From 4e40314c679dbe47fed1d4364bf991f0c3544c0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodolphe=20Br=C3=A9ard?= <v.code.ngyvz7vf@what.tf>
Date: Sat, 2 Mar 2024 14:55:57 +0100
Subject: [PATCH] Reduce the default IKM duration to 10 years and document it

---
 src/lib.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/lib.rs b/src/lib.rs
index 3c7579b..278b9ba 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -23,8 +23,14 @@ pub use kdf::KeyContext;
 #[cfg(any(feature = "encryption", feature = "ikm-management"))]
 pub use scheme::Scheme;
 
+/// Default amount of time during which the input key material will be considered valid once it has been generated.
+/// This value is expressed in seconds.
+///
+/// Considering that a day is composed of 86400 seconds (60×60×24) and a year is 365.24219 days (approximate value of the [mean tropical year][tropical_year]), this value is equivalent to 10 years.
+///
+/// [tropical_year]: https://en.wikipedia.org/wiki/Tropical_year
 #[cfg(feature = "ikm-management")]
-const DEFAULT_IKM_DURATION: u64 = 60 * 60 * 24 * 7305; // In seconds, set to 7305 days (aprox. 20 years)
+pub const DEFAULT_IKM_DURATION: u64 = 315_569_252;
 #[cfg(feature = "ikm-management")]
 const DEFAULT_SCHEME: Scheme = Scheme::XChaCha20Poly1305WithBlake3;