1e41f4b71Sopenharmony_ci# Key Derivation Using PBKDF2
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ciFor details about the corresponding algorithm specifications, see [PBKDF2](crypto-key-derivation-overview.md#pbkdf2).
4e41f4b71Sopenharmony_ci
5e41f4b71Sopenharmony_ci## How to Develop
6e41f4b71Sopenharmony_ci
7e41f4b71Sopenharmony_ci1. Create a [PBKDF2Spec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pbkdf2spec11) object and use it as a parameter for key derivation.
8e41f4b71Sopenharmony_ci   
9e41f4b71Sopenharmony_ci   **PBKDF2Spec** is a child class of [KdfSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#kdfspec11). You need to specify the following:
10e41f4b71Sopenharmony_ci
11e41f4b71Sopenharmony_ci   - **algName**: algorithm to use, which is **'PBKDF2'**.
12e41f4b71Sopenharmony_ci   - **password**: original password used to generate the derived key.
13e41f4b71Sopenharmony_ci      If **key** is of the string type, pass in the data used for key derivation instead of the string type such as HexString or base64. In addition, ensure that the string is encoded in UTF-8 format. Otherwise, the derived key may be different from what you expected.
14e41f4b71Sopenharmony_ci   - **salt**: specifies the salt value.
15e41f4b71Sopenharmony_ci   - **iterations**: number of iterations. The value must be a positive integer.
16e41f4b71Sopenharmony_ci   - **keySize**: length of the key to derive, in bytes. The value must be a positive integer.
17e41f4b71Sopenharmony_ci
18e41f4b71Sopenharmony_ci2. Use [cryptoFramework.createKdf](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekdf11) with the string parameter **'PBKDF2|SHA256'** to create a **Kdf** object. The key derivation algorithm is **PBKDF2**, and HMAC algorithm is **SHA256**.
19e41f4b71Sopenharmony_ci
20e41f4b71Sopenharmony_ci3. Use [Kdf.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret-2) with the **PBKDF2Spec** object to generate a derived key.
21e41f4b71Sopenharmony_ci   
22e41f4b71Sopenharmony_ci   The following table lists how **Kdf.generateSecret** delivers the return value.
23e41f4b71Sopenharmony_ci   
24e41f4b71Sopenharmony_ci   | API| Return Mode| 
25e41f4b71Sopenharmony_ci   | -------- | -------- |
26e41f4b71Sopenharmony_ci   | generateSecret(params: KdfSpec, callback: AsyncCallback<DataBlob>): void | This API uses an asynchronous callback to return the result.| 
27e41f4b71Sopenharmony_ci   | generateSecret(params: KdfSpec): Promise<DataBlob> | This API uses a promise to return the result.| 
28e41f4b71Sopenharmony_ci   | generateSecretSync(params: KdfSpec): DataBlob | This API returns the result synchronously.| 
29e41f4b71Sopenharmony_ci
30e41f4b71Sopenharmony_ci- Return the result using **await**:
31e41f4b71Sopenharmony_ci
32e41f4b71Sopenharmony_ci  ```ts
33e41f4b71Sopenharmony_ci  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
34e41f4b71Sopenharmony_ci  
35e41f4b71Sopenharmony_ci  async function kdfAwait() {
36e41f4b71Sopenharmony_ci    let spec: cryptoFramework.PBKDF2Spec = {
37e41f4b71Sopenharmony_ci      algName: 'PBKDF2',
38e41f4b71Sopenharmony_ci      password: '123456',
39e41f4b71Sopenharmony_ci      salt: new Uint8Array(16),
40e41f4b71Sopenharmony_ci      iterations: 10000,
41e41f4b71Sopenharmony_ci      keySize: 32
42e41f4b71Sopenharmony_ci    };
43e41f4b71Sopenharmony_ci    let kdf = cryptoFramework.createKdf('PBKDF2|SHA256');
44e41f4b71Sopenharmony_ci    let secret = await kdf.generateSecret(spec);
45e41f4b71Sopenharmony_ci    console.info("key derivation output is " + secret.data);
46e41f4b71Sopenharmony_ci  }
47e41f4b71Sopenharmony_ci  ```
48e41f4b71Sopenharmony_ci
49e41f4b71Sopenharmony_ci- Return the result using a promise:
50e41f4b71Sopenharmony_ci
51e41f4b71Sopenharmony_ci  ```ts
52e41f4b71Sopenharmony_ci  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
53e41f4b71Sopenharmony_ci  import { BusinessError } from '@kit.BasicServicesKit';
54e41f4b71Sopenharmony_ci  
55e41f4b71Sopenharmony_ci  function kdfPromise() {
56e41f4b71Sopenharmony_ci    let spec: cryptoFramework.PBKDF2Spec = {
57e41f4b71Sopenharmony_ci      algName: 'PBKDF2',
58e41f4b71Sopenharmony_ci      password: '123456',
59e41f4b71Sopenharmony_ci      salt: new Uint8Array(16),
60e41f4b71Sopenharmony_ci      iterations: 10000,
61e41f4b71Sopenharmony_ci      keySize: 32
62e41f4b71Sopenharmony_ci    };
63e41f4b71Sopenharmony_ci    let kdf = cryptoFramework.createKdf('PBKDF2|SHA256');
64e41f4b71Sopenharmony_ci    let kdfPromise = kdf.generateSecret(spec);
65e41f4b71Sopenharmony_ci    kdfPromise.then((secret) => {
66e41f4b71Sopenharmony_ci      console.info("key derivation output is " + secret.data);
67e41f4b71Sopenharmony_ci    }).catch((error: BusinessError) => {
68e41f4b71Sopenharmony_ci      console.error("key derivation error.");
69e41f4b71Sopenharmony_ci    });
70e41f4b71Sopenharmony_ci  }
71e41f4b71Sopenharmony_ci  ```
72e41f4b71Sopenharmony_ci
73e41f4b71Sopenharmony_ci- Return the result synchronously:
74e41f4b71Sopenharmony_ci
75e41f4b71Sopenharmony_ci  ```ts
76e41f4b71Sopenharmony_ci  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
77e41f4b71Sopenharmony_ci  import { BusinessError } from '@kit.BasicServicesKit';
78e41f4b71Sopenharmony_ci
79e41f4b71Sopenharmony_ci  function kdfSync() {
80e41f4b71Sopenharmony_ci    let spec: cryptoFramework.PBKDF2Spec = {
81e41f4b71Sopenharmony_ci      algName: 'PBKDF2',
82e41f4b71Sopenharmony_ci      password: '123456',
83e41f4b71Sopenharmony_ci      salt: new Uint8Array(16),
84e41f4b71Sopenharmony_ci      iterations: 10000,
85e41f4b71Sopenharmony_ci      keySize: 32
86e41f4b71Sopenharmony_ci    };
87e41f4b71Sopenharmony_ci    let kdf = cryptoFramework.createKdf('PBKDF2|SHA256');
88e41f4b71Sopenharmony_ci    let secret = kdf.generateSecretSync(spec);
89e41f4b71Sopenharmony_ci    console.info("[Sync]key derivation output is " + secret.data);
90e41f4b71Sopenharmony_ci  }
91e41f4b71Sopenharmony_ci  ```
92