1# 使用HKDF进行密钥派生(ArkTS) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10对应算法规格请查看[密钥派生算法规格:HKDF](crypto-key-derivation-overview.md#hkdf算法)。 11 12## 开发步骤 131. 构造[HKDFSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#hkdfspec12)对象,作为密钥派生参数进行密钥派生。 14 15 HKDFSpec是[KdfSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#kdfspec11)的子类,需要指定: 16 17 - algName:指定算法'HKDF'。 18 - key:原始密钥材料。 19 如果使用string类型,需要直接传入用于密钥派生的数据,而不是HexString、base64等字符串类型。同时需要确保该字符串为utf-8编码,否则派生结果会有差异。 20 - salt:盐值。 21 - info:可选的上下文与应用相关信息, 可为空,用于拓展短密钥。 22 - keySize:目标密钥的字节长度,需要为正整数。 23 242. 调用[cryptoFramework.createKdf](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekdf11),指定字符串参数'HKDF|SHA256|EXTRACT_AND_EXPAND',创建密钥派生算法为HKDF、HMAC函数摘要算法为SHA256、模式为提取和拓展的密钥派生函数对象(Kdf)。 25 263. 输入HKDFSpec对象,调用[Kdf.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret11)进行密钥派生。 27 28 Kdf.generateSecret的多种调用形式如表所示。 29 30 | 接口名 | 返回方式 | 31 | -------- | -------- | 32 | generateSecret(params: KdfSpec, callback: AsyncCallback<DataBlob>): void | callback异步生成。 | 33 | generateSecret(params: KdfSpec): Promise<DataBlob> | Promise异步生成。 | 34 | generateSecretSync(params: KdfSpec): DataBlob | 同步生成。 | 35 36- 通过await返回结果: 37 38 ```ts 39 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 40 import { buffer } from '@kit.ArkTS'; 41 42 async function kdfAwait() { 43 let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer); 44 let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer); 45 let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer); 46 let spec: cryptoFramework.HKDFSpec = { 47 algName: 'HKDF', 48 key: keyData, 49 salt: saltData, 50 info: infoData, 51 keySize: 32 52 }; 53 let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND'); 54 let secret = await kdf.generateSecret(spec); 55 console.info("key derivation output is " + secret.data); 56 } 57 ``` 58 59- 通过Promise返回结果: 60 61 ```ts 62 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 63 import { BusinessError } from '@kit.BasicServicesKit'; 64 import { buffer } from '@kit.ArkTS'; 65 66 function kdfPromise() { 67 let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer); 68 let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer); 69 let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer); 70 let spec: cryptoFramework.HKDFSpec = { 71 algName: 'HKDF', 72 key: keyData, 73 salt: saltData, 74 info: infoData, 75 keySize: 32 76 }; 77 let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND'); 78 let kdfPromise = kdf.generateSecret(spec); 79 kdfPromise.then((secret) => { 80 console.info("key derivation output is " + secret.data); 81 }).catch((error: BusinessError) => { 82 console.error("key derivation error."); 83 }); 84 } 85 ``` 86 87- 通过同步方式返回结果: 88 89 ```ts 90 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 91 import { BusinessError } from '@kit.BasicServicesKit'; 92 import { buffer } from '@kit.ArkTS'; 93 94 function kdfSync() { 95 let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer); 96 let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer); 97 let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer); 98 let spec: cryptoFramework.HKDFSpec = { 99 algName: 'HKDF', 100 key: keyData, 101 salt: saltData, 102 info: infoData, 103 keySize: 32 104 }; 105 let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND'); 106 let secret = kdf.generateSecretSync(spec); 107 console.info("[Sync]key derivation output is " + secret.data); 108 } 109 ```