setup

setup

Source:
Multi-factor derived key setup

Namespaces

factors

Methods

(static) kdf(optionsopt) → {object}

Source:
Since:
  • 0.7.0
Author:
Validate and setup a KDF configuration for a multi-factor derived key
Example
// setup kdf configuration
const config = await mfkdf.setup.kdf({
  kdf: 'pbkdf2',
  pbkdf2rounds: 100000,
  pbkdf2digest: 'sha256'
}); // -> { type: 'pbkdf2', params: { rounds: 100000, digest: 'sha256' } }

// derive key
const key = await mfkdf.kdf('password', 'salt', 8, config);
key.toString('hex') // -> 0394a2ede332c9a1
Parameters:
Name Type Attributes Description
options Object <optional>
KDF configuration options
Properties
Name Type Attributes Default Description
kdf string <optional>
'argon2id' KDF algorithm to use; pbkdf2, bcrypt, scrypt, argon2i, argon2d, or argon2id
pbkdf2rounds number <optional>
310000 Number of rounds to use if using pbkdf2
pbkdf2digest string <optional>
'sha256' Hash function to use if using pbkdf2; sha1, sha256, sha384, or sha512
bcryptrounds number <optional>
10 Number of rounds to use if using bcrypt
scryptcost number <optional>
16384 Iterations count (N) to use if using scrypt
scryptblocksize number <optional>
8 Block size (r) to use if using scrypt
scryptparallelism number <optional>
1 Parallelism factor (p) to use if using scrypt
argon2time number <optional>
2 Iterations to use if using argon2
argon2mem number <optional>
24576 Memory to use if using argon2
argon2parallelism number <optional>
1 Parallelism to use if using argon2
Returns:
A KDF configuration as a JSON object
Type
object

(async, static) key(factors, optionsopt) → {MFKDFDerivedKey}

Source:
Since:
  • 0.8.0
Author:
Validate and setup a configuration for a multi-factor derived key
Example
// setup 16 byte 2-of-3-factor multi-factor derived key with a password, HOTP code, and UUID recovery code
const setup = await mfkdf.setup.key([
  await mfkdf.setup.factors.password('password'),
  await mfkdf.setup.factors.hotp({ secret: Buffer.from('hello world') }),
  await mfkdf.setup.factors.uuid({ id: 'recovery', uuid: '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d' })
], {threshold: 2, size: 16})

// derive key using 2 of the 3 factors
const derive = await mfkdf.derive.key(setup.policy, {
  password: mfkdf.derive.factors.password('password'),
  hotp: mfkdf.derive.factors.hotp(365287)
})

setup.key.toString('hex') // -> 34d20ced439ec2f871c96ca377f25771
derive.key.toString('hex') // -> 34d20ced439ec2f871c96ca377f25771
Parameters:
Name Type Attributes Description
factors Array.<MFKDFFactor> Array of factors used to derive this key
options Object <optional>
Configuration options
Properties
Name Type Attributes Default Description
id string <optional>
Unique identifier for this key; random UUIDv4 generated by default
size number <optional>
32 Size of derived key, in bytes
threshold number <optional>
Number of factors required to derive key; factors.length by default (all required)
salt Buffer <optional>
Cryptographic salt; generated via secure PRG by default (recommended)
kdf string <optional>
'argon2id' KDF algorithm to use; pbkdf2, bcrypt, scrypt, argon2i, argon2d, or argon2id
pbkdf2rounds number <optional>
310000 Number of rounds to use if using pbkdf2
pbkdf2digest string <optional>
'sha256' Hash function to use if using pbkdf2; one of sha1, sha256, sha384, or sha512
bcryptrounds number <optional>
10 Number of rounds to use if using bcrypt
scryptcost number <optional>
16384 Iterations count (N) to use if using scrypt
scryptblocksize number <optional>
8 Block size (r) to use if using scrypt
scryptparallelism number <optional>
1 Parallelism factor (p) to use if using scrypt
argon2time number <optional>
2 Iterations to use if using argon2
argon2mem number <optional>
24576 Memory to use if using argon2
argon2parallelism number <optional>
1 Parallelism to use if using argon2
Returns:
A multi-factor derived key object
Type
MFKDFDerivedKey