Derive key with PBKDF2 for HMAC?

Question

Derive key with PBKDF2 for HMAC?

Opened this issue 9 years ago · 2 comments

Do browsers really support generating HMAC keys with PBKDF2? Both Chrome and Firefox seem to complain when I pass {name:"HMAC"} to deriveKey in the 3rd parameter. I can't seem to find a definitive answer anywhere.

Answer 1 · 2017-02-17T15:56:32.000Z

Same here. The error I get on Chrome is

HmacImportParams: hash: Missing or not an AlgorithmIdentifier

On Safari:

NotSupportedError (DOM Exception 9): The operation is not supported.

On Firefox the promise hangs.

Answer 2 · 2017-10-21T13:25:16.000Z

This works for me*, does it help? (or have i misunderstood the issue)

    const pwdKey = await window.crypto.subtle.importKey(
      'raw',
      encoder.encode(password),
      { name: 'PBKDF2' },
      false,
      ['deriveKey']
    );
    const newAuthKey = await window.crypto.subtle.deriveKey(
      {
        name: 'PBKDF2',
        salt: encoder.encode(file.url),
        iterations: 100,
        hash: 'SHA-256'
      },
      pwdKey,
      {
        name: 'HMAC',
        hash: 'SHA-256'
      },
      true,
      ['sign']
    );

context: https://github.com/mozilla/send/blob/9410defab6156d29bb705f73aefbd09ec588678e/app/fileSender.js#L239-L260

*Firefox ESR 52.4.0 and Firefox Developer Edition 57.0b10