static byte[] DeriveKey(IDictionary <string, object> header, int cekSizeBits, ECPublicKeyParameters externalPublicKey,
                                ECPrivateKeyParameters ephemeralPrvKey)
        {
            var z = EcdhKeyAgreementZ(externalPublicKey, ephemeralPrvKey);

            var kdfGen = new ConcatenationKdfGenerator(new Sha256Digest());

            byte[] algId = Encoding.ASCII.GetBytes(header["enc"].ToString());
            byte[] apu   = header.ContainsKey("apu") ? Base64Url.Decode((string)header["apu"]) : Arrays.Empty;
            byte[] apv   = header.ContainsKey("apv") ? Base64Url.Decode((string)header["apv"]) : Arrays.Empty;
            byte[] kdl   = CalcBeLengthArray(cekSizeBits);

            var otherInfo = Arrays.Concat(PrependLength(algId), PrependLength(apu), PrependLength(apv), kdl);

            //Console.Out.WriteLine($"otherInfo={VAU.ByteArrayToHexString(otherInfo)}");

            kdfGen.Init(new KdfParameters(z, otherInfo));
            byte[] secretKeyBytes = new byte[32];
            kdfGen.GenerateBytes(secretKeyBytes, 0, secretKeyBytes.Length);
            return(secretKeyBytes);
        }
 static byte[] PrependLength(byte[] data)
 {
     return(Arrays.Concat(CalcBeLengthArray(data.Length), data));
 }