Generate HKDF keys using HMAC-based extract-and-expand for modern protocols like TLS 1.3 and Signal.
About
HKDF (HMAC-based Extract-and-Expand Key Derivation Function) derives keys from input keying material using HMAC in two stages: extract and expand, providing a standardized way to derive cryptographic keys widely adopted in modern security protocols.
Specifications
Output SizeVariable
StandardRFC 5869
Standard Year2010
Use Cases
—TLS 1.3 key schedule
—Signal Protocol key derivation
—IPsec key generation
—Extracting entropy from DH shared secrets
—Deriving multiple keys from single secret
Frequently Asked Questions
The extract stage condenses input keying material (IKM) into a pseudorandom key (PRK) using a salt. The expand stage generates output keying material (OKM) of desired length from the PRK using context info. Extraction ensures uniform randomness; expansion allows deriving multiple keys.
Use HKDF when deriving cryptographic keys from shared secrets (like DH outputs), when you need multiple keys from one secret, or when following standards like TLS 1.3. Simple hashing is insufficient as it doesn't provide domain separation or handle non-uniform input.
No. HKDF is designed for key derivation from high-entropy secrets, not password hashing. For passwords, use Argon2id, bcrypt, or PBKDF2 which are intentionally slow to resist brute force. HKDF is too fast for password protection.