Skip to main content
pbkdf2Sync - crypto - Node documentation
function pbkdf2Sync

Usage in Deno

import { pbkdf2Sync } from "node:crypto";
pbkdf2Sync(
password: BinaryLike,
salt: BinaryLike,
iterations: number,
keylen: number,
digest: string,
): Buffer

Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by digest is applied to derive a key of the requested byte length (keylen) from the password, salt and iterations.

If an error occurs an Error will be thrown, otherwise the derived key will be returned as a Buffer.

The iterations argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete.

The salt should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See NIST SP 800-132 for details.

When passing strings for password or salt, please consider caveats when using strings as inputs to cryptographic APIs.

const {
  pbkdf2Sync,
} = await import('node:crypto');

const key = pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
console.log(key.toString('hex'));  // '3745e48...08d59ae'

An array of supported digest functions can be retrieved using getHashes.

Parameters

password: BinaryLike
iterations: number
keylen: number
digest: string

Return Type

Buffer