HkdfParams
{{ APIRef("Web Crypto API") }}
The HkdfParams dictionary of the Web Crypto API represents the object that should be passed as the algorithm parameter into {{domxref("SubtleCrypto.deriveKey()")}} , when using the HKDF algorithm.
Instance properties
-
name- : A string. This should be set to
HKDF.
- : A string. This should be set to
-
hash-
: A string or an object containing a single property called
namewith a string value. It is an identifier for the digest algorithm to use. This should be one of the following:SHA-256: selects the SHA-256 algorithm.SHA-384: selects the SHA-384 algorithm.SHA-512: selects the SHA-512 algorithm.
Warning:
SHA-1is also supported here but the SHA-1 algorithm is considered vulnerable and should no longer be used.
-
-
salt- : An
{{jsxref("ArrayBuffer")}}, a{{jsxref("TypedArray")}}, or a{{jsxref("DataView")}}. The HKDF specification states that adding salt “adds significantly to the strength of HKDF”. Ideally, the salt is a random or pseudo-random value with the same length as the output of the digest function. Unlike the input key material passed intoderiveKey(), salt does not need to be kept secret.
- : An
-
info- : An
{{jsxref("ArrayBuffer")}}, a{{jsxref("TypedArray")}}, or a{{jsxref("DataView")}}representing application-specific contextual information. This is used to bind the derived key to an application or context, and enables you to derive different keys for different contexts while using the same input key material. It’s important that this should be independent of the input key material itself. This property is required but may be an empty buffer.
- : An
Examples
See the examples for {{domxref("SubtleCrypto.deriveKey()")}} .
Specifications
{{Specifications}}
Browser compatibility
Browsers that support the “HKDF” algorithm for the {{domxref("SubtleCrypto.deriveKey()")}} method will support this type.
See also
{{domxref("SubtleCrypto.deriveKey()")}}.