crypto.hkdf(digest, ikm, salt, info, keylen, callback)
digest
<string> 要使用的摘要算法。ikm
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <KeyObject> 输入键材料。 必须提供,但可以是零长度。salt
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> 盐值。 必须提供,但可以是零长度。info
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> 附加信息值。 必须提供但可以是零长度,并且不能超过 1024 字节。keylen
<number> 要生成的密钥的长度。 必须大于 0。 最大允许值是所选摘要函数生成的字节数的255
倍(例如,sha512
生成 64 字节哈希,使最大 HKDF 输出为 16320 字节)。callback
<Function>err
<Error>derivedKey
<ArrayBuffer>
HKDF 是 RFC 5869 中定义的简单密钥派生函数。
给定的 ikm
、salt
和 info
与 digest
一起使用以导出 keylen
字节的密钥。
提供的 callback
函数使用两个参数调用:err
和 derivedKey
。
如果在派生密钥时发生错误,则将设置 err
;否则 err
将是 null
。
成功生成的 derivedKey
将作为 <ArrayBuffer> 传给回调。
如果任何输入参数指定了无效的值或类型,则会抛出错误。
import { Buffer } from 'node:buffer';
const {
hkdf
} = await import('node:crypto');
hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => {
if (err) throw err;
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
});
const {
hkdf,
} = require('node:crypto');
const { Buffer } = require('node:buffer');
hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => {
if (err) throw err;
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
});
digest
<string> The digest algorithm to use.ikm
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <KeyObject> The input keying material. Must be provided but can be zero-length.salt
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> The salt value. Must be provided but can be zero-length.info
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.keylen
<number> The length of the key to generate. Must be greater than 0. The maximum allowable value is255
times the number of bytes produced by the selected digest function (e.g.sha512
generates 64-byte hashes, making the maximum HKDF output 16320 bytes).callback
<Function>err
<Error>derivedKey
<ArrayBuffer>
HKDF is a simple key derivation function defined in RFC 5869. The given ikm
,
salt
and info
are used with the digest
to derive a key of keylen
bytes.
The supplied callback
function is called with two arguments: err
and
derivedKey
. If an errors occurs while deriving the key, err
will be set;
otherwise err
will be null
. The successfully generated derivedKey
will
be passed to the callback as an <ArrayBuffer>. An error will be thrown if any
of the input arguments specify invalid values or types.
import { Buffer } from 'node:buffer';
const {
hkdf
} = await import('node:crypto');
hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => {
if (err) throw err;
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
});
const {
hkdf,
} = require('node:crypto');
const { Buffer } = require('node:buffer');
hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => {
if (err) throw err;
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
});