TheHkdfParams dictionary of theWeb Crypto API represents the object that should be passed as thealgorithm parameter intoSubtleCrypto.deriveKey(), when using theHKDF algorithm.

Instance properties

name

A string. This should be set toHKDF.

hash

A string or an object containing a single property calledname with a string value. It is an identifier for thedigest algorithm to use. This should be one of the following:

• SHA-256: selects theSHA-256 algorithm.
• SHA-384: selects theSHA-384 algorithm.
• SHA-512: selects theSHA-512 algorithm.

Warning:SHA-1 is also supported here but theSHA-1 algorithm is considered vulnerable and should no longer be used.

salt

AnArrayBuffer, aTypedArray, or aDataView. TheHKDF specification states that adding salt "adds significantly to the strength of HKDF". Ideally, the salt is a random or pseudo-random value with the same length as the output of the digest function. Unlike the input key material passed intoderiveKey(), salt does not need to be kept secret.

info

AnArrayBuffer, aTypedArray, or aDataView representing application-specific contextual information. This is used to bind the derived key to an application or context, and enables you to derive different keys for different contexts while using the same input key material. It's important that this should be independent of the input key material itself. This property is required but may be an empty buffer.

Examples

See the examples forSubtleCrypto.deriveKey().

Specifications

Browser compatibility

Browsers that support the "HKDF" algorithm for theSubtleCrypto.deriveKey() method will support this type.

See also

• SubtleCrypto.deriveKey().