Hashes the exact kr-answer string as received — never parse + re-serialize
first (the conformance suite proves this breaks). Several keys may be active
at once per family (rotation) — any match wins. Unknown kr-hash-key
families (the legacy "sd" included) and non-sha256_hmac algorithms fail
verification rather than guessing.
Hashes the exact kr-answer string as received — never parse + re-serialize first (the conformance suite proves this breaks). Several keys may be active at once per family (rotation) — any match wins. Unknown
kr-hash-keyfamilies (the legacy "sd" included) and non-sha256_hmac algorithms fail verification rather than guessing.