HKDF Generator - HMAC-Based Key Derivation
Generate HKDF keys using HMAC-based extract-and-expand for modern protocols like TLS 1.3 and Signal.
What Is HKDF?
HKDF (HMAC-based Extract-and-Expand Key Derivation Function) derives keys from input keying material using HMAC in two stages: extract and expand, providing a standardized way to derive cryptographic keys widely adopted in modern security protocols.
Specifications
Use Cases
- TLS 1.3 key schedule
- Signal Protocol key derivation
- IPsec key generation
- Extracting entropy from DH shared secrets
- Deriving multiple keys from single secret
Security Notice
HKDF is a key derivation tool. Use unique salts where applicable, tune cost parameters for your environment, and avoid entering production secrets in a browser tool.
Related Tools
Utilities
Implementation Notes
Practical usage details for this browser-based HKDF tool.
How to Generate a HKDF derived value
- Choose UTF-8, Hex, Base64 input mode.
- Enter the text or encoded bytes you want to process.
- Adjust the HKDF options if your use case requires non-default settings.
- Click Generate HKDF Derived Value and copy the result.
Example Input
Sample input:
abc
Use this sample input, then copy the generated derived value from the result panel.
When Not to Use HKDF
- Do not use a plain hash or derivation output directly as password storage without the right password-hashing construction and parameters.
- Do not use it for password hashing when Argon2id, scrypt, or bcrypt is the better fit.
Recommended Alternatives
Review related tools when you need a different output size, security margin, or keyed construction.