1# 使用HKDF进行密钥派生 2 3对应算法规格请查看[密钥派生算法规格:HKDF](crypto-key-derivation-overview.md#hkdf算法)。 4 5## 开发步骤 61. 构造[HKDFSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#hkdfspec12)对象,作为密钥派生参数进行密钥派生。 7 8 HKDFSpec是[KdfSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#kdfspec11)的子类,需要指定: 9 10 - algName:指定算法'HKDF'。 11 - key:原始密钥材料。 12 如果使用string类型,需要直接传入用于密钥派生的数据,而不是HexString、base64等字符串类型。同时需要确保该字符串为utf-8编码,否则派生结果会有差异。 13 - salt:盐值。 14 - info:可选的上下文与应用相关信息, 可为空,用于拓展短密钥。 15 - keySize:目标密钥的字节长度,需要为正整数。 16 172. 调用[cryptoFramework.createKdf](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekdf11),指定字符串参数'HKDF|SHA256|EXTRACT_AND_EXPAND',创建密钥派生算法为HKDF、HMAC函数摘要算法为SHA256、模式为提取和拓展的密钥派生函数对象(Kdf)。 18 193. 输入HKDFSpec对象,调用[Kdf.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret-2)进行密钥派生。 20 21 Kdf.generateSecret的多种调用形式如表所示。 22 23 | 接口名 | 返回方式 | 24 | -------- | -------- | 25 | generateSecret(params: KdfSpec, callback: AsyncCallback<DataBlob>): void | callback异步生成 | 26 | generateSecret(params: KdfSpec): Promise<DataBlob> | Promise异步生成 | 27 | generateSecretSync(params: KdfSpec): DataBlob | 同步生成 | 28 29- 通过await返回结果: 30 31 ```ts 32 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 33 import { buffer } from '@kit.ArkTS'; 34 35 async function kdfAwait() { 36 let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer); 37 let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer); 38 let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer); 39 let spec: cryptoFramework.HKDFSpec = { 40 algName: 'HKDF', 41 key: keyData, 42 salt: saltData, 43 info: infoData, 44 keySize: 32 45 }; 46 let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND'); 47 let secret = await kdf.generateSecret(spec); 48 console.info("key derivation output is " + secret.data); 49 } 50 ``` 51 52- 通过Promise返回结果: 53 54 ```ts 55 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 56 import { BusinessError } from '@kit.BasicServicesKit'; 57 import { buffer } from '@kit.ArkTS'; 58 59 function kdfPromise() { 60 let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer); 61 let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer); 62 let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer); 63 let spec: cryptoFramework.HKDFSpec = { 64 algName: 'HKDF', 65 key: keyData, 66 salt: saltData, 67 info: infoData, 68 keySize: 32 69 }; 70 let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND'); 71 let kdfPromise = kdf.generateSecret(spec); 72 kdfPromise.then((secret) => { 73 console.info("key derivation output is " + secret.data); 74 }).catch((error: BusinessError) => { 75 console.error("key derivation error."); 76 }); 77 } 78 ``` 79 80- 通过同步方式返回结果: 81 82 ```ts 83 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 84 import { BusinessError } from '@kit.BasicServicesKit'; 85 import { buffer } from '@kit.ArkTS'; 86 87 function kdfSync() { 88 let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer); 89 let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer); 90 let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer); 91 let spec: cryptoFramework.HKDFSpec = { 92 algName: 'HKDF', 93 key: keyData, 94 salt: saltData, 95 info: infoData, 96 keySize: 32 97 }; 98 let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND'); 99 let secret = kdf.generateSecretSync(spec); 100 console.info("[Sync]key derivation output is " + secret.data); 101 } 102 ```