HKDF with no dependencies using runtime's native crypto
HKDF is a simple key derivation function defined in RFC 5869.
▸ hkdf(digest, ikm, salt, info, keylen): Promise<Uint8Array>
The given ikm, salt and info are used with the digest to derive a key of keylen bytes.
| Name | Type | Description |
|---|---|---|
digest |
"sha256" | "sha384" | "sha512" | "sha1" |
The digest algorithm to use. |
ikm |
Uint8Array | string |
The input keying material. It must be at least one byte in length. |
salt |
Uint8Array | string |
The salt value. Must be provided but can be zero-length. |
info |
Uint8Array | string |
Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes. |
keylen |
number |
The length in bytes of the key to generate. Must be greater than 0 and no more than 255 times the digest size. |
Promise<Uint8Array>
// ESM
import hkdf from '@panva/hkdf'// CJS
const { hkdf } = require('@panva/hkdf')// Deno
import hkdf from 'https://deno.land/x/hkdf/index.ts'const derivedKey = await hkdf(
'sha256',
'key',
'salt',
'info',
64
)- Browsers
- Cloudflare Workers
- Deno
- Electron
- Node.js