CoderTools

HKDF Key Derivation

RFC 5869 HMAC-based Extract-and-Expand Key Derivation

🔒 100% Local ProcessingYour input data is processed entirely in your browser. It is not uploaded to any server.
Output Format

HKDF Documentation

HKDF (HMAC-based Extract-and-Expand Key Derivation Function) is defined in RFC 5869. It provides a robust method for deriving cryptographic keys from input key material using a two-stage process: Extract and Expand.

HKDF is widely adopted in modern security protocols including TLS 1.3, Signal Protocol, Noise Protocol Framework, and SSH. Its clean separation of extraction and expansion phases makes it particularly suitable for key hierarchy derivation.

Extract Phase: HKDF-Extract(salt, IKM) → PRK

The Extract phase concentrates potentially dispersed entropy from the Input Key Material (IKM) into a fixed-length Pseudorandom Key (PRK):

  • Takes salt (optional, defaults to HashLen zeros) and IKM as inputs
  • Computes PRK = HMAC-Hash(salt, IKM)
  • PRK length equals the hash output length (32 bytes for SHA-256)
  • Salt acts as a key for HMAC, strengthening the extraction

Expand Phase: HKDF-Expand(PRK, info, L) → OKM

The Expand phase stretches the PRK into Output Key Material (OKM) of the desired length:

  • Takes PRK, info (context/label), and desired output length L
  • Iteratively computes T(i) = HMAC-Hash(PRK, T(i-1) | info | counter)
  • Concatenates results: OKM = T(1) | T(2) | ... | T(N)
  • Maximum output length is 255 × HashLen bytes

Common Use Cases

  • TLS 1.3 key schedule: deriving traffic secrets, handshake keys, and application keys
  • Signal Protocol: deriving chain keys and message keys from shared secrets
  • SSH key exchange: deriving encryption and integrity keys post-ECDH
  • Key hierarchy: deriving multiple purpose-specific keys from a master secret

HKDF vs PBKDF2

Feature HKDF PBKDF2
Standard RFC 5869 RFC 8018
Input Type Shared secrets, DH outputs User passwords
Iterations Single pass Many (10K-1M)
Speed Fast Intentionally slow
Info Parameter Yes (context binding) No
Primary Use Case High-entropy input Low-entropy passwords

Security Considerations

  • HKDF assumes the IKM already contains sufficient entropy; do not use with weak passwords
  • The info parameter should uniquely identify the key's intended use (context separation)
  • Salt is optional but recommended for extracting multiple keys from the same IKM
  • PRK should never be used directly; always use the Expand phase to derive final keys

Technical References

Related Tools

PBKDF2 Key Derivation

Derive secure encryption keys from passwords using PBKDF2 with SHA-256/384/512, OWASP compliant iterations

HMAC Generator

Generate HMAC authentication codes with MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3, and RIPEMD-160 algorithms

AES Encryption/Decryption

Securely encrypt and decrypt text using AES algorithm

SHA Hash Generator

Online SHA hash generator supporting SHA-1, SHA-256, SHA-384, SHA-512 algorithms

Quick Menu

No recent tools