Security News
JavaScript Leaders Demand Oracle Release the JavaScript Trademark
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
@aws-crypto/hkdf-node
Advanced tools
@aws-crypto/hkdf-node is an npm package that provides an implementation of the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for Node.js. It is part of the AWS Crypto Tools suite and is designed to help developers securely derive cryptographic keys from a shared secret.
Key Derivation
This feature allows you to derive a cryptographic key from an initial keying material (IKM) using the HKDF algorithm. The code sample demonstrates how to use the HKDF class to derive a key with a specified length, using optional salt and info parameters.
const { HKDF } = require('@aws-crypto/hkdf-node');
const crypto = require('crypto');
const ikm = crypto.randomBytes(32); // Initial Keying Material
const salt = crypto.randomBytes(16); // Optional salt
const info = Buffer.from('example info'); // Optional context and application specific information
const length = 32; // Length of the derived key
const hkdf = new HKDF('sha256');
hkdf.deriveKey(ikm, salt, info, length).then(derivedKey => {
console.log('Derived Key:', derivedKey.toString('hex'));
}).catch(err => {
console.error('Error deriving key:', err);
});
futoin-hkdf is a lightweight npm package that provides an HKDF implementation for both Node.js and browser environments. It supports multiple hash algorithms and is easy to use. Compared to @aws-crypto/hkdf-node, futoin-hkdf offers a more general-purpose solution without the specific integration with AWS Crypto Tools.
node-hkdf is another npm package that implements the HKDF algorithm. It is designed to be simple and straightforward, focusing solely on key derivation. While it lacks the additional features and integrations of @aws-crypto/hkdf-node, it is a good choice for developers looking for a minimalistic HKDF implementation.
This module exports a HMAC-based Key Derivation Function (HKDF) for Node.js. HKDF is very simple to implement, but this module has been reviewed and has extensive test vectors.
This module is used in the the AWS Encryption SDK for JavaScript to provide HKDF key derivation for specific algorithm suites.
Specification: https://tools.ietf.org/html/rfc5869
npm install @aws-crypto/hkdf-node
const HKDF = require('@aws-crypto/hkdf-node')
const expand = HKDF('sha256')('some key', 'some salt')
const info = {some: 'info', message_id: 123}
const key = expand(32, Buffer.from(JSON.stringify(info)))
npm test
This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.
FAQs
nodejs hkdf crypto primitive
The npm package @aws-crypto/hkdf-node receives a total of 197,902 weekly downloads. As such, @aws-crypto/hkdf-node popularity was classified as popular.
We found that @aws-crypto/hkdf-node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.