@aws-crypto/hkdf-node
Advanced tools
This module exports a HMAC-based Key Derivation Function (HKDF) for Node.js. HKDF is very simple to implement, but this module has been reviewed and has extensive test vectors.
This module is used in the the AWS Encryption SDK for JavaScript to provide HKDF key derivation for specific algorithm suites.
Specification: https://tools.ietf.org/html/rfc5869
npm install @aws-crypto/hkdf-node
const HKDF = require('@aws-crypto/hkdf-node')
const expand = HKDF('sha256')('some key', 'some salt')
const info = {some: 'info', message_id: 123}
const key = expand(32, Buffer.from(JSON.stringify(info)))
npm test
This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.
futoin-hkdf is a lightweight npm package that provides an HKDF implementation for both Node.js and browser environments. It supports multiple hash algorithms and is easy to use. Compared to @aws-crypto/hkdf-node, futoin-hkdf offers a more general-purpose solution without the specific integration with AWS Crypto Tools.
node-hkdf is another npm package that implements the HKDF algorithm. It is designed to be simple and straightforward, focusing solely on key derivation. While it lacks the additional features and integrations of @aws-crypto/hkdf-node, it is a good choice for developers looking for a minimalistic HKDF implementation.
FAQs
nodejs hkdf crypto primitive
The npm package @aws-crypto/hkdf-node receives a total of 268,880 weekly downloads. As such, @aws-crypto/hkdf-node popularity was classified as popular.
We found that @aws-crypto/hkdf-node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
Security News
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.
Research
/Security News
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.