Run the full RFC 5869 HKDF pipeline — Extract(salt, IKM) → PRK followed by Expand(PRK, info, L) → OKM — entirely in your browser via the Web Crypto API. Useful for deriving per-purpose subkeys from a master secret in TLS 1.3, Signal, Noise, JOSE A256GCM, and Double Ratchet style protocols.
Load any official appendix-A vector and compare the derived OKM against the expected output.
| Vector | Hash | IKM len | L |
|---|
HKDF is built for stretching already-high-entropy material — Diffie-Hellman shared secrets, raw KEM outputs, master keys — into multiple independent subkeys. It is not a password hash; if your IKM is a user password, use Argon2id, scrypt, bcrypt, or PBKDF2 instead. Pick a distinct info string per derived key purpose so swapping contexts can never produce the same output. Salt should be non-secret but ideally random; an empty salt falls back to a zero string of HashLen length and is acceptable when the IKM is already cryptographically strong.