Pbkdf2Params

Draft
This page is not complete.

Secure context
This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

This dictionary represents the object that should be passed as the algorithm parameter into SubtleCrypto.deriveKey(), when using the PBKDF2 algorithm.

Properties

name
DOMString. This should be set to "PBKDF2".
hash

DOMString. The digest algorithm to use. This may be any of:

  • "SHA-1"
  • "SHA-256"
  • "SHA-384"
  • "SHA-512"
salt
BufferSource. This should be a random (or pseudorandom) value of at least 16 bytes. Unlike the input key material passed into deriveKey(), salt does not need to be kept secret.
iterations
Number. The number of times the hash function will be executed in deriveKey(). This determines how computationally expensive (that is, slow) the deriveKey() operation will be. In this context, slow is good, since it makes it more expensive for an attacker to run a dictionary attack against the keys. The general guidance here is to use as many iterations as possible, subject to keeping an acceptable level of performance for your application.

Examples

Specifications

Specification Status Comment
Web Cryptography API
The definition of 'SubtleCrypto.HkdfParams' in that specification.
Recommendation  

Browser compatibility

No compatibility data found. Please contribute data for "api.SubtleCrypto.encrypt.algorithm-hkdf" (depth: 1) to the MDN compatibility data repository.

See also

Document Tags and Contributors

Contributors to this page: wbamberg
Last updated by: wbamberg,