# ä½¿ç”¨PBKDF2è¿›è¡Œå¯†é’¥æ´¾ç”Ÿ

å¯¹åº”çš„ç®—æ³•è§„æ ¼è¯·æŸ¥çœ‹[å¯†é’¥æ´¾ç”Ÿç®—æ³•è§„æ ¼ï¼šPBKDF2](crypto-key-derivation-overview.md#pbkdf2ç®—æ³•)ã€‚

## å¼€å‘æ¥éª¤

1. æž„é€ [PBKDF2Spec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pbkdf2spec11)å¯¹è±¡ï¼Œä½œä¸ºå¯†é’¥æ´¾ç”Ÿå‚æ•°è¿›è¡Œå¯†é’¥æ´¾ç”Ÿã€‚
   
   PBKDF2Specæ˜¯[KdfSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#kdfspec11)çš„åç±»ï¼Œéœ€è¦æŒ‡å®šï¼š

   - algNameï¼šæŒ‡å®šç®—æ³•'PBKDF2'ã€‚
   - passwordï¼šç”¨äºŽç”Ÿæˆæ´¾ç”Ÿå¯†é’¥çš„åŽŸå§‹å¯†ç ã€‚
      å¦‚æžœä½¿ç”¨stringç±»åž‹ï¼Œéœ€è¦ç›´æŽ¥ä¼ å…¥ç”¨äºŽå¯†é’¥æ´¾ç”Ÿçš„æ•°æ®ï¼Œè€Œä¸æ˜¯HexStringã€base64ç‰å—ç¬¦ä¸²ç±»åž‹ã€‚åŒæ—¶éœ€è¦ç¡®ä¿è¯¥å—ç¬¦ä¸²ä¸ºutf-8ç¼–ç ï¼Œå¦åˆ™æ´¾ç”Ÿç»“æžœä¼šæœ‰å·®å¼‚ã€‚
   - saltï¼šç›å€¼ã€‚
   - iterationsï¼šé‡å¤è¿ç®—çš„æ¬¡æ•°ï¼Œéœ€è¦ä¸ºæ£æ•´æ•°ã€‚
   - keySizeï¼šç›®æ ‡å¯†é’¥çš„å—èŠ‚é•¿åº¦ï¼Œéœ€è¦ä¸ºæ£æ•´æ•°ã€‚

2. è°ƒç”¨[cryptoFramework.createKdf](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekdf11)ï¼ŒæŒ‡å®šå—ç¬¦ä¸²å‚æ•°'PBKDF2|SHA256'ï¼Œåˆ›å»ºå¯†é’¥æ´¾ç”Ÿç®—æ³•ä¸ºPBKDF2ã€HMACå‡½æ•°æ‘˜è¦ç®—æ³•ä¸ºSHA256çš„å¯†é’¥æ´¾ç”Ÿå‡½æ•°å¯¹è±¡ï¼ˆKdfï¼‰ã€‚

3. è¾“å…¥PBKDF2Specå¯¹è±¡ï¼Œè°ƒç”¨[Kdf.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret-2)è¿›è¡Œå¯†é’¥æ´¾ç”Ÿã€‚
   
   Kdf.generateSecretçš„å¤šç§è°ƒç”¨å½¢å¼å¦‚è¡¨æ‰€ç¤ºã€‚
   
   | æŽ¥å£å | è¿”å›žæ–¹å¼ | 
   | -------- | -------- |
   | generateSecret(params: KdfSpec, callback: AsyncCallback&lt;DataBlob&gt;): void | callbackå¼‚æ¥ç”Ÿæˆ | 
   | generateSecret(params: KdfSpec): Promise&lt;DataBlob&gt; | Promiseå¼‚æ¥ç”Ÿæˆ | 
   | generateSecretSync(params: KdfSpec): DataBlob | åŒæ¥ç”Ÿæˆ | 

- é€šè¿‡awaitè¿”å›žç»“æžœï¼š

  ```ts
  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
  
  async function kdfAwait() {
    let spec: cryptoFramework.PBKDF2Spec = {
      algName: 'PBKDF2',
      password: '123456',
      salt: new Uint8Array(16),
      iterations: 10000,
      keySize: 32
    };
    let kdf = cryptoFramework.createKdf('PBKDF2|SHA256');
    let secret = await kdf.generateSecret(spec);
    console.info("key derivation output is " + secret.data);
  }
  ```

- é€šè¿‡Promiseè¿”å›žç»“æžœï¼š

  ```ts
  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
  import { BusinessError } from '@kit.BasicServicesKit';
  
  function kdfPromise() {
    let spec: cryptoFramework.PBKDF2Spec = {
      algName: 'PBKDF2',
      password: '123456',
      salt: new Uint8Array(16),
      iterations: 10000,
      keySize: 32
    };
    let kdf = cryptoFramework.createKdf('PBKDF2|SHA256');
    let kdfPromise = kdf.generateSecret(spec);
    kdfPromise.then((secret) => {
      console.info("key derivation output is " + secret.data);
    }).catch((error: BusinessError) => {
      console.error("key derivation error.");
    });
  }
  ```

- é€šè¿‡åŒæ¥æ–¹å¼è¿”å›žç»“æžœï¼š

  ```ts
  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
  import { BusinessError } from '@kit.BasicServicesKit';

  function kdfSync() {
    let spec: cryptoFramework.PBKDF2Spec = {
      algName: 'PBKDF2',
      password: '123456',
      salt: new Uint8Array(16),
      iterations: 10000,
      keySize: 32
    };
    let kdf = cryptoFramework.createKdf('PBKDF2|SHA256');
    let secret = kdf.generateSecretSync(spec);
    console.info("[Sync]key derivation output is " + secret.data);
  }
  ```