See: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey#pbkdf2
For example:
const cryptoConfig = {
kdf: "PBKDF2",
cipherparams: {
name: "AES-GCM",
length: 256,
},
kdfparams: {
salt: crypto.getRandomValues(new Uint8Array(16)).toString(),
iterations: 100000,
hash: "SHA-256",
},
};
const passwordKey = await crypto.subtle.importKey(
"raw",
new TextEncoder().encode(password),
{ name: cryptoConfig.kdf },
false,
["deriveKey"],
);
const derivedKey = await crypto.subtle.deriveKey(
{
name: cryptoConfig.kdf,
salt: new TextEncoder().encode(cryptoConfig.kdfparams.salt),
iterations: cryptoConfig.kdfparams.iterations,
hash: cryptoConfig.kdfparams.hash,
},
passwordKey,
{
name: cryptoConfig.cipherparams.name,
length: cryptoConfig.cipherparams.length,
},
true,
["encrypt"],
);
See: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey#pbkdf2
For example: