1e41f4b71Sopenharmony_ci# Key Derivation Overview and Algorithm Specifications
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ciA key derivation function (KDF) is a cryptographic algorithm that derives one or more secrete keys from a secret value (such as a master key) by using a pseudorandom function. It can be used to stretch keys into longer keys or to obtain keys in the required format.
4e41f4b71Sopenharmony_ci
5e41f4b71Sopenharmony_ci## Supported Algorithms and Specifications
6e41f4b71Sopenharmony_ci
7e41f4b71Sopenharmony_ci### PBKDF2
8e41f4b71Sopenharmony_ci
9e41f4b71Sopenharmony_ciPassword-Based Key Derivation Function (PBKDF) is a key derivation function with a sliding computational cost. PBKDF2 is part of the PKCS series.
10e41f4b71Sopenharmony_ci
11e41f4b71Sopenharmony_ciPBKDF2 applies a pseudorandom function (PRF), such as [HMAC](crypto-compute-mac.md), to an input password together with a salt value, and repeats the process multiple times to generate a derived key.
12e41f4b71Sopenharmony_ci
13e41f4b71Sopenharmony_ciWhen creating a **kDF** instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the KDF algorithm and HMAC algorithm with a vertical bar (|) in between.
14e41f4b71Sopenharmony_ci| KDF Algorithm| HMAC Algorithm| String Parameter| API Version| 
15e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- |
16e41f4b71Sopenharmony_ci| PBKDF2 | SHA1 | PBKDF2\|SHA1 | 11+ | 
17e41f4b71Sopenharmony_ci| PBKDF2 | SHA224 | PBKDF2\|SHA224 | 11+ | 
18e41f4b71Sopenharmony_ci| PBKDF2 | SHA256 | PBKDF2\|SHA256 | 11+ | 
19e41f4b71Sopenharmony_ci| PBKDF2 | SHA384 | PBKDF2\|SHA384 | 11+ | 
20e41f4b71Sopenharmony_ci| PBKDF2 | SHA512 | PBKDF2\|SHA512 | 11+ | 
21e41f4b71Sopenharmony_ci| PBKDF2 | SM3 | PBKDF2\|SM3 | 11+ | 
22e41f4b71Sopenharmony_ci
23e41f4b71Sopenharmony_ci### HKDF
24e41f4b71Sopenharmony_ci
25e41f4b71Sopenharmony_ciHMAC-based Extract-and-Expand Key Derivation Function (HKDF) is a simple key derivation function (KDF) based on the [HMAC](crypto-compute-mac.md) message authentication code. It is used to expand limited input key material into a cryptographically strong secret key.
26e41f4b71Sopenharmony_ci
27e41f4b71Sopenharmony_ciHKDF consists of two modules: HKDF-Extract and HKDF-Expand.
28e41f4b71Sopenharmony_ciHKDF-Extract: generates a cryptographic pseudorandom key (PRK) from the input key material and an optional salt.
29e41f4b71Sopenharmony_ciHKDF-Expand: expands the PRK to a key of the specified length.
30e41f4b71Sopenharmony_ci
31e41f4b71Sopenharmony_ciWhen creating a **kDF** instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the KDF algorithm, HMAC algorithm, and mode with a vertical bar (|) in between.
32e41f4b71Sopenharmony_ci| KDF Algorithm| HMAC Algorithm| String Parameter| API Version| 
33e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- |
34e41f4b71Sopenharmony_ci| HKDF | SHA1 | HKDF\|SHA1 | 12+ | 
35e41f4b71Sopenharmony_ci| HKDF | SHA224 | HKDF\|SHA224 | 12+ | 
36e41f4b71Sopenharmony_ci| HKDF | SHA256 | HKDF\|SHA256 | 12+ | 
37e41f4b71Sopenharmony_ci| HKDF | SHA384 | HKDF\|SHA384 | 12+ | 
38e41f4b71Sopenharmony_ci| HKDF | SHA512 | HKDF\|SHA512 | 12+ | 
39e41f4b71Sopenharmony_ci| HKDF | SM3 | HKDF\|SM3 | 12+ | 
40