如何为PBKDF2使用Web加密API SubtleCrypto.deriveKey()设置长度
[英]How to set the out-length with the Web Crypto API SubtleCrypto.deriveKey() for PBKDF2
问题描述
According to the doc a simple example to derive a password with PBKDF2 is 
根据文档,使用PBKDF2导出密码的简单示例是
return window.crypto.subtle.importKey(
'raw',
encoder.encode(password),
{name: 'PBKDF2'},
false,
['deriveBits', 'deriveKey']
).then(function(key) {
return window.crypto.subtle.deriveKey(
{ "name": 'PBKDF2',
"salt": encoder.encode(salt),
"iterations": iterations,
"hash": 'SHA-256'
},
key,
{ "name": 'AES-CTR', "length": 128 }, //api requires this to be set
true, //extractable
[ "encrypt", "decrypt" ] //allowed functions
)
}).then(function (webKey) {
return crypto.subtle.exportKey("raw", webKey);
})
As one can see the API lets you choose: 可以看到,API使您可以选择:
- key derivation function (and it's underlying hash) 密钥派生函数(及其基础哈希)
- salt 盐
- iterations 迭代
- raw key material (ie. password) 原始密钥材料(即密码)
However as far as I can see there is no options for choosing the out-length. 但是据我所知,没有选择长度的选项。 It seems that the cipher suite parameter { "name": 'AES-CTR', "length": 128 } influences the out length, but you can only choose 16 and 32 byte. 似乎密码套件参数{ "name": 'AES-CTR', "length": 128 }影响输出长度,但是您只能选择16和32字节。
For example with 10,000 rounds, salt: 'salt', password: 'key material' with 128 it will result in the following 16 bytes: 例如,如果进行10,000次回合,则盐:“ salt”,密码:“ key material”和128,将导致以下16个字节:
26629f0e2b7b14ed4b84daa8071c648c
whereas with { "name": 'AES-CTR', "length": 256 } you will get 而使用{ "name": 'AES-CTR', "length": 256 }您将获得
26629f0e2b7b14ed4b84daa8071c648c648d2cce067f93e2c5bde0c620030521
How do I set the out length apart from 16 or 32 byte? 如何设置输出长度与16或32字节分开? Do I have to truncate it myself? 我必须自己截断吗?
1 个解决方案
解决方案1
1 已采纳 2018-06-18 06:11:56
deriveKey function with AES algorithm option returns you AES key. 具有AES算法选项的deriveKey函数将返回您的AES密钥。 Possible AES key length parameters are following (in bits ): 可能的AES密钥长度参数如下(以位为单位 ):
- 128 128
- 192 192
- 256 256
So, you are able to choose only from them when using AES cipher. 因此,使用AES密码时,您只能从中选择。 In my opinion, it's a bad idea to modify a key generated from deriveKey function. 在我看来,修改从generateKey函数生成的密钥是一个坏主意。 First of all, you will break an algorithm standard, and also in future you will have a problem with using truncated keys. 首先,您将打破算法标准,并且将来您将在使用截断键方面遇到问题。
But if you want just to use PBKDF2 and derive bits from a password, you can use deriveBits function. 但是,如果您只想使用PBKDF2并从密码派生位 ,则可以使用deriveBits函数。 Here is an example: 这是一个例子:
window.crypto.subtle.deriveBits(
{
name: "PBKDF2",
salt: window.crypto.getRandomValues(new Uint8Array(16)),
iterations: 50000,
hash: {name: "SHA-256"}, // can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
},
key, //your key from generateKey or importKey
512 //the number of bits you want to derive, values: 8, 16, 32, 64, 128, 512, 1024, 2048
)
.then(function(bits){
//returns the derived bits as an ArrayBuffer
console.log(new Uint8Array(bits));
})
.catch(function(err){
console.error(err);
});
More examples here - https://github.com/diafygi/webcrypto-examples#pbkdf2---derivekey . 此处有更多示例-https: //github.com/diafygi/webcrypto-examples#pbkdf2---derivekey 。
Also, I have tested possible values for derive bits, and they are powers of 2 (from 8 to 2048). 另外,我测试了派生位的可能值,它们是2的幂(从8到2048)。
I hope it will help you. 希望对您有帮助。 Remember, if you want just use AES cipher better use default values and deriveKey function. 请记住,如果只想使用AES密码,最好使用默认值和deriveKey函数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.