/pbkdf2-hmac

PBKDF2 following RFC 2898 using HMAC (with SHA-1, SHA-256, SHA-384, SHA-512) as the PRF

Primary LanguageJavaScriptMIT LicenseMIT

License: MIT JavaScript Style Guide Node CI Coverage Status

pbkdf2-hmac

PBKDF2 with HMAC (with SHA-1, SHA-256, SHA-384 or SHA-512) as the PRF function for Node.js and browsers.

Node version internally uses Node's crypto.pbkdf2(), the browser version defaults to the subtle crypto native implementation, although a custom implementation is provided just in case the native one fails. This is nowadays (Jun, 2020) the case of Firefox, whose PBKDF2 implementation can't derive more than 2048 bits.

Installation

pbkdf2-hmac can be imported to your project with npm:

npm install pbkdf2-hmac

NPM installation defaults to the ES6 module for browsers and the CJS one for Node.js. For web browsers, you can also directly download the IIFE bundle or the ESM bundle from the repository.

Usage examples

Import your module as :

  • Node.js 
    const pbkdf2Hmac = require('pbkdf2-hmac')
... // your code here
  • JavaScript native or TypeScript project (including React and Angular) 
    import pbkdf2Hmac from 'pbkdf2-hmac'
... // your code here
  • JavaScript native browser ES module 
    <script type="module">
   import pbkdf2Hmac from 'lib/index.browser.bundle.mod.js'  // Use your actual path to the broser mod bundle
   ... // your code here
 </script>
  • JavaScript native browser IIFE 
    <head>
  ...
  <script src="../../lib/index.browser.bundle.iife.js"></script> <!-- Use your actual path to the browser bundle -->
</head>
<body>
  ...
  <script>
    ... // your code here
  </script>
</body>

An example of usage could be (from an async function):

const derivedKey = await pbkdf2Hmac('password', 'salt', 1000, 32)

See the test for more examples

API reference documentation

pbkdf2-hmac

PBKDF2 following RFC 2898 using HMAC (with SHA-1, SHA-256, SHA-384, SHA-512) as the PRF

pbkdf2-hmac~TypedArray : Int8Array | Uint8Array | Uint8ClampedArray | Int16Array | Uint16Array | Int32Array | Uint32Array | Float32Array | Float64Array | BigInt64Array | BigUint64Array

A TypedArray object describes an array-like view of an underlying binary data buffer.

Kind: inner typedef of pbkdf2-hmac

pbkdf2-hmac~pbkdf2Hmac(P, S, c, dkLen, hash) ⇒ Promise.<ArrayBuffer>

The PBKDF2-HMAC function used below denotes the PBKDF2 algorithm (RFC2898) used with one of the SHA algorithms as the hash function for the HMAC

Kind: inner method of pbkdf2-hmac

Param Type Default Description
P string | ArrayBuffer | TypedArray | DataView A unicode string with a password
S string | ArrayBuffer | TypedArray | DataView A salt. This should be a random or pseudo-random value of at least 16 bytes. You can easily get one with crypto.getRandomValues(new Uint8Array(16))
c number iteration count, a positive integer
dkLen number intended length in octets of the derived key
hash string "SHA-256" hash function to use for the HMAC. One of 'SHA-1', 'SHA-256', 'SHA-384', 'SHA-512'