HkdfParams

The HkdfParams dictionary of the Web Crypto API represents the object that should be passed as the algorithm parameter into SubtleCrypto.deriveKey(), when using the HKDF algorithm.

Properties

name

A DOMString. This should be set to HKDF.

hash

A DOMString representing the digest algorithm to use. This may be one of:

  • SHA-1
  • SHA-256
  • SHA-384
  • SHA-512
salt

A BufferSource. The HKDF specification states that adding salt "adds significantly to the strength of HKDF". Ideally, the salt is a random or pseudo-random value with the same length as the output of the digest function. Unlike the input key material passed into deriveKey(), salt does not need to be kept secret.

info

A BufferSource representing application-specific contextual information. This is used to bind the derived key to an application or context, and enables you to derive different keys for different contexts while using the same input key material. It's important that this should be independent of the input key material itself. This property is required but may be an empty buffer.

Examples

See the examples for SubtleCrypto.deriveKey().

Specifications

Specification Status Comment
Web Cryptography API
The definition of 'SubtleCrypto.HkdfParams' in that specification.
Recommendation

Browser compatibility

Browsers that support the "HKDF" algorithm for the SubtleCrypto.deriveKey() method will support this type.

See also