The crypto.pbkdf2() method gives an asynchronous Password-Based Key Derivation Function 2 i.e. (PBKDF2) implementation. Moreover, a particular HMAC digest algorithm which is defined by digest is implemented to derive a key of the required byte length (keylen) from the stated password, salt, and iterations.
Syntax:
crypto.pbkdf2( password, salt, iterations, keylen, digest, callback )
Parameters: This method accepts six parameters as mentioned above and described below:
- password: It can holds string, Buffer, TypedArray, or DataView type of data.
- salt: It must be as unique as possible. However, it is recommended that a salt is arbitrary and in any case it is at least 16 bytes long. It is of type string, Buffer, TypedArray, or DataView.
- iterations: It must be a number and should be set as high as possible. So, the more is the number of iterations, the more secure the derived key will be, but in that case it takes greater amount of time to complete. It is of type number.
- keylen: It is the key of the required byte length and it is of type number.
- digest: It is digest algorithms of string type.
- callback: It is a function with two parameters namely err, and derivedKey.
Return Type: It returns the derived password based key.
Below example illustrate the use of crypto.pbkdf2() method in Node.js:
Example 1:
const crypto = require('crypto');
crypto.pbkdf2('secret', 'salt', 100000, 64,
'sha512', (err, derivedKey) => {
if (err) throw err;
console.log(derivedKey.toString('hex'));
});
|
Output:
3745e482c6e0ade35da10139e797157f4a5da669dad7d5da88ef87e
47471cc47ed941c7ad618e827304f083f8707f12b7cfdd5f489b782
f10cc269e3c08d59ae
Example 2:
const crypto = require('crypto');
crypto.pbkdf2('secret', 'salt', 677, 6,
null, (err, derivedKey) => {
if (err)
{
console.log(err);
}
else
{
console.log(derivedKey);
}
});
|
Output: Here, a buffer is returned as a derived key is not changed to string.
Buffer 71 1e 7b 7b 9b 53
Reference: https://nodejs.org/api/crypto.html#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback