crypto.createHKDF() #8418
Comments
|
See #8417 (comment). HKDF can be derived from existing crypto methods though. |
bnoordhuis
added
crypto
|
Thanks, yes. If there is support for adding HKDF to the The reason for adding it would be that it's a basic crypto primitive, and Node could support it out of the box. |
|
If it can be constructed from existing methods it's logically a convenience function, not a primitive. It's not a hard rule but we err on the side of leaving those out. |
|
HKDF is a cryptographic primitive in the sense that you would not want to decompose it further, write it or invent it yourself (or encourage others to do that). It's a basic standardized crypto building block "primitive", just like HMAC or PBKDF2 are considered cryptographic primitives even though they are themselves implemented using other cryptographic primitives. I think it's fair to say that it's common for people to speak of HMAC and HKDF as cryptographic primitives. Sure, it's convenient to have HKDF, but it does not follow that HKDF is a convenience function, it's an essential. It's hard to do much crypto without needing HKDF at some point. There's a reason why HKDF was standardized and studied when people could have invented their own HMAC-based key derivation scheme. There is a maintenance cost, but I still think the |
|
/cc @nodejs/crypto in case you missed it. |
|
I agree with @bnoordhuis , if it can be constructed using existing APIs - there is no need in exposing it. |
|
Thanks @indutny |
@indutny would there be any support for adding
createHKDF()to thecryptomodule?This is useful when doing common crypto work and I have an implementation with test vectors that I can provide.
The text was updated successfully, but these errors were encountered: