveKey(label byte, context [12]byte) [32]byte { fips140.RecordApproved() var output [32]byte var input [aes.BlockSize]byte input[2] = label copy(input[4:], context[:]) input[1] = 0x01 // i = 1 K1 := kdf.mac.MAC(input[:])...

a stand-alone KDF. type CounterKDF struct { mac CMAC } // NewCounterKDF creates a new CounterKDF with the given key. func NewCounterKDF(b *aes.Block) *CounterKDF { return &CounterKDF{mac: *NewCMAC(b)} } // DeriveKey derives a key from the given label and context. func (kdf *CounterKDF) DeriveKey(label byte, context [12]byte) [32]byte { fips140.RecordApproved() var output [32]byte var input [aes.BlockSize]byte input[2] = label copy(input[4:], context[:]) input[1] = 0x01 // i = 1 K1 := kdf.mac.MAC(input[:])...