• 首页
  • vue
  • TypeScript
  • JavaScript
  • scss
  • css3
  • html5
  • php
  • MySQL
  • redis
  • jQuery
  • hash_hkdf()

    (PHP 7 >= 7.1.2)

    Generate a HKDF key derivation of a supplied key input

    说明

    hash_hkdf(string $algo,string $ikm[,int $length= 0[,string $info=''[,string $salt='']]]): string

    参数

    $algo

    Name of selected hashing algorithm (i.e."sha256","sha512","haval160,4", etc..)Seehash_algos()for a list of supported algorithms.

    Note:

    Non-cryptographic hash functions are not allowed.

    $ikm

    Input keying material (raw binary). Cannot be empty.

    $length

    Desired output length in bytes. Cannot be greater than 255 times the chosen hash function size.

    If$lengthis0, the output length will default to the chosen hash function size.

    $info

    Application/context-specific info string.

    $salt

    Salt to use during derivation.

    While optional, adding random salt significantly improves the strength of HKDF.

    返回值

    Returns a string containing a raw binary representation of the derived key (also known as output keying material - OKM);orFALSEon failure.

    错误/异常

    AnE_WARNINGwill be raised if$ikmis empty,$algois unknown/non-cryptographic,$lengthis less than0or too large (greater than 255 times the size of the hash function).

    范例

    Example #1hash_hkdf()example

    <?php
    // Generate a random key, and salt to strengthen it during derivation.
    $inputKey = random_bytes(32);
    $salt = random_bytes(16);
    // Derive a pair of separate keys, using the same input created above.
    $encryptionKey = hash_hkdf('sha256', $inputKey, 32, 'aes-256-encryption', $salt);
    $authenticationKey = hash_hkdf('sha256', $inputKey, 32, 'sha-256-authentication', $salt);
    var_dump($encryptionKey !== $authenticationKey); // bool(true)
    ?>
    

    The above example produces a pair of separate keys, suitable for creation of an encrypt-then-HMAC construct, using AES-256 and SHA-256 for encryption and authentication respectively.

    参见

    • hash_pbkdf2() 生成所提供密码的 PBKDF2 密钥导出
    • » RFC 5869
    • » userland implementation

    上篇:hash_final()

    下篇:hash_hmac_algos()