1e41f4b71Sopenharmony_ci# Key Derivation Using HKDF
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ciFor details about the corresponding algorithm specifications, see [HKDF](crypto-key-derivation-overview.md#hkdf).
4e41f4b71Sopenharmony_ci
5e41f4b71Sopenharmony_ci## How to Develop
6e41f4b71Sopenharmony_ci1. Create a [HKDFSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#hkdfspec12) object and use it as a parameter for key derivation.
7e41f4b71Sopenharmony_ci   
8e41f4b71Sopenharmony_ci   **HKDFSpec** is a child class of [KdfSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#kdfspec11). You need to specify the following:
9e41f4b71Sopenharmony_ci
10e41f4b71Sopenharmony_ci   - **algName**: algorithm to used, which is **'HKDF'**.
11e41f4b71Sopenharmony_ci   - **key**: original key material.
12e41f4b71Sopenharmony_ci      If **key** is of the string type, pass in the data used for key derivation instead of the string type such as HexString or base64. In addition, ensure that the string is encoded in UTF-8 format. Otherwise, the derived key may be different from what you expected.
13e41f4b71Sopenharmony_ci   - **salt**: salt value.
14e41f4b71Sopenharmony_ci   - **info**: optional context and application information used to expand the short key. This parameter can be empty.
15e41f4b71Sopenharmony_ci   - **keySize**: length of the key to derive, in bytes. The value must be a positive integer.
16e41f4b71Sopenharmony_ci
17e41f4b71Sopenharmony_ci2. Use [cryptoFramework.createKdf](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekdf11) with the string parameter **'HKDF|SHA256|EXTRACT_AND_EXPAND'**** to create a **Kdf** instance. The key derivation algorithm is **HKDF**, HMAC algorithm is **SHA256**, and mode is **extract and expand**.
18e41f4b71Sopenharmony_ci
19e41f4b71Sopenharmony_ci3. Use [Kdf.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret-2) with the **HKDFSpec** object to generate a derived key.
20e41f4b71Sopenharmony_ci   
21e41f4b71Sopenharmony_ci   The following table lists how **Kdf.generateSecret** delivers the return value.
22e41f4b71Sopenharmony_ci   
23e41f4b71Sopenharmony_ci   | API| Return Mode| 
24e41f4b71Sopenharmony_ci   | -------- | -------- |
25e41f4b71Sopenharmony_ci   | generateSecret(params: KdfSpec, callback: AsyncCallback<DataBlob>): void | This API uses an asynchronous callback to return the result.| 
26e41f4b71Sopenharmony_ci   | generateSecret(params: KdfSpec): Promise<DataBlob> | This API uses a promise to return the result.| 
27e41f4b71Sopenharmony_ci   | generateSecretSync(params: KdfSpec): DataBlob | This API returns the result synchronously.| 
28e41f4b71Sopenharmony_ci
29e41f4b71Sopenharmony_ci- Return the result using **await**:
30e41f4b71Sopenharmony_ci
31e41f4b71Sopenharmony_ci  ```ts
32e41f4b71Sopenharmony_ci  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
33e41f4b71Sopenharmony_ci  import { buffer } from '@kit.ArkTS';
34e41f4b71Sopenharmony_ci
35e41f4b71Sopenharmony_ci  async function kdfAwait() {
36e41f4b71Sopenharmony_ci    let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer);
37e41f4b71Sopenharmony_ci    let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer);
38e41f4b71Sopenharmony_ci    let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer);
39e41f4b71Sopenharmony_ci    let spec: cryptoFramework.HKDFSpec = {
40e41f4b71Sopenharmony_ci      algName: 'HKDF',
41e41f4b71Sopenharmony_ci      key: keyData,
42e41f4b71Sopenharmony_ci      salt: saltData,
43e41f4b71Sopenharmony_ci      info: infoData,
44e41f4b71Sopenharmony_ci      keySize: 32
45e41f4b71Sopenharmony_ci    };
46e41f4b71Sopenharmony_ci    let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND');
47e41f4b71Sopenharmony_ci    let secret = await kdf.generateSecret(spec);
48e41f4b71Sopenharmony_ci    console.info("key derivation output is " + secret.data);
49e41f4b71Sopenharmony_ci  }
50e41f4b71Sopenharmony_ci  ```
51e41f4b71Sopenharmony_ci
52e41f4b71Sopenharmony_ci- Return the result using a promise:
53e41f4b71Sopenharmony_ci
54e41f4b71Sopenharmony_ci  ```ts
55e41f4b71Sopenharmony_ci  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
56e41f4b71Sopenharmony_ci  import { BusinessError } from '@kit.BasicServicesKit';
57e41f4b71Sopenharmony_ci  import { buffer } from '@kit.ArkTS';
58e41f4b71Sopenharmony_ci
59e41f4b71Sopenharmony_ci  function kdfPromise() {
60e41f4b71Sopenharmony_ci    let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer);
61e41f4b71Sopenharmony_ci    let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer);
62e41f4b71Sopenharmony_ci    let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer);
63e41f4b71Sopenharmony_ci    let spec: cryptoFramework.HKDFSpec = {
64e41f4b71Sopenharmony_ci      algName: 'HKDF',
65e41f4b71Sopenharmony_ci      key: keyData,
66e41f4b71Sopenharmony_ci      salt: saltData,
67e41f4b71Sopenharmony_ci      info: infoData,
68e41f4b71Sopenharmony_ci      keySize: 32
69e41f4b71Sopenharmony_ci    };
70e41f4b71Sopenharmony_ci    let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND');
71e41f4b71Sopenharmony_ci    let kdfPromise = kdf.generateSecret(spec);
72e41f4b71Sopenharmony_ci    kdfPromise.then((secret) => {
73e41f4b71Sopenharmony_ci      console.info("key derivation output is " + secret.data);
74e41f4b71Sopenharmony_ci    }).catch((error: BusinessError) => {
75e41f4b71Sopenharmony_ci      console.error("key derivation error.");
76e41f4b71Sopenharmony_ci    });
77e41f4b71Sopenharmony_ci  }
78e41f4b71Sopenharmony_ci  ```
79e41f4b71Sopenharmony_ci
80e41f4b71Sopenharmony_ci- Return the result synchronously:
81e41f4b71Sopenharmony_ci
82e41f4b71Sopenharmony_ci  ```ts
83e41f4b71Sopenharmony_ci  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
84e41f4b71Sopenharmony_ci  import { BusinessError } from '@kit.BasicServicesKit';
85e41f4b71Sopenharmony_ci  import { buffer } from '@kit.ArkTS';
86e41f4b71Sopenharmony_ci  
87e41f4b71Sopenharmony_ci  function kdfSync() {
88e41f4b71Sopenharmony_ci    let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer);
89e41f4b71Sopenharmony_ci    let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer);
90e41f4b71Sopenharmony_ci    let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer);
91e41f4b71Sopenharmony_ci    let spec: cryptoFramework.HKDFSpec = {
92e41f4b71Sopenharmony_ci      algName: 'HKDF',
93e41f4b71Sopenharmony_ci      key: keyData,
94e41f4b71Sopenharmony_ci      salt: saltData,
95e41f4b71Sopenharmony_ci      info: infoData,
96e41f4b71Sopenharmony_ci      keySize: 32
97e41f4b71Sopenharmony_ci    };
98e41f4b71Sopenharmony_ci    let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND');
99e41f4b71Sopenharmony_ci    let secret = kdf.generateSecretSync(spec);
100e41f4b71Sopenharmony_ci    console.info("[Sync]key derivation output is " + secret.data);
101e41f4b71Sopenharmony_ci  }
102e41f4b71Sopenharmony_ci  ```
103