Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
@aws-crypto/hkdf-node
Advanced tools
@aws-crypto/hkdf-node is an npm package that provides an implementation of the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for Node.js. It is part of the AWS Crypto Tools suite and is designed to help developers securely derive cryptographic keys from a shared secret.
Key Derivation
This feature allows you to derive a cryptographic key from an initial keying material (IKM) using the HKDF algorithm. The code sample demonstrates how to use the HKDF class to derive a key with a specified length, using optional salt and info parameters.
const { HKDF } = require('@aws-crypto/hkdf-node');
const crypto = require('crypto');
const ikm = crypto.randomBytes(32); // Initial Keying Material
const salt = crypto.randomBytes(16); // Optional salt
const info = Buffer.from('example info'); // Optional context and application specific information
const length = 32; // Length of the derived key
const hkdf = new HKDF('sha256');
hkdf.deriveKey(ikm, salt, info, length).then(derivedKey => {
console.log('Derived Key:', derivedKey.toString('hex'));
}).catch(err => {
console.error('Error deriving key:', err);
});
futoin-hkdf is a lightweight npm package that provides an HKDF implementation for both Node.js and browser environments. It supports multiple hash algorithms and is easy to use. Compared to @aws-crypto/hkdf-node, futoin-hkdf offers a more general-purpose solution without the specific integration with AWS Crypto Tools.
node-hkdf is another npm package that implements the HKDF algorithm. It is designed to be simple and straightforward, focusing solely on key derivation. While it lacks the additional features and integrations of @aws-crypto/hkdf-node, it is a good choice for developers looking for a minimalistic HKDF implementation.
This module exports a HMAC-based Key Derivation Function (HKDF) for Node.js. HKDF is very simple to implement, but this module has been reviewed and has extensive test vectors.
This module is used in the the AWS Encryption SDK for JavaScript to provide HKDF key derivation for specific algorithm suites.
Specification: https://tools.ietf.org/html/rfc5869
npm install @aws-crypto/hkdf-node
const HKDF = require('@aws-crypto/hkdf-node')
const expand = HKDF('sha256')('some key', 'some salt')
const info = {some: 'info', message_id: 123}
const key = expand(32, Buffer.from(JSON.stringify(info)))
npm test
This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.
FAQs
nodejs hkdf crypto primitive
The npm package @aws-crypto/hkdf-node receives a total of 197,902 weekly downloads. As such, @aws-crypto/hkdf-node popularity was classified as popular.
We found that @aws-crypto/hkdf-node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.