Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
@aws-crypto/hkdf-node
Advanced tools
@aws-crypto/hkdf-node is an npm package that provides an implementation of the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for Node.js. It is part of the AWS Crypto Tools suite and is designed to help developers securely derive cryptographic keys from a shared secret.
Key Derivation
This feature allows you to derive a cryptographic key from an initial keying material (IKM) using the HKDF algorithm. The code sample demonstrates how to use the HKDF class to derive a key with a specified length, using optional salt and info parameters.
const { HKDF } = require('@aws-crypto/hkdf-node');
const crypto = require('crypto');
const ikm = crypto.randomBytes(32); // Initial Keying Material
const salt = crypto.randomBytes(16); // Optional salt
const info = Buffer.from('example info'); // Optional context and application specific information
const length = 32; // Length of the derived key
const hkdf = new HKDF('sha256');
hkdf.deriveKey(ikm, salt, info, length).then(derivedKey => {
console.log('Derived Key:', derivedKey.toString('hex'));
}).catch(err => {
console.error('Error deriving key:', err);
});
futoin-hkdf is a lightweight npm package that provides an HKDF implementation for both Node.js and browser environments. It supports multiple hash algorithms and is easy to use. Compared to @aws-crypto/hkdf-node, futoin-hkdf offers a more general-purpose solution without the specific integration with AWS Crypto Tools.
node-hkdf is another npm package that implements the HKDF algorithm. It is designed to be simple and straightforward, focusing solely on key derivation. While it lacks the additional features and integrations of @aws-crypto/hkdf-node, it is a good choice for developers looking for a minimalistic HKDF implementation.
This module exports a HMAC-based Key Derivation Function (HKDF) for Node.js. HKDF is very simple to implement, but this module has been reviewed and has extensive test vectors.
This module is used in the the AWS Encryption SDK for JavaScript to provide HKDF key derivation for specific algorithm suites.
Specification: https://tools.ietf.org/html/rfc5869
npm install @aws-crypto/hkdf-node
const HKDF = require('@aws-crypto/hkdf-node')
const expand = HKDF('sha256')('some key', 'some salt')
const info = {some: 'info', message_id: 123}
const key = expand(32, Buffer.from(JSON.stringify(info)))
npm test
This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.
FAQs
nodejs hkdf crypto primitive
We found that @aws-crypto/hkdf-node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.