HKDF (HMAC-based Key Derivation Function).

An extract-then-expand key derivation function based on HMAC, specified in RFC 5869, designed to turn high-entropy but non-uniform secret material (DH shared secrets, master keys) into multiple cryptographically strong keys. It belongs to the Cryptography category of cybersecurity.

An extract-then-expand key derivation function based on HMAC, specified in RFC 5869, designed to turn high-entropy but non-uniform secret material (DH shared secrets, master keys) into multiple cryptographically strong keys.

HKDF (HMAC-based Key Derivation Function), defined by Krawczyk in RFC 5869 (2010), is the default modern KDF for symmetric key derivation from already-high-entropy inputs such as Diffie-Hellman shared secrets, master keys, or pre-shared keys. It is built in two phases. Extract takes input keying material (IKM) and an optional salt and applies HMAC to produce a fixed-length pseudorandom key (PRK). Expand then applies HMAC iteratively, with a counter and an info-context parameter, to derive output keying material of arbitrary length. The info parameter is used to bind derived keys to a context, which makes it safe to derive many independent keys from one PRK without collision. HKDF is the KDF chosen for TLS 1.3, Signal, Noise, WireGuard, JWE, the IETF QUIC handshake, and most modern cryptographic protocols. It is not appropriate for low-entropy inputs such as passwords — use Argon2id, scrypt, or bcrypt for those — and it is not itself a MAC; the underlying HMAC is.

Defences for HKDF (HMAC-based Key Derivation Function) typically combine technical controls and operational practices, as detailed in the full definition above.

Common alternative names include: RFC 5869, HMAC KDF.