Skip to main content

7. HKDF- and SHA-Based HMACs

Below are brief descriptions and pointers to more complete descriptions and code for (1) SHA-based HMACs and (2) an HMAC-based extract-and-expand key derivation function. Both HKDF and HMAC were devised by Hugo Krawczyk.

7.1. SHA-Based HMACs

HMAC is a method for computing a keyed MAC (Message Authentication Code) using a hash function as described in [RFC2104]. It uses a key to mix in with the input text to produce the final hash.

Sample code is also provided, in Section 8.3 below, to perform HMAC based on any of the SHA algorithms described herein. The sample code found in [RFC2104] was written in terms of a specified text size. Since SHA is defined in terms of an arbitrary number of bits, the sample HMAC code has been written to allow the text input to HMAC to have an arbitrary number of octets and bits. A fixed-length interface is also provided.

7.2. HKDF

HKDF is a specific Key Derivation Function (KDF), that is, a function of initial keying material from which the KDF derives one or more cryptographically strong secret keys. HKDF, which is described in [RFC5869], is based on HMAC.

Sample code for HKDF is provided in Section 8.4 below.

Last updated on