crypto.hkdf(digest, ikm, salt, info, keylen, callback)

版本历史

版本	变更
v18.8.0	输入的密钥材料现在可以是零长度。
v18.0.0	将无效回调传给 `callback` 参数现在会抛出 `ERR_INVALID_ARG_TYPE` 而不是 `ERR_INVALID_CALLBACK`。
v15.0.0	新增于: v15.0.0

digest <string> 要使用的摘要算法。

¥digest <string> The digest algorithm to use.
ikm <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <KeyObject> 输入键材料。必须提供，但可以是零长度。

¥ikm <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <KeyObject> The input keying material. Must be provided but can be zero-length.
salt <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> 盐值。必须提供，但可以是零长度。

¥salt <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> The salt value. Must be provided but can be zero-length.
info <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> 附加信息值。必须提供但可以是零长度，并且不能超过 1024 字节。

¥info <string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.
keylen <number> 要生成的密钥的长度。必须大于 0。最大允许值是所选摘要函数生成的字节数的 255 倍（例如，sha512 生成 64 字节哈希，使最大 HKDF 输出为 16320 字节）。

¥keylen <number> The length of the key to generate. Must be greater than 0. The maximum allowable value is 255 times the number of bytes produced by the selected digest function (e.g. sha512 generates 64-byte hashes, making the maximum HKDF output 16320 bytes).
callback <Function>
- err <Error>
- derivedKey <ArrayBuffer>

HKDF 是 RFC 5869 中定义的简单密钥派生函数。给定的 ikm、salt 和 info 与 digest 一起使用以导出 keylen 字节的密钥。

¥HKDF is a simple key derivation function defined in RFC 5869. The given ikm, salt and info are used with the digest to derive a key of keylen bytes.

使用两个参数调用提供的 callback 函数：err 和 derivedKey。如果派生密钥时发生错误，err 将被设置；否则 err 将是 null。成功生成的 derivedKey 将作为 <ArrayBuffer> 传给回调。如果任何输入参数指定了无效的值或类型，则会抛出错误。

¥The supplied callback function is called with two arguments: err and derivedKey. If an errors occurs while deriving the key, err will be set; otherwise err will be null. The successfully generated derivedKey will be passed to the callback as an <ArrayBuffer>. An error will be thrown if any of the input arguments specify invalid values or types.

import { Buffer } from 'node:buffer';
const {
  hkdf,
} = await import('node:crypto');

hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => {
  if (err) throw err;
  console.log(Buffer.from(derivedKey).toString('hex'));  // '24156e2...5391653'
});const {
  hkdf,
} = require('node:crypto');
const { Buffer } = require('node:buffer');

hkdf('sha512', 'key', 'salt', 'info', 64, (err, derivedKey) => {
  if (err) throw err;
  console.log(Buffer.from(derivedKey).toString('hex'));  // '24156e2...5391653'
});