3.3.5.1.1.1 Derive Key

The client has already received an account configuration code, either via AutoActivation messages or through an out-of-band means (e-mail, for example).

The client MUST derive a 160-bit symmetric key by calculating a SHA1 hash (as defined in [RFC3174]) on the account configuration code (for computing SHA1 hash, the account configuration string is treated as a Unicode string.  The SHA1 hash is computed by interpreting the string as bytes, in little-endian order, not including the terminating NULL character). This key is used for securing requests and opening secured responses.