crypto.hkdfSync(digest, ikm, salt, info, keylen)
digest<string> 要使用的摘要算法。ikm<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <KeyObject> 输入键材料。 必须提供,但可以是零长度。salt<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> 盐值。 必须提供,但可以是零长度。info<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> 附加信息值。 必须提供但可以是零长度,并且不能超过 1024 字节。keylen<number> 要生成的密钥的长度。 必须大于 0。 最大允许值是所选摘要函数生成的字节数的255倍(例如,sha512生成 64 字节哈希,使最大 HKDF 输出为 16320 字节)。- 返回: <ArrayBuffer>
提供 RFC 5869 中定义的同步 HKDF 密钥派生函数。
给定的 ikm、salt 和 info 与 digest 一起使用以导出 keylen 字节的密钥。
成功生成的 derivedKey 将作为 <ArrayBuffer> 返回。
如果任何输入参数指定无效值或类型,或者无法生成派生密钥,则会抛出错误。
import { Buffer } from 'node:buffer';
const {
hkdfSync,
} = await import('node:crypto');
const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'const {
hkdfSync,
} = require('node:crypto');
const { Buffer } = require('node:buffer');
const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'digest<string> The digest algorithm to use.ikm<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> | <KeyObject> The input keying material. Must be provided but can be zero-length.salt<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> The salt value. Must be provided but can be zero-length.info<string> | <ArrayBuffer> | <Buffer> | <TypedArray> | <DataView> Additional info value. Must be provided but can be zero-length, and cannot be more than 1024 bytes.keylen<number> The length of the key to generate. Must be greater than 0. The maximum allowable value is255times the number of bytes produced by the selected digest function (e.g.sha512generates 64-byte hashes, making the maximum HKDF output 16320 bytes).- Returns: <ArrayBuffer>
Provides a synchronous HKDF key derivation function as defined in RFC 5869. The
given ikm, salt and info are used with the digest to derive a key of
keylen bytes.
The successfully generated derivedKey will be returned as an <ArrayBuffer>.
An error will be thrown if any of the input arguments specify invalid values or types, or if the derived key cannot be generated.
import { Buffer } from 'node:buffer';
const {
hkdfSync,
} = await import('node:crypto');
const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'const {
hkdfSync,
} = require('node:crypto');
const { Buffer } = require('node:buffer');
const derivedKey = hkdfSync('sha512', 'key', 'salt', 'info', 64);
console.log(Buffer.from(derivedKey).toString('hex')); // '24156e2...5391653'