@panva/hkdf
Advanced tools
@panva/hkdf is a Node.js implementation of the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as described in RFC 5869. It is used to derive one or more keys from a single secret key, which is useful in cryptographic applications.
Key Derivation
This feature allows you to derive a key from initial key material (ikm), a salt, and optional context information (info). The derived key length and hash algorithm can be specified.
const { hkdf } = require('@panva/hkdf');
async function deriveKey() {
const ikm = Buffer.from('initial key material');
const salt = Buffer.from('salt');
const info = Buffer.from('info');
const length = 32; // length of the derived key in bytes
const hash = 'SHA-256';
const derivedKey = await hkdf(hash, ikm, salt, info, length);
console.log(derivedKey.toString('hex'));
}
deriveKey();futoin-hkdf is another implementation of the HKDF algorithm in Node.js. It provides similar functionality to @panva/hkdf, allowing for key derivation using the HKDF algorithm. The main difference is in the API design and additional features like support for different hash algorithms.
The built-in 'crypto' module in Node.js also provides an implementation of HKDF starting from Node.js v15.0.0. It offers a more integrated approach since it is part of the standard library, but it may not be available in older Node.js versions.
HKDF with no dependencies using runtime's native crypto
HKDF is a simple key derivation function defined in RFC 5869.
▸ hkdf(digest, ikm, salt, info, keylen): Promise<Uint8Array>
The given ikm, salt and info are used with the digest to derive a key of keylen bytes.
| Name | Type | Description |
|---|---|---|
digest | "sha256" | "sha384" | "sha512" | "sha1" | The digest algorithm to use. |
ikm | Uint8Array | string | The input keying material. It must be at least one byte in length. |
salt | Uint8Array | string | The salt value. Must be provided but can be zero-length. |
info | Uint8Array | string | Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes. |
keylen | number | The length in bytes of the key to generate. Must be greater than 0 and no more than 255 times the digest size. |
Promise<Uint8Array>
example ESM import
import hkdf from '@panva/hkdf'
example CJS import
const { hkdf } = require('@panva/hkdf')
example Deno import
import hkdf from 'https://deno.land/x/hkdf/index.ts'
example Usage
const derivedKey = await hkdf(
'sha256',
'key',
'salt',
'info',
64
)
The supported JavaScript runtimes include ones that
FAQs
HKDF with no dependencies using runtime's native crypto
We found that @panva/hkdf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.