@panva/hkdf
Advanced tools
HKDF with no dependencies using runtime's native crypto
HKDF is a simple key derivation function defined in RFC 5869.
â–¸ hkdf(digest, ikm, salt, info, keylen): Promise<Uint8Array>
The given ikm, salt and info are used with the digest to derive a key of keylen bytes.
| Name | Type | Description |
|---|---|---|
digest | "sha256" | "sha384" | "sha512" | "sha1" | The digest algorithm to use. |
ikm | Uint8Array | string | The input keying material. It must be at least one byte in length. |
salt | Uint8Array | string | The salt value. Must be provided but can be zero-length. |
info | Uint8Array | string | Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes. |
keylen | number | The length in bytes of the key to generate. Must be greater than 0 and no more than 255 times the digest size. |
Promise<Uint8Array>
example ESM import
import hkdf from '@panva/hkdf'
example CJS import
const { hkdf } = require('@panva/hkdf')
example Deno import
import hkdf from 'https://deno.land/x/hkdf/index.ts'
example Usage
const derivedKey = await hkdf(
'sha256',
'key',
'salt',
'info',
64
)
The supported JavaScript runtimes include ones that
futoin-hkdf is another implementation of the HKDF algorithm in Node.js. It provides similar functionality to @panva/hkdf, allowing for key derivation using the HKDF algorithm. The main difference is in the API design and additional features like support for different hash algorithms.
The built-in 'crypto' module in Node.js also provides an implementation of HKDF starting from Node.js v15.0.0. It offers a more integrated approach since it is part of the standard library, but it may not be available in older Node.js versions.
FAQs
HKDF with no dependencies using runtime's native crypto
We found that @panva/hkdf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket researchers identified a malicious Chrome extension that manipulates Raydium swaps to inject an undisclosed SOL transfer, quietly routing fees to an attacker wallet.
Research
/Security News
Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.
Product
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.