1# Key Derivation Using HKDF
2
3For details about the corresponding algorithm specifications, see [HKDF](crypto-key-derivation-overview.md#hkdf).
4
5## How to Develop
61. Create a [HKDFSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#hkdfspec12) object and use it as a parameter for key derivation.
7
8   **HKDFSpec** is a child class of [KdfSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#kdfspec11). You need to specify the following:
9
10   - **algName**: algorithm to used, which is **'HKDF'**.
11   - **key**: original key material.
12      If **key** is of the string type, pass in the data used for key derivation instead of the string type such as HexString or base64. In addition, ensure that the string is encoded in UTF-8 format. Otherwise, the derived key may be different from what you expected.
13   - **salt**: salt value.
14   - **info**: optional context and application information used to expand the short key. This parameter can be empty.
15   - **keySize**: length of the key to derive, in bytes. The value must be a positive integer.
16
172. Use [cryptoFramework.createKdf](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekdf11) with the string parameter **'HKDF|SHA256|EXTRACT_AND_EXPAND'**** to create a **Kdf** instance. The key derivation algorithm is **HKDF**, HMAC algorithm is **SHA256**, and mode is **extract and expand**.
18
193. Use [Kdf.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret-2) with the **HKDFSpec** object to generate a derived key.
20
21   The following table lists how **Kdf.generateSecret** delivers the return value.
22
23   | API| Return Mode|
24   | -------- | -------- |
25   | generateSecret(params: KdfSpec, callback: AsyncCallback<DataBlob>): void | This API uses an asynchronous callback to return the result.|
26   | generateSecret(params: KdfSpec): Promise<DataBlob> | This API uses a promise to return the result.|
27   | generateSecretSync(params: KdfSpec): DataBlob | This API returns the result synchronously.|
28
29- Return the result using **await**:
30
31  ```ts
32  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
33  import { buffer } from '@kit.ArkTS';
34
35  async function kdfAwait() {
36    let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer);
37    let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer);
38    let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer);
39    let spec: cryptoFramework.HKDFSpec = {
40      algName: 'HKDF',
41      key: keyData,
42      salt: saltData,
43      info: infoData,
44      keySize: 32
45    };
46    let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND');
47    let secret = await kdf.generateSecret(spec);
48    console.info("key derivation output is " + secret.data);
49  }
50  ```
51
52- Return the result using a promise:
53
54  ```ts
55  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
56  import { BusinessError } from '@kit.BasicServicesKit';
57  import { buffer } from '@kit.ArkTS';
58
59  function kdfPromise() {
60    let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer);
61    let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer);
62    let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer);
63    let spec: cryptoFramework.HKDFSpec = {
64      algName: 'HKDF',
65      key: keyData,
66      salt: saltData,
67      info: infoData,
68      keySize: 32
69    };
70    let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND');
71    let kdfPromise = kdf.generateSecret(spec);
72    kdfPromise.then((secret) => {
73      console.info("key derivation output is " + secret.data);
74    }).catch((error: BusinessError) => {
75      console.error("key derivation error.");
76    });
77  }
78  ```
79
80- Return the result synchronously:
81
82  ```ts
83  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
84  import { BusinessError } from '@kit.BasicServicesKit';
85  import { buffer } from '@kit.ArkTS';
86
87  function kdfSync() {
88    let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer);
89    let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer);
90    let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer);
91    let spec: cryptoFramework.HKDFSpec = {
92      algName: 'HKDF',
93      key: keyData,
94      salt: saltData,
95      info: infoData,
96      keySize: 32
97    };
98    let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND');
99    let secret = kdf.generateSecretSync(spec);
100    console.info("[Sync]key derivation output is " + secret.data);
101  }
102  ```
103