crypto.hkdfSync(digest, ikm, salt, info, keylen)
digest
<string> 要使用的摘要算法。ikm
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <KeyObject> 输入键材料。 必须提供,但可以是零长度。salt
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> 盐值。 必须提供,但可以是零长度。info
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> 附加信息值。 必须提供但可以是零长度,并且不能超过 1024 字节。keylen
<number> 要生成的密钥的长度。 必须大于 0。 最大允许值是所选摘要函数生成的字节数的255
倍(例如,sha512
生成 64 字节哈希,使最大 HKDF 输出为 16320 字节)。- 返回: <ArrayBuffer>
提供 RFC 5869 中定义的同步 HKDF 密钥派生函数。
给定的 ikm
、salt
和 info
与 digest
一起使用以导出 keylen
字节的密钥。
成功生成的 derivedKey
将作为 <ArrayBuffer> 返回。
如果任何输入参数指定无效值或类型,或者无法生成派生密钥,则会抛出错误。
import { Buffer } from 'node:buffer';
const {
hkdfSync,
} = await import('node:crypto');
const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
const {
hkdfSync,
} = require('node:crypto');
const { Buffer } = require('node:buffer');
const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
digest
<string> The digest algorithm to use.ikm
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <KeyObject> The input keying material. Must be provided but can be zero-length.salt
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> The salt value. Must be provided but can be zero-length.info
<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.keylen
<number> The length of the key to generate. Must be greater than 0. The maximum allowable value is255
times the number of bytes produced by the selected digest function (e.g.sha512
generates 64-byte hashes, making the maximum HKDF output 16320 bytes).- Returns: <ArrayBuffer>
Provides a synchronous HKDF key derivation function as defined in RFC 5869. The
given ikm
, salt
and info
are used with the digest
to derive a key of
keylen
bytes.
The successfully generated derivedKey
will be returned as an <ArrayBuffer>.
An error will be thrown if any of the input arguments specify invalid values or types, or if the derived key cannot be generated.
import { Buffer } from 'node:buffer';
const {
hkdfSync,
} = await import('node:crypto');
const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'
const {
hkdfSync,
} = require('node:crypto');
const { Buffer } = require('node:buffer');
const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'