webcrypto-examples icon indicating copy to clipboard operation
webcrypto-examples copied to clipboard

Published 20 hours ago verified publisher icon diafygi

Derive key with PBKDF2 for HMAC?

Open claq2 opened this issue 9 years ago • 2 comments

Do browsers really support generating HMAC keys with PBKDF2? Both Chrome and Firefox seem to complain when I pass {name:"HMAC"} to deriveKey in the 3rd parameter. I can't seem to find a definitive answer anywhere.

claq2 avatar Jan 30 '16 17:01 claq2

Same here. The error I get on Chrome is

HmacImportParams: hash: Missing or not an AlgorithmIdentifier

On Safari:

NotSupportedError (DOM Exception 9): The operation is not supported.

On Firefox the promise hangs.

JustinDrake avatar Feb 17 '17 15:02 JustinDrake

This works for me*, does it help? (or have i misunderstood the issue)

    const pwdKey = await window.crypto.subtle.importKey(
      'raw',
      encoder.encode(password),
      { name: 'PBKDF2' },
      false,
      ['deriveKey']
    );
    const newAuthKey = await window.crypto.subtle.deriveKey(
      {
        name: 'PBKDF2',
        salt: encoder.encode(file.url),
        iterations: 100,
        hash: 'SHA-256'
      },
      pwdKey,
      {
        name: 'HMAC',
        hash: 'SHA-256'
      },
      true,
      ['sign']
    );

context: https://github.com/mozilla/send/blob/9410defab6156d29bb705f73aefbd09ec588678e/app/fileSender.js#L239-L260

*Firefox ESR 52.4.0 and Firefox Developer Edition 57.0b10

ehuggett avatar Oct 21 '17 13:10 ehuggett