setup
- Description:
- Multi-factor derived key setup
- Source:
Namespaces
- factors
Methods
(static) kdf(optionsopt) → {object}
- Description:
- Validate and setup a KDF configuration for a multi-factor derived key
- Source:
- Since:
- Author:
-
Example
// setup kdf configuration
const config = await mfkdf.setup.kdf({
kdf: 'pbkdf2',
pbkdf2rounds: 100000,
pbkdf2digest: 'sha256'
}); // -> { type: 'pbkdf2', params: { rounds: 100000, digest: 'sha256' } }
// derive key
const key = await mfkdf.kdf('password', 'salt', 8, config);
key.toString('hex') // -> 0394a2ede332c9a1
Parameters:
| Name |
Type |
Attributes |
Description |
options |
Object
|
<optional>
|
KDF configuration options
Properties
| Name |
Type |
Attributes |
Default |
Description |
kdf |
string
|
<optional>
|
'argon2id'
|
KDF algorithm to use; hkdf, pbkdf2, bcrypt, scrypt, argon2i, argon2d, or argon2id |
hkdfdigest |
string
|
<optional>
|
'sha256'
|
Hash function to use if using hkdf; sha1, sha256, sha384, or sha512 |
pbkdf2rounds |
number
|
<optional>
|
310000
|
Number of rounds to use if using pbkdf2 |
pbkdf2digest |
string
|
<optional>
|
'sha256'
|
Hash function to use if using pbkdf2; sha1, sha256, sha384, or sha512 |
bcryptrounds |
number
|
<optional>
|
10
|
Number of rounds to use if using bcrypt |
scryptcost |
number
|
<optional>
|
16384
|
Iterations count (N) to use if using scrypt |
scryptblocksize |
number
|
<optional>
|
8
|
Block size (r) to use if using scrypt |
scryptparallelism |
number
|
<optional>
|
1
|
Parallelism factor (p) to use if using scrypt |
argon2time |
number
|
<optional>
|
2
|
Iterations to use if using argon2 |
argon2mem |
number
|
<optional>
|
24576
|
Memory to use if using argon2 |
argon2parallelism |
number
|
<optional>
|
1
|
Parallelism to use if using argon2 |
|
Returns:
A KDF configuration as a JSON object
-
Type
-
object
(async, static) key(factors, optionsopt) → {MFKDFDerivedKey}
- Description:
- Validate and setup a configuration for a multi-factor derived key
- Source:
- Since:
- Author:
-
Example
// setup 16 byte 2-of-3-factor multi-factor derived key with a password, HOTP code, and UUID recovery code
const setup = await mfkdf.setup.key([
await mfkdf.setup.factors.password('password'),
await mfkdf.setup.factors.hotp({ secret: Buffer.from('hello world') }),
await mfkdf.setup.factors.uuid({ id: 'recovery', uuid: '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d' })
], {threshold: 2, size: 16})
// derive key using 2 of the 3 factors
const derive = await mfkdf.derive.key(setup.policy, {
password: mfkdf.derive.factors.password('password'),
hotp: mfkdf.derive.factors.hotp(365287)
})
setup.key.toString('hex') // -> 34d20ced439ec2f871c96ca377f25771
derive.key.toString('hex') // -> 34d20ced439ec2f871c96ca377f25771
Parameters:
| Name |
Type |
Attributes |
Description |
factors |
Array.<MFKDFFactor>
|
|
Array of factors used to derive this key |
options |
Object
|
<optional>
|
Configuration options
Properties
| Name |
Type |
Attributes |
Default |
Description |
id |
string
|
<optional>
|
|
Unique identifier for this key; random UUIDv4 generated by default |
size |
number
|
<optional>
|
32
|
Size of derived key, in bytes |
threshold |
number
|
<optional>
|
|
Number of factors required to derive key; factors.length by default (all required) |
salt |
Buffer
|
<optional>
|
|
Cryptographic salt; generated via secure PRG by default (recommended) |
kdf |
string
|
<optional>
|
'argon2id'
|
KDF algorithm to use; hkdf, pbkdf2, bcrypt, scrypt, argon2i, argon2d, or argon2id |
hkdfdigest |
string
|
<optional>
|
'sha256'
|
Hash function to use if using hkdf; one of sha1, sha256, sha384, or sha512 |
pbkdf2rounds |
number
|
<optional>
|
310000
|
Number of rounds to use if using pbkdf2 |
pbkdf2digest |
string
|
<optional>
|
'sha256'
|
Hash function to use if using pbkdf2; one of sha1, sha256, sha384, or sha512 |
bcryptrounds |
number
|
<optional>
|
10
|
Number of rounds to use if using bcrypt |
scryptcost |
number
|
<optional>
|
16384
|
Iterations count (N) to use if using scrypt |
scryptblocksize |
number
|
<optional>
|
8
|
Block size (r) to use if using scrypt |
scryptparallelism |
number
|
<optional>
|
1
|
Parallelism factor (p) to use if using scrypt |
argon2time |
number
|
<optional>
|
2
|
Iterations to use if using argon2 |
argon2mem |
number
|
<optional>
|
24576
|
Memory to use if using argon2 |
argon2parallelism |
number
|
<optional>
|
1
|
Parallelism to use if using argon2 |
|
Returns:
A multi-factor derived key object
-
Type
-
MFKDFDerivedKey