1# 使用PBKDF2进行密钥派生
2
3对应的算法规格请查看[密钥派生算法规格:PBKDF2](crypto-key-derivation-overview.md#pbkdf2算法)。
4
5## 开发步骤
6
71. 构造[PBKDF2Spec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pbkdf2spec11)对象,作为密钥派生参数进行密钥派生。
8
9   PBKDF2Spec是[KdfSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#kdfspec11)的子类,需要指定:
10
11   - algName:指定算法'PBKDF2'。
12   - password:用于生成派生密钥的原始密码。
13      如果使用string类型,需要直接传入用于密钥派生的数据,而不是HexString、base64等字符串类型。同时需要确保该字符串为utf-8编码,否则派生结果会有差异。
14   - salt:盐值。
15   - iterations:重复运算的次数,需要为正整数。
16   - keySize:目标密钥的字节长度,需要为正整数。
17
182. 调用[cryptoFramework.createKdf](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekdf11),指定字符串参数'PBKDF2|SHA256',创建密钥派生算法为PBKDF2、HMAC函数摘要算法为SHA256的密钥派生函数对象(Kdf)。
19
203. 输入PBKDF2Spec对象,调用[Kdf.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret-2)进行密钥派生。
21
22   Kdf.generateSecret的多种调用形式如表所示。
23
24   | 接口名 | 返回方式 |
25   | -------- | -------- |
26   | generateSecret(params: KdfSpec, callback: AsyncCallback<DataBlob>): void | callback异步生成 |
27   | generateSecret(params: KdfSpec): Promise<DataBlob> | Promise异步生成 |
28   | generateSecretSync(params: KdfSpec): DataBlob | 同步生成 |
29
30- 通过await返回结果:
31
32  ```ts
33  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
34
35  async function kdfAwait() {
36    let spec: cryptoFramework.PBKDF2Spec = {
37      algName: 'PBKDF2',
38      password: '123456',
39      salt: new Uint8Array(16),
40      iterations: 10000,
41      keySize: 32
42    };
43    let kdf = cryptoFramework.createKdf('PBKDF2|SHA256');
44    let secret = await kdf.generateSecret(spec);
45    console.info("key derivation output is " + secret.data);
46  }
47  ```
48
49- 通过Promise返回结果:
50
51  ```ts
52  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
53  import { BusinessError } from '@kit.BasicServicesKit';
54
55  function kdfPromise() {
56    let spec: cryptoFramework.PBKDF2Spec = {
57      algName: 'PBKDF2',
58      password: '123456',
59      salt: new Uint8Array(16),
60      iterations: 10000,
61      keySize: 32
62    };
63    let kdf = cryptoFramework.createKdf('PBKDF2|SHA256');
64    let kdfPromise = kdf.generateSecret(spec);
65    kdfPromise.then((secret) => {
66      console.info("key derivation output is " + secret.data);
67    }).catch((error: BusinessError) => {
68      console.error("key derivation error.");
69    });
70  }
71  ```
72
73- 通过同步方式返回结果:
74
75  ```ts
76  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
77  import { BusinessError } from '@kit.BasicServicesKit';
78
79  function kdfSync() {
80    let spec: cryptoFramework.PBKDF2Spec = {
81      algName: 'PBKDF2',
82      password: '123456',
83      salt: new Uint8Array(16),
84      iterations: 10000,
85      keySize: 32
86    };
87    let kdf = cryptoFramework.createKdf('PBKDF2|SHA256');
88    let secret = kdf.generateSecretSync(spec);
89    console.info("[Sync]key derivation output is " + secret.data);
90  }
91  ```
92