1# Key Derivation Overview and Algorithm Specifications 2 3A key derivation function (KDF) is a cryptographic algorithm that derives one or more secrete keys from a secret value by using a pseudorandom function (PRF). It can be used to stretch keys into longer keys or to obtain keys in the required format. 4 5## PBKDF2 6 7Password-Based Key Derivation Function (PBKDF) is a key derivation function with a sliding computational cost. PBKDF2 is part of the PKCS series. 8 9PBKDF2 applies a PRF, such as an [HMAC](crypto-compute-mac.md), to an input password together with a salt value, and repeats the process multiple times to generate a derived key. 10 11When creating a **kDF** instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the KDF algorithm and HMAC algorithm with a vertical bar (|) in between. 12| KDF Algorithm| HMAC Algorithm| String Parameter| API Version| 13| -------- | -------- | -------- | -------- | 14| PBKDF2 | SHA1 | PBKDF2\|SHA1 | 11+ | 15| PBKDF2 | SHA224 | PBKDF2\|SHA224 | 11+ | 16| PBKDF2 | SHA256 | PBKDF2\|SHA256 | 11+ | 17| PBKDF2 | SHA384 | PBKDF2\|SHA384 | 11+ | 18| PBKDF2 | SHA512 | PBKDF2\|SHA512 | 11+ | 19| PBKDF2 | SM3 | PBKDF2\|SM3 | 11+ | 20 21## HKDF 22 23HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is a simple KDF based on an [HMAC](crypto-compute-mac.md). It is used to expand limited input key material into a cryptographically strong secret key. 24 25The HKDF has three modes: 26 27- **EXTRACT_ONLY**: generates a pseudorandom key (PRK) from the input key material (IKM) and an optional salt. 28- **EXPAND_ONLY**: expands the PRK to a key of the specified length. 29- **EXTRACT_AND_EXPAND**: generates a PRK from the IKM and salt, and expands it to a key of the specified length. 30 31When creating a **kDF** instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the KDF algorithm, HMAC algorithm, and mode with a vertical bar (|) in between. 32| KDF Algorithm| HMAC Algorithm| Mode| String Parameter| API Version| 33| -------- | -------- | -------- | -------- | -------- | 34| HKDF | SHA1 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | HKDF\|SHA1 | 12+ | 35| HKDF | SHA224 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | HKDF\|SHA224 | 12+ | 36| HKDF | SHA256 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | HKDF\|SHA256 | 12+ | 37| HKDF | SHA384 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | HKDF\|SHA384 | 12+ | 38| HKDF | SHA512 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | HKDF\|SHA512 | 12+ | 39| HKDF | SM3 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | HKDF\|SM3 | 12+ | 40