js-crypto-hkdf
Advanced tools
Universal Module for HKDF (Hash-based Key Derivation Function) in JavaScript
WARNING: At this time this solution should be considered suitable for research and experimentation, further code and security review is needed before utilization in a production application.
This library is designed to 'universally' provide an HKDF (Hash-based Key Derivation Function), i.e., it works both on most modern browsers and on Node.js just by importing from NPM/source code. The original specification is given in RFC5869 (https://tools.ietf.org/html/rfc5869). Note that in the design principle, the library fully utilizes native APIs like WebCrypto API to accelerate its operation if available.
At your project directory, do either one of the following.
$ npm install --save js-crypto-hkdf // npm
$ yarn add js-crypto-hkdf // yarn
$ git clone https://github.com/junkurihara/jscu.git
$ cd js-crypto-utils/packages/js-crypto-hkdf
& yarn build
Then you should import the package as follows.
import hkdf from 'js-crypto-hkdf'; // for npm
import hkdf from 'path/to/js-crypto-hkdf/dist/index.js'; // for github
The bundled file is also given as js-crypto-hkdf/dist/jschkdf.bundle.js for a use case where the module is imported as a window.jschkdf object via script tags.
const masterSecret = ...; // Uint8Array of arbitrary length
const hash = 'SHA-256';
const length = 32; // derived key length
const info = ''; // information specified in rfc5869
hkdf.compute(masterSecret, hash, length, info).then( (derivedKey) => {
// now you get a automatically-generated salt and a key derived from the masterSecret.
});
const masterSecret = ...; // Uint8Array of arbitrary length
const hash = 'SHA-256';
const length = 32; // derived key length
const info = ''; // information specified in rfc5869
const salt = ...; // Uint8Array of arbitrary length
hkdf.compute(masterSecret, hash, length, info, salt).then( (derivedKey) => {
// now you get a key derived from the masterSecret
});
Licensed under the MIT license, see LICENSE file.
FAQs
Universal Module for HKDF (Hash-based Key Derivation Function) in JavaScript
The npm package js-crypto-hkdf receives a total of 25,978 weekly downloads. As such, js-crypto-hkdf popularity was classified as popular.
We found that js-crypto-hkdf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.