HMAC-based Extract-and-Expand Key Derivation Function (HKDF)

HKDF is a type of KDF that uses a hash function and key in order to produce a cryptographically-secure key or set of keys.

HKDF defines two functions:

HKDF-Extract(salt, IKM) -> PRK
HKDF-Expand(PRK, info, L) -> OKM

The first function takes an optional salt and "input keying material" (IKM) and produces as output a Pseudorandom Key (PRK) that matches the length of the hash algorithm's output. For example, SHA-256 can produce a 256-bit output and HKDF would produce a 256-bit PRK with that hash function.

The second function takes the previously-created PRK and some "info" value and a desired output key length (L) to produce the "output keying material" (OKM). The "info" value provided can be a trivial string like "encryption-key" or "hash-key." The value of the "info" parameter need not be secure. It merely severs to ensure that an output key will be unique (and repeatably computed) given the same "info" value. If an application needs three cryptographically-secure keys, for example, it would be acceptable to label them simply as "key-1", "key-2,", and "key-3".

Resources: RFC 5869, NIST Special Publication 800-56C

See Also: Key Derivation Function (KDF)