A modern programming language that makes developers happier.

kotlinlang

In "Sign and encrypt session data" (<https://ktor.io/docs/sessions.html#sign_encrypt_session>) the example code uses hex strings, can these be of any random hex sequence (assuming they're the same every time), or is there some importance to their values?

<https://api.ktor.io/ktor-server/ktor-server-plugins/ktor-server-sessions/io.ktor.server.sessions/-session-transport-transformer-encrypt/-session-transport-transformer-encrypt.html?query=fun%20SessionTransportTransformerEncrypt(encryptionKey:%20ByteArray,%20signKey:%20ByteArray,%20ivGenerator:%20(size:%20Int)%20-%3E%20ByteArray%20=%20{%20size%20-%3E%20ByteArray(size).apply%20{%20SecureRandom().nextBytes(this)%20}%20},%20encryptAlgorithm:%20String%20=%20%22AES%22,%20signAlgorithm:%20String%20=%20%22HmacSHA256%22)|fun SessionTransportTransformerEncrypt(encryptionKey: ByteArray, signKey: ByteArray, ivGenerator: (size: Int) -> ByteArray = { size -&gt; ByteArray(size).apply { SecureRandom().nextBytes(this) } }, encryptAlgorithm: String = "AES", signAlgorithm: String = "HmacSHA256")&gt;

for AES, the encryption key should be 128, 192, or 256 bits long
for a SHA-256 HMAC, the signing key size doesn't exactly matter since it'll be hashed, but I would expect 256 bits

oh the <https://api.ktor.io/ktor-server/ktor-server-plugins/ktor-server-sessions/io.ktor.server.sessions/-session-transport-transformer-encrypt/index.html|class SessionTransportTransformerEncrypt> documentation says the same, in terms of bytes though:
&gt; You have to provide keys of compatible sizes: 16, 24 and 32 for AES encryption. For HmacSHA256 it is recommended a key of 32 bytes.

aside from the size requirements, any fixed random sequence can be a key