HKDF (HMAC-based Key Derivation Function)
HKDF (HMAC-based Key Derivation Function) 是什么?
HKDF (HMAC-based Key Derivation Function)An extract-then-expand key derivation function based on HMAC, specified in RFC 5869, designed to turn high-entropy but non-uniform secret material (DH shared secrets, master keys) into multiple cryptographically strong keys.
HKDF (HMAC-based Key Derivation Function), defined by Krawczyk in RFC 5869 (2010), is the default modern KDF for symmetric key derivation from already-high-entropy inputs such as Diffie-Hellman shared secrets, master keys, or pre-shared keys. It is built in two phases. Extract takes input keying material (IKM) and an optional salt and applies HMAC to produce a fixed-length pseudorandom key (PRK). Expand then applies HMAC iteratively, with a counter and an info-context parameter, to derive output keying material of arbitrary length. The info parameter is used to bind derived keys to a context, which makes it safe to derive many independent keys from one PRK without collision. HKDF is the KDF chosen for TLS 1.3, Signal, Noise, WireGuard, JWE, the IETF QUIC handshake, and most modern cryptographic protocols. It is not appropriate for low-entropy inputs such as passwords — use Argon2id, scrypt, or bcrypt for those — and it is not itself a MAC; the underlying HMAC is.
● 示例
- 01
TLS 1.3 derives application and exporter traffic keys from the master secret via HKDF-Expand-Label, with separate info contexts per direction.
- 02
A protocol derives a 32-byte encryption key and a 32-byte MAC key from a single DH shared secret by calling HKDF with `info="enc-key"` and `info="mac-key"`.
● 常见问题
HKDF (HMAC-based Key Derivation Function) 是什么?
An extract-then-expand key derivation function based on HMAC, specified in RFC 5869, designed to turn high-entropy but non-uniform secret material (DH shared secrets, master keys) into multiple cryptographically strong keys. 它属于网络安全的 密码学 分类。
HKDF (HMAC-based Key Derivation Function) 是什么意思?
An extract-then-expand key derivation function based on HMAC, specified in RFC 5869, designed to turn high-entropy but non-uniform secret material (DH shared secrets, master keys) into multiple cryptographically strong keys.
HKDF (HMAC-based Key Derivation Function) 是如何工作的?
HKDF (HMAC-based Key Derivation Function), defined by Krawczyk in RFC 5869 (2010), is the default modern KDF for symmetric key derivation from already-high-entropy inputs such as Diffie-Hellman shared secrets, master keys, or pre-shared keys. It is built in two phases. Extract takes input keying material (IKM) and an optional salt and applies HMAC to produce a fixed-length pseudorandom key (PRK). Expand then applies HMAC iteratively, with a counter and an info-context parameter, to derive output keying material of arbitrary length. The info parameter is used to bind derived keys to a context, which makes it safe to derive many independent keys from one PRK without collision. HKDF is the KDF chosen for TLS 1.3, Signal, Noise, WireGuard, JWE, the IETF QUIC handshake, and most modern cryptographic protocols. It is not appropriate for low-entropy inputs such as passwords — use Argon2id, scrypt, or bcrypt for those — and it is not itself a MAC; the underlying HMAC is.
如何防御 HKDF (HMAC-based Key Derivation Function)?
针对 HKDF (HMAC-based Key Derivation Function) 的防御通常结合技术控制与运营实践,详见上方完整定义。
HKDF (HMAC-based Key Derivation Function) 还有哪些其他名称?
常见的别称包括: RFC 5869, HMAC KDF。
● 相关术语
- cryptography№ 656
密钥派生函数(KDF)
从口令、共享密钥或主密钥等秘密素材派生出一个或多个强加密密钥的密码学函数。
- cryptography№ 533
HMAC
基于密码学哈希函数的带密钥消息认证码结构,由 RFC 2104 与 FIPS 198-1 定义。
- cryptography№ 900
PBKDF2
由 PKCS #5 / RFC 8018 定义的基于口令的密钥派生函数,使用可配置迭代次数和盐反复调用一个伪随机函数。
- cryptography№ 068
Argon2
现代的内存密集型口令哈希与密钥派生函数,在 2015 年口令哈希竞赛中胜出,并由 RFC 9106 标准化。
- network-security№ 1279
TLS(传输层安全)
由 IETF 标准化的加密协议,为两个联网应用之间的通信提供机密性、完整性与认证。
- cryptography№ 352
Diffie–Hellman 密钥交换
一种公钥协议,使两方能够在不安全信道上推导出共享密钥而不实际传输该密钥,其安全性基于离散对数问题的困难性。