crypto.pbkdf2Sync(password, salt, iterations, keylen, digest)

版本历史
版本变更
v14.0.0

参数 iterations 现在限制为正值。早期版本将其他值视为一。

v6.0.0

现在不推荐在不传入 digest 参数的情况下调用此函数,并将触发警告。

v6.0.0

password 的默认编码,如果它是从 binary 更改为 utf8 的字符串。

v0.9.3

新增于: v0.9.3

提供同步的基于密码的密钥派生函数 2 (PBKDF2) 实现。应用由 digest 指定的选定 HMAC 摘要算法以从 passwordsaltiterations 导出请求字节长度 (keylen) 的密钥。

¥Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by digest is applied to derive a key of the requested byte length (keylen) from the password, salt and iterations.

如果发生错误,将抛出 Error,否则派生密钥将作为 Buffer 返回。

¥If an error occurs an Error will be thrown, otherwise the derived key will be returned as a Buffer.

iterations 参数必须是尽可能高的数字。迭代次数越多,派生密钥就越安全,但需要更长的时间才能完成。

¥The iterations argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete.

salt 应该尽可能唯一。建议盐是随机的,长度至少为 16 字节。详见 NIST SP 800-132

¥The salt should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See NIST SP 800-132 for details.

passwordsalt 传递字符串时,请考虑 使用字符串作为加密 API 的输入时的注意事项

¥When passing strings for password or salt, please consider caveats when using strings as inputs to cryptographic APIs.

const {
  pbkdf2Sync,
} = await import('node:crypto');

const key = pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
console.log(key.toString('hex'));  // '3745e48...08d59ae'const {
  pbkdf2Sync,
} = require('node:crypto');

const key = pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
console.log(key.toString('hex'));  // '3745e48...08d59ae'

可以使用 crypto.getHashes() 检索支持的摘要函数数组。

¥An array of supported digest functions can be retrieved using crypto.getHashes().