admin管理员组

文章数量:1123203

While working on implementing encryption/decryption between a Python backend server and a NodeJS frontend, my decryption attempts on the frontend were failing. I noticed that HKDF result generated by cryptography library in Python and by crypto in NodeJS don't output the same results.

Here's the code I used to test this:

Python code (with output):

import base64
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.hkdf import HKDF

input = b'helloworld'

hkdf = HKDF(
    algorithm=hashes.SHA256(),
    length=48,  # 32 bytes for key + 16 bytes for IV
    salt=b'\x00' * 32,  # Explicit salt
    info=b'',
)
output = hkdf.derive(input)

print(base64.b16encode(output))
# Output: b'E76D8FF8CE3E6FBFA6EBDD3BCE19766940316D2973503BB7B174C3F667EDE0AA65C9A74686D38E5B3FF8411A6E8354A8'

NodeJS code (with output):

import crypto from 'crypto';

const input = Buffer.from("helloworld");
const salt = Buffer.alloc(32, 0); // Explicit salt

const output = crypto.hkdfSync('sha256', salt, input, Buffer.alloc(0), 48);

console.log(Buffer.from(output).toString("hex"));
// Output: 10523f4571d67851f2e3549a6071cef99db6cc88619a30e7d0419b38054ef63873409a0dbf4e5f4e66b693af44c3e393

Why? What am I missing?

While working on implementing encryption/decryption between a Python backend server and a NodeJS frontend, my decryption attempts on the frontend were failing. I noticed that HKDF result generated by cryptography library in Python and by crypto in NodeJS don't output the same results.

Here's the code I used to test this:

Python code (with output):

import base64
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.hkdf import HKDF

input = b'helloworld'

hkdf = HKDF(
    algorithm=hashes.SHA256(),
    length=48,  # 32 bytes for key + 16 bytes for IV
    salt=b'\x00' * 32,  # Explicit salt
    info=b'',
)
output = hkdf.derive(input)

print(base64.b16encode(output))
# Output: b'E76D8FF8CE3E6FBFA6EBDD3BCE19766940316D2973503BB7B174C3F667EDE0AA65C9A74686D38E5B3FF8411A6E8354A8'

NodeJS code (with output):

import crypto from 'crypto';

const input = Buffer.from("helloworld");
const salt = Buffer.alloc(32, 0); // Explicit salt

const output = crypto.hkdfSync('sha256', salt, input, Buffer.alloc(0), 48);

console.log(Buffer.from(output).toString("hex"));
// Output: 10523f4571d67851f2e3549a6071cef99db6cc88619a30e7d0419b38054ef63873409a0dbf4e5f4e66b693af44c3e393

Why? What am I missing?

  • python
  • node.js
  • cryptography
  • hkdf
Share Improve this question asked Dec 3, 2024 at 11:24 ZeroByterZeroByter 3742 gold badges9 silver badges22 bronze badges 1
  • 2 In the NodeJS code, the arguments ikm and salt are swapped in the hkdfSync() call. – Topaco Commented Dec 3, 2024 at 11:52
Add a comment  | 

1 Answer 1

Reset to default 0

Turns out I accidentally swapped the ikm and salt arguments in the NodeJS code, here is the corrected code:

import crypto from 'crypto';

const input = Buffer.from("helloworld");
const salt = Buffer.alloc(32, 0); // Explicit salt

const output = crypto.hkdfSync('sha256', input, salt, Buffer.alloc(0), 48); // Correct use of `input` as IKM

console.log(Buffer.from(output).toString("hex"));

本文标签: nodejsHKDF function in Python and NodeJS give different resultswhyStack Overflow

版权声明:本文标题:node.js - HKDF function in Python and NodeJS give different results, why? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736191385a1909676.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。