diff --git a/spec/Overview-WebCryptoAPI.xml b/spec/Overview-WebCryptoAPI.xml
index 71fe541..fc23119 100644
--- a/spec/Overview-WebCryptoAPI.xml
+++ b/spec/Overview-WebCryptoAPI.xml
@@ -3491,7 +3491,7 @@ dictionary <dfn id="dfn-CryptoKeyPair">CryptoKeyPair</dfn> {
               <td />
             </tr>
             <tr>
-              <td><a href="#hkdf-ctr">HKDF-CTR</a></td>
+              <td><a href="#hkdf">HKDF</a></td>
               <td />
               <td />
               <td />
@@ -14659,18 +14659,16 @@ dictionary <dfn id="dfn-HmacKeyGenParams">HmacKeyGenParams</dfn> : <a href="#dfn
         </div>
       </div>
       
-      <div id="hkdf-ctr" class="section">
-        <h3>HKDF-CTR</h3>
-        <div id="hkdf-ctr-description" class="section">
+      <div id="hkdf" class="section">
+        <h3>HKDF</h3>
+        <div id="hkdf-description" class="section">
           <h4>Description</h4>
           <p class="norm">This section is non-normative.</p>
           <p>
-            The <code>"HKDF-CTR"</code> algorithm identifier is used to
+            The <code>"HKDF"</code> algorithm identifier is used to
             perform key derivation using the extraction-then-expansion approach described in
-            [<a href="#SP800-56C">NIST SP800-56C</a>], using HMAC in counter mode, and
-            using the SHA hash functions defined in this specification
-            as described in Section 5.1 of
-            [<a href="#SP800-108">NIST SP800-108</a>].
+            [<a href="#RFC5869">RFC 5869</a>] and
+            using the SHA hash functions defined in this specification.
           </p>
           <p>
             <a href="#dfn-applicable-specification">Other specifications</a>
@@ -14678,11 +14676,11 @@ dictionary <dfn id="dfn-HmacKeyGenParams">HmacKeyGenParams</dfn> : <a href="#dfn
             Such specifications must define the digest operation for the additional hash algorithms.
           </p>
         </div>
-        <div id="hkdf-ctr-registration" class="section">
+        <div id="hkdf-registration" class="section">
           <h4>Registration</h4>
           <p>
             The <a href="#recognized-algorithm-name">recognized algorithm name</a>
-            for this algorithm is <code>"HKDF-CTR"</code>.
+            for this algorithm is <code>"HKDF"</code>.
           </p>
           <table>
             <thead>
@@ -14695,7 +14693,7 @@ dictionary <dfn id="dfn-HmacKeyGenParams">HmacKeyGenParams</dfn> : <a href="#dfn
             <tbody>
               <tr>
                 <td>deriveBits</td>
-                <td><a href="#dfn-HkdfCtrParams">HkdfCtrParams</a></td>
+                <td><a href="#dfn-HkdfParams">HkdfParams</a></td>
                 <td><a href="#dfn-ArrayBuffer">ArrayBuffer</a></td>
               </tr>
               <tr>
@@ -14706,25 +14704,25 @@ dictionary <dfn id="dfn-HmacKeyGenParams">HmacKeyGenParams</dfn> : <a href="#dfn
               <tr>
                 <td>Get key length</td>
                 <td>None</td>
-                <td>Integer or null</td>
+                <td>null</td>
               </tr>
             </tbody>
           </table>
         </div>
-        <div id="hkdf-ctr-params" class="section">
-          <h4>HkdfCtrParams dictionary</h4>
+        <div id="hkdf-params" class="section">
+          <h4>HkdfParams dictionary</h4>
           <x:codeblock language="idl">
-dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
+dictionary <dfn id="dfn-HkdfParams">HkdfParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
   <span class="comment">// The algorithm to use with HMAC (e.g.: <a href="#alg-sha-256">SHA-256</a>)</span>
-  required <a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-HkdfCtrParams-hash">hash</dfn>;
-  <span class="comment">// A bit string that corresponds to the label that identifies the purpose for the derived keying material.</span>
-  required BufferSource <dfn id="dfn-HkdfCtrParams-label">label</dfn>;
-  <span class="comment">// A bit string that corresponds to the context of the key derivation, as described in Section 5 of [<a href="#SP800-108">NIST SP800-108</a>]</span>
-  required BufferSource <dfn id="dfn-HkdfCtrParams-context">context</dfn>;
+  required <a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-HkdfParams-hash">hash</dfn>;
+  <span class="comment">// A bit string that corresponds to the salt used in the extract step.</span>
+  required BufferSource <dfn id="dfn-HkdfParams-salt">salt</dfn>;
+  <span class="comment">// A bit string that corresponds to the context and application specific context for the derived keying material.</span>
+  required BufferSource <dfn id="dfn-HkdfParams-info">info</dfn>;
 };
           </x:codeblock>
         </div>
-        <div id="hkdf2-ctr-operations" class="section">
+        <div id="hkdf2-operations" class="section">
           <h4>Operations</h4>
           <dl>
             <dt>Derive Bits</dt>
@@ -14745,50 +14743,42 @@ dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-Algor
                 </li>
                 <li>
                   <p>
-                    Let <var>prf</var> be the MAC Generation function described in Section 4 of
-                    [<a href="#fips-pub-198-1">FIPS PUB 198-1</a>] using the hash function
-                    described by the <a href="#dfn-HkdfCtrParams-hash">hash</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>keyDerivationKey</var> be the result of performing <var>prf</var>
-                    using <var>extractKey</var> as the key and the secret represented by [[<a
+                    Let <var>keyDerivationKey</var> be the secret represented by [[<a
                     href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
                     as the message.
                   </p>
                 </li>
                 <li>
                   <p>
-                    Let <var>result</var> be the result of performing the KDF in counter
-                    mode operation described in Section 5.1 of
-                    [<a href="#SP800-108">NIST SP800-108</a>] using:
+                    Let <var>result</var> be the result of performing the HKDF extract and then
+                    the HKDF expand step described in Section 2 of
+                    [<a href="#RFC5869">RFC 5869</a>] using:
                   </p>
                   <ul>
                     <li>
                       <p>
-                        <var>prf</var> as the Pseudo-Random Function, <var>PRF</var>,
+                        the <a href="#dfn-HkdfParams-hash">hash</a> member of
+                        <var>normalizedAlgorithm</var> as <var>Hash</var>,
                       </p>
                     </li>
                     <li>
                       <p>
-                        <var>keyDerivationKey</var> as the Key derivation key,
-                        <var>K<sub>I</sub></var>,
+                        <var>keyDerivationKey</var> as the input keying material,
+                        <var>IKM</var>,
                       </p>
                     </li>
                     <li>
                       <p>
                         <a href="#concept-contents-of-arraybuffer">the contents of</a> the <a
-                        href="#dfn-HkdfCtrParams-label">label</a> member of
-                        <var>normalizedAlgorithm</var> as <var>Label</var>,
+                        href="#dfn-HkdfParams-salt">salt</a> member of
+                        <var>normalizedAlgorithm</var> as <var>salt</var>,
                       </p>
                     </li>
                     <li>
                       <p>
                         <a href="#concept-contents-of-arraybuffer">the contents of</a> the <a
-                        href="#dfn-HkdfCtrParams-label">context</a> member of
-                        <var>normalizedAlgorithm</var> as <var>Context</var>,
+                        href="#dfn-HkdfParams-info">info</a> member of
+                        <var>normalizedAlgorithm</var> as <var>info</var>,
                       </p>
                     </li>
                     <li>
@@ -14796,17 +14786,6 @@ dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-Algor
                         <var>length</var> as the value of <var>L</var>,
                       </p>
                     </li>
-                    <li>
-                      <p>
-                        32 as the value of <var>r</var>, and
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        the 32-bit little-endian binary encoding of <var>length</var>
-                        as the encoded length value [<var>L</var>]<sub>2</sub>.
-                      </p>
-                    </li>
                   </ul>
                 </li>
                 <li>
@@ -14879,7 +14858,7 @@ dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-Algor
                         <li>
                           <p>
                             Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                            <var>algorithm</var> to <code>"HKDF-CTR"</code>.
+                            <var>algorithm</var> to <code>"HKDF"</code>.
                           </p>
                         </li>
                         <li>
@@ -15389,12 +15368,6 @@ window.crypto.subtle.generateKey(aesAlgorithmKeyGen, false, ["encrypt"]).then(
               <cite><a href="http://csrc.nist.gov/publications/nistpubs/800-56C/SP-800-56C.pdf">
               NIST Special Publication 800-56C: Recommendation for Key Derivation through
               Extraction-then-Expansion</a></cite>, November 2011, NIST.
-            </dd>
-            <dt id="SP800-108">NIST SP 800-108</dt>
-            <dd>
-              <cite><a href="http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf">
-              NIST Special Publication 800-108: Recommendation for Key Derivation Using
-              Pseudorandom Functions (Revised)</a></cite>, October 2009, NIST.
             </dd>
              <dt id="RFC2119">RFC 2119</dt>
              <dd>
@@ -15446,7 +15419,13 @@ window.crypto.subtle.generateKey(aesAlgorithmKeyGen, false, ["encrypt"]).then(
               <cite><a href="http://www.ietf.org/rfc/rfc5480.txt">Elliptic Curve Cryptography Subject
               Public Key Information</a></cite>,
               S. Turner, D. Brown, K. Yiu, R. Housley, T. Polk. IETF.
-             </dd> 
+             </dd>
+             <dt id="RFC5869">RFC 5869</dt>
+             <dd>
+               <cite><a href="https://www.ietf.org/rfc/rfc5869.txt">HMAC-based Extract-and-Expand Key
+               Derivation Function (HKDF)"</a></cite>,
+               H. Krawczyk, P. Eronen. IETF.
+             </dd>
              <dt id="RFC5915">RFC 5915</dt>
              <dd>
               <cite><a href="http://www.ietf.org/rfc/rfc5915.txt">Elliptic Curve Private Key Structure
diff --git a/spec/Overview.html b/spec/Overview.html
index 6516099..afc729a 100644
--- a/spec/Overview.html
+++ b/spec/Overview.html
@@ -138,7 +138,7 @@ <h2>Status of this Document</h2>
 
     <nav id="toc">
       <h2 class="introductory">Table of Contents</h2>
-      <ul class="toc"><li class="tocline"><a class="tocxref" href="#introduction"><span class="secno">1. </span>Introduction</a></li><li class="tocline"><a class="tocxref" href="#use-cases"><span class="secno">2. </span>Use Cases</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#multifactor-authentication"><span class="secno">2.1. </span>Multi-factor Authentication</a></li><li class="tocline"><a class="tocxref" href="#protected-document"><span class="secno">2.2. </span>Protected Document Exchange</a></li><li class="tocline"><a class="tocxref" href="#cloud-storage"><span class="secno">2.3. </span>Cloud Storage</a></li><li class="tocline"><a class="tocxref" href="#document-signing"><span class="secno">2.4. </span>Document Signing</a></li><li class="tocline"><a class="tocxref" href="#data-integrity-protection"><span class="secno">2.5. </span>Data Integrity Protection</a></li><li class="tocline"><a class="tocxref" href="#secure-messaging"><span class="secno">2.6. </span>Secure Messaging</a></li><li class="tocline"><a class="tocxref" href="#jose"><span class="secno">2.7. </span>JavaScript Object Signing and Encryption (JOSE)</a></li></ul></li><li class="tocline"><a class="tocxref" href="#conformance"><span class="secno">3. </span>Conformance</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#extensibility"><span class="secno">3.1. </span>Extensibility</a></li></ul></li><li class="tocline"><a class="tocxref" href="#scope"><span class="secno">4. </span>Scope</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#scope-abstraction"><span class="secno">4.1. </span>Level of abstraction</a></li><li class="tocline"><a class="tocxref" href="#scope-algorithms"><span class="secno">4.2. </span>Cryptographic algorithms</a></li><li class="tocline"><a class="tocxref" href="#scope-out-of-scope"><span class="secno">4.3. </span>Out of scope</a></li></ul></li><li class="tocline"><a class="tocxref" href="#concepts"><span class="secno">5. </span>Concepts</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#concepts-underlying-implementation"><span class="secno">5.1. </span>Underlying Cryptographic Implementation</a></li><li class="tocline"><a class="tocxref" href="#concepts-key-storage"><span class="secno">5.2. </span>Key Storage</a></li></ul></li><li class="tocline"><a class="tocxref" href="#security-considerations"><span class="secno">6. </span>Security considerations</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#security-implementers"><span class="secno">6.1. </span>Security considerations for implementers</a></li><li class="tocline"><a class="tocxref" href="#security-developers"><span class="secno">6.2. </span>Security considerations for authors</a></li><li class="tocline"><a class="tocxref" href="#security-users"><span class="secno">6.3. </span>Security considerations for users</a></li></ul></li><li class="tocline"><a class="tocxref" href="#privacy"><span class="secno">7. </span>Privacy considerations</a></li><li class="tocline"><a class="tocxref" href="#dependencies"><span class="secno">8. </span>Dependencies</a></li><li class="tocline"><a class="tocxref" href="#terminology"><span class="secno">9. </span>Terminology</a></li><li class="tocline"><a class="tocxref" href="#crypto-interface"><span class="secno">10. </span>Crypto interface</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#Crypto-description"><span class="secno">10.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#Crypto-interface-methods"><span class="secno">10.2. </span>Methods and Parameters</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#Crypto-method-getRandomValues"><span class="secno">10.2.1. </span>The getRandomValues method</a></li></ul></li><li class="tocline"><a class="tocxref" href="#Crypto-interface-attributes"><span class="secno">10.3. </span>Attributes</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#Crypto-attribute-subtle"><span class="secno">10.3.1. </span>The subtle attribute</a></li></ul></li></ul></li><li class="tocline"><a class="tocxref" href="#algorithm-dictionary"><span class="secno">11. </span>Algorithm dictionary</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#algorithm-dictionary-members"><span class="secno">11.1. </span>Algorithm Dictionary Members</a></li></ul></li><li class="tocline"><a class="tocxref" href="#key-algorithm-dictionary"><span class="secno">12. </span>KeyAlgorithm dictionary</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#key-algorithm-dictionary-description"><span class="secno">12.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#key-algorithm-dictionary-members"><span class="secno">12.2. </span>KeyAlgorithm dictionary members</a></li></ul></li><li class="tocline"><a class="tocxref" href="#cryptokey-interface"><span class="secno">13. </span>CryptoKey interface</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#cryptokey-interface-description"><span class="secno">13.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#cryptokey-interface-types"><span class="secno">13.2. </span>Key interface data types</a></li><li class="tocline"><a class="tocxref" href="#cryptokey-interface-internal-slots"><span class="secno">13.3. </span>CryptoKey internal slots</a></li><li class="tocline"><a class="tocxref" href="#cryptokey-interface-members"><span class="secno">13.4. </span>CryptoKey interface members</a></li><li class="tocline"><a class="tocxref" href="#cryptokey-interface-clone"><span class="secno">13.5. </span>Structured clone algorithm</a></li></ul></li><li class="tocline"><a class="tocxref" href="#subtlecrypto-interface"><span class="secno">14. </span>SubtleCrypto interface</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#subtlecrypto-interface-description"><span class="secno">14.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#subtlecrypto-interface-datatypes"><span class="secno">14.2. </span>Data Types</a></li><li class="tocline"><a class="tocxref" href="#subtlecrypto-interface-methods"><span class="secno">14.3. </span>Methods and Parameters</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-encrypt"><span class="secno">14.3.1. </span>The encrypt method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-decrypt"><span class="secno">14.3.2. </span>The decrypt method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-sign"><span class="secno">14.3.3. </span>The sign method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-verify"><span class="secno">14.3.4. </span>The verify method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-digest"><span class="secno">14.3.5. </span>The digest method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-generateKey"><span class="secno">14.3.6. </span>The generateKey method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-deriveKey"><span class="secno">14.3.7. </span>The deriveKey method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-deriveBits"><span class="secno">14.3.8. </span>The deriveBits method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-importKey"><span class="secno">14.3.9. </span>The importKey method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-exportKey"><span class="secno">14.3.10. </span>The exportKey method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-wrapKey"><span class="secno">14.3.11. </span>The wrapKey method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-unwrapKey"><span class="secno">14.3.12. </span>The unwrapKey method</a></li></ul></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-Exceptions"><span class="secno">14.4. </span>Exceptions</a></li></ul></li><li class="tocline"><a class="tocxref" href="#JsonWebKey-dictionary"><span class="secno">15. </span>JsonWebKey dictionary</a></li><li class="tocline"><a class="tocxref" href="#big-integer"><span class="secno">16. </span>BigInteger</a></li><li class="tocline"><a class="tocxref" href="#keypair"><span class="secno">17. </span>CryptoKeyPair dictionary</a></li><li class="tocline"><a class="tocxref" href="#algorithms"><span class="secno">18. </span>Algorithms</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#algorithms-section-overview"><span class="secno">18.1. </span>Overview</a></li><li class="tocline"><a class="tocxref" href="#algorithm-concepts"><span class="secno">18.2. </span>Concepts</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#algorithm-concepts-naming"><span class="secno">18.2.1. </span>Naming</a></li><li class="tocline"><a class="tocxref" href="#algorithm-concepts-operations"><span class="secno">18.2.2. </span>Supported Operations</a></li><li class="tocline"><a class="tocxref" href="#algorithm-concepts-normalization"><span class="secno">18.2.3. </span>Normalization</a></li></ul></li><li class="tocline"><a class="tocxref" href="#algorithm-conventions"><span class="secno">18.3. </span>Specification Conventions</a></li><li class="tocline"><a class="tocxref" href="#algorithm-normalization"><span class="secno">18.4. </span>Algorithm Normalization</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#algorithm-normalization-description"><span class="secno">18.4.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#algorithm-normalization-internal"><span class="secno">18.4.2. </span>Internal State Objects</a></li><li class="tocline"><a class="tocxref" href="#algorithm-normalization-define-an-algorithm"><span class="secno">18.4.3. </span>Defining an Algorithm</a></li><li class="tocline"><a class="tocxref" href="#algorithm-normalization-normalize-an-algorithm"><span class="secno">18.4.4. </span>Normalizing an algorithm</a></li></ul></li><li class="tocline"><a class="tocxref" href="#algorithm-recommendations"><span class="secno">18.5. </span>Recommendations</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#algorithm-recommendations-authors"><span class="secno">18.5.1. </span>For Authors</a></li><li class="tocline"><a class="tocxref" href="#algorithm-recommendations-implementers"><span class="secno">18.5.2. </span>For Implementers</a></li></ul></li></ul></li><li class="tocline"><a class="tocxref" href="#algorithm-overview"><span class="secno">19. </span>Algorithm Overview</a></li><li class="tocline"><a class="tocxref" href="#rsassa-pkcs1"><span class="secno">20. </span>RSASSA-PKCS1-v1_5</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#rsassa-pkcs1-description"><span class="secno">20.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#rsassa-pkcs1-registration"><span class="secno">20.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#RsaKeyGenParams-dictionary"><span class="secno">20.3. </span>RsaKeyGenParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#RsaHashedKeyGenParams-dictionary"><span class="secno">20.4. </span>RsaHashedKeyGenParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#RsaKeyAlgorithm-dictionary"><span class="secno">20.5. </span>RsaKeyAlgorithm dictionary</a></li><li class="tocline"><a class="tocxref" href="#RsaHashedKeyAlgorithm-dictionary"><span class="secno">20.6. </span>RsaHashedKeyAlgorithm dictionary</a></li><li class="tocline"><a class="tocxref" href="#RsaHashedImportParams-dictionary"><span class="secno">20.7. </span>RsaHashedImportParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#rsassa-pkcs1-operations"><span class="secno">20.8. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#rsa-pss"><span class="secno">21. </span>RSA-PSS</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#rsa-pss-description"><span class="secno">21.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#rsa-pss-registration"><span class="secno">21.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#RsaPssParams-dictionary"><span class="secno">21.3. </span>RsaPssParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#rsa-pss-operations"><span class="secno">21.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#rsa-oaep"><span class="secno">22. </span>RSA-OAEP</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#rsa-oaep-description"><span class="secno">22.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#rsa-oaep-registration"><span class="secno">22.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#rsa-oaep-params"><span class="secno">22.3. </span>RsaOaepParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#rsa-oaep-operations"><span class="secno">22.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#ecdsa"><span class="secno">23. </span>ECDSA</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#ecdsa-description"><span class="secno">23.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#ecdsa-registration"><span class="secno">23.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#EcdsaParams-dictionary"><span class="secno">23.3. </span>EcdsaParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#EcKeyGenParams-dictionary"><span class="secno">23.4. </span>EcKeyGenParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#EcKeyAlgorithm-dictionary"><span class="secno">23.5. </span>EcKeyAlgorithm dictionary</a></li><li class="tocline"><a class="tocxref" href="#EcKeyImportParams-dictionary"><span class="secno">23.6. </span>EcKeyImportParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#ecdsa-operations"><span class="secno">23.7. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#ecdh"><span class="secno">24. </span>ECDH</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#ecdh-description"><span class="secno">24.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#ecdh-registration"><span class="secno">24.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#dh-EcdhKeyDeriveParams"><span class="secno">24.3. </span>EcdhKeyDeriveParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#ecdh-operations"><span class="secno">24.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#aes-ctr"><span class="secno">25. </span>AES-CTR</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#aes-ctr-description"><span class="secno">25.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#aes-ctr-registration"><span class="secno">25.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#aes-ctr-params"><span class="secno">25.3. </span>AesCtrParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#AesKeyAlgorithm-dictionary"><span class="secno">25.4. </span></a></li><li class="tocline"><a class="tocxref" href="#aes-keygen-params"><span class="secno">25.5. </span>AesKeyGenParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#aes-derivedkey-params"><span class="secno">25.6. </span>AesDerivedKeyParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#aes-ctr-operations"><span class="secno">25.7. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#aes-cbc"><span class="secno">26. </span>AES-CBC</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#aes-cbc-description"><span class="secno">26.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#aes-cbc-registration"><span class="secno">26.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#aes-cbc-params"><span class="secno">26.3. </span>AesCbcParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#aes-cbc-operations"><span class="secno">26.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#aes-gcm"><span class="secno">27. </span>AES-GCM</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#aes-gcm-description"><span class="secno">27.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#aes-gcm-registration"><span class="secno">27.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#aes-gcm-params"><span class="secno">27.3. </span>AesGcmParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#aes-gcm-operations"><span class="secno">27.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#aes-kw"><span class="secno">28. </span>AES-KW</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#aes-kw-description"><span class="secno">28.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#aes-kw-registration"><span class="secno">28.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#aes-kw-operations"><span class="secno">28.3. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#hmac"><span class="secno">29. </span>HMAC</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#hmac-description"><span class="secno">29.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#hmac-registration"><span class="secno">29.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#hmac-importparams"><span class="secno">29.3. </span>HmacImportParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#HmacKeyAlgorithm-dictionary"><span class="secno">29.4. </span>HmacKeyAlgorithm dictionary</a></li><li class="tocline"><a class="tocxref" href="#hmac-keygen-params"><span class="secno">29.5. </span>HmacKeyGenParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#hmac-operations"><span class="secno">29.6. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#sha"><span class="secno">30. </span>SHA</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#sha-description"><span class="secno">30.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#sha-registration"><span class="secno">30.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#sha-operations"><span class="secno">30.3. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#hkdf-ctr"><span class="secno">31. </span>HKDF-CTR</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#hkdf-ctr-description"><span class="secno">31.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#hkdf-ctr-registration"><span class="secno">31.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#hkdf-ctr-params"><span class="secno">31.3. </span>HkdfCtrParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#hkdf2-ctr-operations"><span class="secno">31.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#pbkdf2"><span class="secno">32. </span>PBKDF2</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#pbkdf2-description"><span class="secno">32.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#pbkdf2-registration"><span class="secno">32.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#pbkdf2-params"><span class="secno">32.3. </span>Pbkdf2Params dictionary</a></li><li class="tocline"><a class="tocxref" href="#pbkdf2-operations"><span class="secno">32.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#examples-section"><span class="secno">33. </span>JavaScript Example Code</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#examples-signing"><span class="secno">33.1. </span>Generate a signing key pair, sign some data</a></li><li class="tocline"><a class="tocxref" href="#examples-symmetric-encryption"><span class="secno">33.2. </span>Symmetric Encryption</a></li></ul></li><li class="tocline"><a class="tocxref" href="#iana-section"><span class="secno">34. </span>IANA Considerations</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#iana-section-jws-jwa"><span class="secno">34.1. </span>JSON Web Signature and Encryption Algorithms Registration</a></li><li class="tocline"><a class="tocxref" href="#iana-section-jwk"><span class="secno">34.2. </span>JSON Web Key Parameters Registration</a></li></ul></li><li class="tocline"><a class="tocxref" href="#acknowledgements-section"><span class="secno">35. </span>Acknowledgments</a></li><li class="tocline"><a class="tocxref" href="#references"><span class="secno">36. </span>References</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#normative-references"><span class="secno">36.1. </span>Normative References</a></li><li class="tocline"><a class="tocxref" href="#informative-references"><span class="secno">36.2. </span>Informative References</a></li></ul></li></ul><ul class="toc"><li class="tocline"><a class="tocxref" href="#jwk-mapping"><span class="secno">A. </span>Mapping between JSON Web Key / JSON Web Algorithm</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#jwk-mapping-alg"><span class="secno">A.1. </span>Algorithm mappings</a></li></ul></li><li class="tocline"><a class="tocxref" href="#spki-mapping"><span class="secno">B. </span>Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li class="tocline"><a class="tocxref" href="#pkcs8-mapping"><span class="secno">C. </span>Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul><script src="https://www.w3.org/scripts/TR/2016/fixup.js"></script>
+      <ul class="toc"><li class="tocline"><a class="tocxref" href="#introduction"><span class="secno">1. </span>Introduction</a></li><li class="tocline"><a class="tocxref" href="#use-cases"><span class="secno">2. </span>Use Cases</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#multifactor-authentication"><span class="secno">2.1. </span>Multi-factor Authentication</a></li><li class="tocline"><a class="tocxref" href="#protected-document"><span class="secno">2.2. </span>Protected Document Exchange</a></li><li class="tocline"><a class="tocxref" href="#cloud-storage"><span class="secno">2.3. </span>Cloud Storage</a></li><li class="tocline"><a class="tocxref" href="#document-signing"><span class="secno">2.4. </span>Document Signing</a></li><li class="tocline"><a class="tocxref" href="#data-integrity-protection"><span class="secno">2.5. </span>Data Integrity Protection</a></li><li class="tocline"><a class="tocxref" href="#secure-messaging"><span class="secno">2.6. </span>Secure Messaging</a></li><li class="tocline"><a class="tocxref" href="#jose"><span class="secno">2.7. </span>JavaScript Object Signing and Encryption (JOSE)</a></li></ul></li><li class="tocline"><a class="tocxref" href="#conformance"><span class="secno">3. </span>Conformance</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#extensibility"><span class="secno">3.1. </span>Extensibility</a></li></ul></li><li class="tocline"><a class="tocxref" href="#scope"><span class="secno">4. </span>Scope</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#scope-abstraction"><span class="secno">4.1. </span>Level of abstraction</a></li><li class="tocline"><a class="tocxref" href="#scope-algorithms"><span class="secno">4.2. </span>Cryptographic algorithms</a></li><li class="tocline"><a class="tocxref" href="#scope-out-of-scope"><span class="secno">4.3. </span>Out of scope</a></li></ul></li><li class="tocline"><a class="tocxref" href="#concepts"><span class="secno">5. </span>Concepts</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#concepts-underlying-implementation"><span class="secno">5.1. </span>Underlying Cryptographic Implementation</a></li><li class="tocline"><a class="tocxref" href="#concepts-key-storage"><span class="secno">5.2. </span>Key Storage</a></li></ul></li><li class="tocline"><a class="tocxref" href="#security-considerations"><span class="secno">6. </span>Security considerations</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#security-implementers"><span class="secno">6.1. </span>Security considerations for implementers</a></li><li class="tocline"><a class="tocxref" href="#security-developers"><span class="secno">6.2. </span>Security considerations for authors</a></li><li class="tocline"><a class="tocxref" href="#security-users"><span class="secno">6.3. </span>Security considerations for users</a></li></ul></li><li class="tocline"><a class="tocxref" href="#privacy"><span class="secno">7. </span>Privacy considerations</a></li><li class="tocline"><a class="tocxref" href="#dependencies"><span class="secno">8. </span>Dependencies</a></li><li class="tocline"><a class="tocxref" href="#terminology"><span class="secno">9. </span>Terminology</a></li><li class="tocline"><a class="tocxref" href="#crypto-interface"><span class="secno">10. </span>Crypto interface</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#Crypto-description"><span class="secno">10.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#Crypto-interface-methods"><span class="secno">10.2. </span>Methods and Parameters</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#Crypto-method-getRandomValues"><span class="secno">10.2.1. </span>The getRandomValues method</a></li></ul></li><li class="tocline"><a class="tocxref" href="#Crypto-interface-attributes"><span class="secno">10.3. </span>Attributes</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#Crypto-attribute-subtle"><span class="secno">10.3.1. </span>The subtle attribute</a></li></ul></li></ul></li><li class="tocline"><a class="tocxref" href="#algorithm-dictionary"><span class="secno">11. </span>Algorithm dictionary</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#algorithm-dictionary-members"><span class="secno">11.1. </span>Algorithm Dictionary Members</a></li></ul></li><li class="tocline"><a class="tocxref" href="#key-algorithm-dictionary"><span class="secno">12. </span>KeyAlgorithm dictionary</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#key-algorithm-dictionary-description"><span class="secno">12.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#key-algorithm-dictionary-members"><span class="secno">12.2. </span>KeyAlgorithm dictionary members</a></li></ul></li><li class="tocline"><a class="tocxref" href="#cryptokey-interface"><span class="secno">13. </span>CryptoKey interface</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#cryptokey-interface-description"><span class="secno">13.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#cryptokey-interface-types"><span class="secno">13.2. </span>Key interface data types</a></li><li class="tocline"><a class="tocxref" href="#cryptokey-interface-internal-slots"><span class="secno">13.3. </span>CryptoKey internal slots</a></li><li class="tocline"><a class="tocxref" href="#cryptokey-interface-members"><span class="secno">13.4. </span>CryptoKey interface members</a></li><li class="tocline"><a class="tocxref" href="#cryptokey-interface-clone"><span class="secno">13.5. </span>Structured clone algorithm</a></li></ul></li><li class="tocline"><a class="tocxref" href="#subtlecrypto-interface"><span class="secno">14. </span>SubtleCrypto interface</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#subtlecrypto-interface-description"><span class="secno">14.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#subtlecrypto-interface-datatypes"><span class="secno">14.2. </span>Data Types</a></li><li class="tocline"><a class="tocxref" href="#subtlecrypto-interface-methods"><span class="secno">14.3. </span>Methods and Parameters</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-encrypt"><span class="secno">14.3.1. </span>The encrypt method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-decrypt"><span class="secno">14.3.2. </span>The decrypt method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-sign"><span class="secno">14.3.3. </span>The sign method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-verify"><span class="secno">14.3.4. </span>The verify method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-digest"><span class="secno">14.3.5. </span>The digest method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-generateKey"><span class="secno">14.3.6. </span>The generateKey method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-deriveKey"><span class="secno">14.3.7. </span>The deriveKey method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-deriveBits"><span class="secno">14.3.8. </span>The deriveBits method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-importKey"><span class="secno">14.3.9. </span>The importKey method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-exportKey"><span class="secno">14.3.10. </span>The exportKey method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-wrapKey"><span class="secno">14.3.11. </span>The wrapKey method</a></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-method-unwrapKey"><span class="secno">14.3.12. </span>The unwrapKey method</a></li></ul></li><li class="tocline"><a class="tocxref" href="#SubtleCrypto-Exceptions"><span class="secno">14.4. </span>Exceptions</a></li></ul></li><li class="tocline"><a class="tocxref" href="#JsonWebKey-dictionary"><span class="secno">15. </span>JsonWebKey dictionary</a></li><li class="tocline"><a class="tocxref" href="#big-integer"><span class="secno">16. </span>BigInteger</a></li><li class="tocline"><a class="tocxref" href="#keypair"><span class="secno">17. </span>CryptoKeyPair dictionary</a></li><li class="tocline"><a class="tocxref" href="#algorithms"><span class="secno">18. </span>Algorithms</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#algorithms-section-overview"><span class="secno">18.1. </span>Overview</a></li><li class="tocline"><a class="tocxref" href="#algorithm-concepts"><span class="secno">18.2. </span>Concepts</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#algorithm-concepts-naming"><span class="secno">18.2.1. </span>Naming</a></li><li class="tocline"><a class="tocxref" href="#algorithm-concepts-operations"><span class="secno">18.2.2. </span>Supported Operations</a></li><li class="tocline"><a class="tocxref" href="#algorithm-concepts-normalization"><span class="secno">18.2.3. </span>Normalization</a></li></ul></li><li class="tocline"><a class="tocxref" href="#algorithm-conventions"><span class="secno">18.3. </span>Specification Conventions</a></li><li class="tocline"><a class="tocxref" href="#algorithm-normalization"><span class="secno">18.4. </span>Algorithm Normalization</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#algorithm-normalization-description"><span class="secno">18.4.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#algorithm-normalization-internal"><span class="secno">18.4.2. </span>Internal State Objects</a></li><li class="tocline"><a class="tocxref" href="#algorithm-normalization-define-an-algorithm"><span class="secno">18.4.3. </span>Defining an Algorithm</a></li><li class="tocline"><a class="tocxref" href="#algorithm-normalization-normalize-an-algorithm"><span class="secno">18.4.4. </span>Normalizing an algorithm</a></li></ul></li><li class="tocline"><a class="tocxref" href="#algorithm-recommendations"><span class="secno">18.5. </span>Recommendations</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#algorithm-recommendations-authors"><span class="secno">18.5.1. </span>For Authors</a></li><li class="tocline"><a class="tocxref" href="#algorithm-recommendations-implementers"><span class="secno">18.5.2. </span>For Implementers</a></li></ul></li></ul></li><li class="tocline"><a class="tocxref" href="#algorithm-overview"><span class="secno">19. </span>Algorithm Overview</a></li><li class="tocline"><a class="tocxref" href="#rsassa-pkcs1"><span class="secno">20. </span>RSASSA-PKCS1-v1_5</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#rsassa-pkcs1-description"><span class="secno">20.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#rsassa-pkcs1-registration"><span class="secno">20.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#RsaKeyGenParams-dictionary"><span class="secno">20.3. </span>RsaKeyGenParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#RsaHashedKeyGenParams-dictionary"><span class="secno">20.4. </span>RsaHashedKeyGenParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#RsaKeyAlgorithm-dictionary"><span class="secno">20.5. </span>RsaKeyAlgorithm dictionary</a></li><li class="tocline"><a class="tocxref" href="#RsaHashedKeyAlgorithm-dictionary"><span class="secno">20.6. </span>RsaHashedKeyAlgorithm dictionary</a></li><li class="tocline"><a class="tocxref" href="#RsaHashedImportParams-dictionary"><span class="secno">20.7. </span>RsaHashedImportParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#rsassa-pkcs1-operations"><span class="secno">20.8. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#rsa-pss"><span class="secno">21. </span>RSA-PSS</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#rsa-pss-description"><span class="secno">21.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#rsa-pss-registration"><span class="secno">21.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#RsaPssParams-dictionary"><span class="secno">21.3. </span>RsaPssParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#rsa-pss-operations"><span class="secno">21.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#rsa-oaep"><span class="secno">22. </span>RSA-OAEP</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#rsa-oaep-description"><span class="secno">22.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#rsa-oaep-registration"><span class="secno">22.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#rsa-oaep-params"><span class="secno">22.3. </span>RsaOaepParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#rsa-oaep-operations"><span class="secno">22.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#ecdsa"><span class="secno">23. </span>ECDSA</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#ecdsa-description"><span class="secno">23.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#ecdsa-registration"><span class="secno">23.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#EcdsaParams-dictionary"><span class="secno">23.3. </span>EcdsaParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#EcKeyGenParams-dictionary"><span class="secno">23.4. </span>EcKeyGenParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#EcKeyAlgorithm-dictionary"><span class="secno">23.5. </span>EcKeyAlgorithm dictionary</a></li><li class="tocline"><a class="tocxref" href="#EcKeyImportParams-dictionary"><span class="secno">23.6. </span>EcKeyImportParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#ecdsa-operations"><span class="secno">23.7. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#ecdh"><span class="secno">24. </span>ECDH</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#ecdh-description"><span class="secno">24.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#ecdh-registration"><span class="secno">24.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#dh-EcdhKeyDeriveParams"><span class="secno">24.3. </span>EcdhKeyDeriveParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#ecdh-operations"><span class="secno">24.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#aes-ctr"><span class="secno">25. </span>AES-CTR</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#aes-ctr-description"><span class="secno">25.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#aes-ctr-registration"><span class="secno">25.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#aes-ctr-params"><span class="secno">25.3. </span>AesCtrParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#AesKeyAlgorithm-dictionary"><span class="secno">25.4. </span></a></li><li class="tocline"><a class="tocxref" href="#aes-keygen-params"><span class="secno">25.5. </span>AesKeyGenParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#aes-derivedkey-params"><span class="secno">25.6. </span>AesDerivedKeyParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#aes-ctr-operations"><span class="secno">25.7. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#aes-cbc"><span class="secno">26. </span>AES-CBC</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#aes-cbc-description"><span class="secno">26.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#aes-cbc-registration"><span class="secno">26.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#aes-cbc-params"><span class="secno">26.3. </span>AesCbcParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#aes-cbc-operations"><span class="secno">26.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#aes-gcm"><span class="secno">27. </span>AES-GCM</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#aes-gcm-description"><span class="secno">27.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#aes-gcm-registration"><span class="secno">27.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#aes-gcm-params"><span class="secno">27.3. </span>AesGcmParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#aes-gcm-operations"><span class="secno">27.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#aes-kw"><span class="secno">28. </span>AES-KW</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#aes-kw-description"><span class="secno">28.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#aes-kw-registration"><span class="secno">28.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#aes-kw-operations"><span class="secno">28.3. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#hmac"><span class="secno">29. </span>HMAC</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#hmac-description"><span class="secno">29.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#hmac-registration"><span class="secno">29.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#hmac-importparams"><span class="secno">29.3. </span>HmacImportParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#HmacKeyAlgorithm-dictionary"><span class="secno">29.4. </span>HmacKeyAlgorithm dictionary</a></li><li class="tocline"><a class="tocxref" href="#hmac-keygen-params"><span class="secno">29.5. </span>HmacKeyGenParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#hmac-operations"><span class="secno">29.6. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#sha"><span class="secno">30. </span>SHA</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#sha-description"><span class="secno">30.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#sha-registration"><span class="secno">30.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#sha-operations"><span class="secno">30.3. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#hkdf"><span class="secno">31. </span>HKDF</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#hkdf-description"><span class="secno">31.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#hkdf-registration"><span class="secno">31.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#hkdf-params"><span class="secno">31.3. </span>HkdfParams dictionary</a></li><li class="tocline"><a class="tocxref" href="#hkdf2-operations"><span class="secno">31.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#pbkdf2"><span class="secno">32. </span>PBKDF2</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#pbkdf2-description"><span class="secno">32.1. </span>Description</a></li><li class="tocline"><a class="tocxref" href="#pbkdf2-registration"><span class="secno">32.2. </span>Registration</a></li><li class="tocline"><a class="tocxref" href="#pbkdf2-params"><span class="secno">32.3. </span>Pbkdf2Params dictionary</a></li><li class="tocline"><a class="tocxref" href="#pbkdf2-operations"><span class="secno">32.4. </span>Operations</a></li></ul></li><li class="tocline"><a class="tocxref" href="#examples-section"><span class="secno">33. </span>JavaScript Example Code</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#examples-signing"><span class="secno">33.1. </span>Generate a signing key pair, sign some data</a></li><li class="tocline"><a class="tocxref" href="#examples-symmetric-encryption"><span class="secno">33.2. </span>Symmetric Encryption</a></li></ul></li><li class="tocline"><a class="tocxref" href="#iana-section"><span class="secno">34. </span>IANA Considerations</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#iana-section-jws-jwa"><span class="secno">34.1. </span>JSON Web Signature and Encryption Algorithms Registration</a></li><li class="tocline"><a class="tocxref" href="#iana-section-jwk"><span class="secno">34.2. </span>JSON Web Key Parameters Registration</a></li></ul></li><li class="tocline"><a class="tocxref" href="#acknowledgements-section"><span class="secno">35. </span>Acknowledgments</a></li><li class="tocline"><a class="tocxref" href="#references"><span class="secno">36. </span>References</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#normative-references"><span class="secno">36.1. </span>Normative References</a></li><li class="tocline"><a class="tocxref" href="#informative-references"><span class="secno">36.2. </span>Informative References</a></li></ul></li></ul><ul class="toc"><li class="tocline"><a class="tocxref" href="#jwk-mapping"><span class="secno">A. </span>Mapping between JSON Web Key / JSON Web Algorithm</a><ul class="toc"><li class="tocline"><a class="tocxref" href="#jwk-mapping-alg"><span class="secno">A.1. </span>Algorithm mappings</a></li></ul></li><li class="tocline"><a class="tocxref" href="#spki-mapping"><span class="secno">B. </span>Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li class="tocline"><a class="tocxref" href="#pkcs8-mapping"><span class="secno">C. </span>Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul><script src="https://www.w3.org/scripts/TR/2016/fixup.js"></script>
     </nav>
 
     <div id="sections">
@@ -3447,7 +3447,7 @@ <h2>19. Algorithm Overview</h2>
               <td></td>
             </tr>
             <tr>
-              <td><a href="#hkdf-ctr">HKDF-CTR</a></td>
+              <td><a href="#hkdf">HKDF</a></td>
               <td></td>
               <td></td>
               <td></td>
@@ -14182,18 +14182,16 @@ <h4>30.3. Operations</h4>
         </div>
       </div>
       
-      <div id="hkdf-ctr" class="section">
-        <h3>31. HKDF-CTR</h3>
-        <div id="hkdf-ctr-description" class="section">
+      <div id="hkdf" class="section">
+        <h3>31. HKDF</h3>
+        <div id="hkdf-description" class="section">
           <h4>31.1. Description</h4>
           <p class="norm">This section is non-normative.</p>
           <p>
-            The <code>"HKDF-CTR"</code> algorithm identifier is used to
+            The <code>"HKDF"</code> algorithm identifier is used to
             perform key derivation using the extraction-then-expansion approach described in
-            [<a href="#SP800-56C">NIST SP800-56C</a>], using HMAC in counter mode, and
-            using the SHA hash functions defined in this specification
-            as described in Section 5.1 of
-            [<a href="#SP800-108">NIST SP800-108</a>].
+            [<a href="#RFC5869">RFC 5869</a>] and
+            using the SHA hash functions defined in this specification.
           </p>
           <p>
             <a href="#dfn-applicable-specification">Other specifications</a>
@@ -14201,11 +14199,11 @@ <h4>31.1. Description</h4>
             Such specifications must define the digest operation for the additional hash algorithms.
           </p>
         </div>
-        <div id="hkdf-ctr-registration" class="section">
+        <div id="hkdf-registration" class="section">
           <h4>31.2. Registration</h4>
           <p>
             The <a href="#recognized-algorithm-name">recognized algorithm name</a>
-            for this algorithm is <code>"HKDF-CTR"</code>.
+            for this algorithm is <code>"HKDF"</code>.
           </p>
           <table>
             <thead>
@@ -14218,7 +14216,7 @@ <h4>31.2. Registration</h4>
             <tbody>
               <tr>
                 <td>deriveBits</td>
-                <td><a href="#dfn-HkdfCtrParams">HkdfCtrParams</a></td>
+                <td><a href="#dfn-HkdfParams">HkdfParams</a></td>
                 <td><a href="#dfn-ArrayBuffer">ArrayBuffer</a></td>
               </tr>
               <tr>
@@ -14229,25 +14227,25 @@ <h4>31.2. Registration</h4>
               <tr>
                 <td>Get key length</td>
                 <td>None</td>
-                <td>Integer or null</td>
+                <td>null</td>
               </tr>
             </tbody>
           </table>
         </div>
-        <div id="hkdf-ctr-params" class="section">
-          <h4>31.3. HkdfCtrParams dictionary</h4>
+        <div id="hkdf-params" class="section">
+          <h4>31.3. HkdfParams dictionary</h4>
           <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
+dictionary <dfn id="dfn-HkdfParams">HkdfParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
   <span class="comment">// The algorithm to use with HMAC (e.g.: <a href="#alg-sha-256">SHA-256</a>)</span>
-  required <a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-HkdfCtrParams-hash">hash</dfn>;
-  <span class="comment">// A bit string that corresponds to the label that identifies the purpose for the derived keying material.</span>
-  required BufferSource <dfn id="dfn-HkdfCtrParams-label">label</dfn>;
-  <span class="comment">// A bit string that corresponds to the context of the key derivation, as described in Section 5 of [<a href="#SP800-108">NIST SP800-108</a>]</span>
-  required BufferSource <dfn id="dfn-HkdfCtrParams-context">context</dfn>;
+  required <a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-HkdfParams-hash">hash</dfn>;
+  <span class="comment">// A bit string that corresponds to the salt used in the extract step.</span>
+  required BufferSource <dfn id="dfn-HkdfParams-salt">salt</dfn>;
+  <span class="comment">// A bit string that corresponds to the context and application specific context for the derived keying material.</span>
+  required BufferSource <dfn id="dfn-HkdfParams-info">info</dfn>;
 };
           </code></pre></div></div>
         </div>
-        <div id="hkdf2-ctr-operations" class="section">
+        <div id="hkdf2-operations" class="section">
           <h4>31.4. Operations</h4>
           <dl>
             <dt>Derive Bits</dt>
@@ -14268,47 +14266,39 @@ <h4>31.4. Operations</h4>
                 </li>
                 <li>
                   <p>
-                    Let <var>prf</var> be the MAC Generation function described in Section 4 of
-                    [<a href="#fips-pub-198-1">FIPS PUB 198-1</a>] using the hash function
-                    described by the <a href="#dfn-HkdfCtrParams-hash">hash</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>keyDerivationKey</var> be the result of performing <var>prf</var>
-                    using <var>extractKey</var> as the key and the secret represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
+                    Let <var>keyDerivationKey</var> be the secret represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
                     as the message.
                   </p>
                 </li>
                 <li>
                   <p>
-                    Let <var>result</var> be the result of performing the KDF in counter
-                    mode operation described in Section 5.1 of
-                    [<a href="#SP800-108">NIST SP800-108</a>] using:
+                    Let <var>result</var> be the result of performing the HKDF extract and then
+                    the HKDF expand step described in Section 2 of
+                    [<a href="#RFC5869">RFC 5869</a>] using:
                   </p>
                   <ul>
                     <li>
                       <p>
-                        <var>prf</var> as the Pseudo-Random Function, <var>PRF</var>,
+                        the <a href="#dfn-HkdfParams-hash">hash</a> member of
+                        <var>normalizedAlgorithm</var> as <var>Hash</var>,
                       </p>
                     </li>
                     <li>
                       <p>
-                        <var>keyDerivationKey</var> as the Key derivation key,
-                        <var>K<sub>I</sub></var>,
+                        <var>keyDerivationKey</var> as the input keying material,
+                        <var>IKM</var>,
                       </p>
                     </li>
                     <li>
                       <p>
-                        <a href="#concept-contents-of-arraybuffer">the contents of</a> the <a href="#dfn-HkdfCtrParams-label">label</a> member of
-                        <var>normalizedAlgorithm</var> as <var>Label</var>,
+                        <a href="#concept-contents-of-arraybuffer">the contents of</a> the <a href="#dfn-HkdfParams-salt">salt</a> member of
+                        <var>normalizedAlgorithm</var> as <var>salt</var>,
                       </p>
                     </li>
                     <li>
                       <p>
-                        <a href="#concept-contents-of-arraybuffer">the contents of</a> the <a href="#dfn-HkdfCtrParams-label">context</a> member of
-                        <var>normalizedAlgorithm</var> as <var>Context</var>,
+                        <a href="#concept-contents-of-arraybuffer">the contents of</a> the <a href="#dfn-HkdfParams-info">info</a> member of
+                        <var>normalizedAlgorithm</var> as <var>info</var>,
                       </p>
                     </li>
                     <li>
@@ -14316,17 +14306,6 @@ <h4>31.4. Operations</h4>
                         <var>length</var> as the value of <var>L</var>,
                       </p>
                     </li>
-                    <li>
-                      <p>
-                        32 as the value of <var>r</var>, and
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        the 32-bit little-endian binary encoding of <var>length</var>
-                        as the encoded length value [<var>L</var>]<sub>2</sub>.
-                      </p>
-                    </li>
                   </ul>
                 </li>
                 <li>
@@ -14399,7 +14378,7 @@ <h4>31.4. Operations</h4>
                         <li>
                           <p>
                             Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                            <var>algorithm</var> to <code>"HKDF-CTR"</code>.
+                            <var>algorithm</var> to <code>"HKDF"</code>.
                           </p>
                         </li>
                         <li>
@@ -14902,12 +14881,6 @@ <h3>36.1. Normative References</h3>
               <cite><a href="http://csrc.nist.gov/publications/nistpubs/800-56C/SP-800-56C.pdf">
               NIST Special Publication 800-56C: Recommendation for Key Derivation through
               Extraction-then-Expansion</a></cite>, November 2011, NIST.
-            </dd>
-            <dt id="SP800-108">NIST SP 800-108</dt>
-            <dd>
-              <cite><a href="http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf">
-              NIST Special Publication 800-108: Recommendation for Key Derivation Using
-              Pseudorandom Functions (Revised)</a></cite>, October 2009, NIST.
             </dd>
              <dt id="RFC2119">RFC 2119</dt>
              <dd>
@@ -14959,7 +14932,13 @@ <h3>36.1. Normative References</h3>
               <cite><a href="http://www.ietf.org/rfc/rfc5480.txt">Elliptic Curve Cryptography Subject
               Public Key Information</a></cite>,
               S. Turner, D. Brown, K. Yiu, R. Housley, T. Polk. IETF.
-             </dd> 
+             </dd>
+             <dt id="RFC5869">RFC 5869</dt>
+             <dd>
+               <cite><a href="https://www.ietf.org/rfc/rfc5869.txt">HMAC-based Extract-and-Expand Key
+               Derivation Function (HKDF)"</a></cite>,
+               H. Krawczyk, P. Eronen. IETF.
+             </dd>
              <dt id="RFC5915">RFC 5915</dt>
              <dd>
               <cite><a href="http://www.ietf.org/rfc/rfc5915.txt">Elliptic Curve Private Key Structure

deriveBits	HkdfCtrParams	HkdfParams	ArrayBuffer
Get key length	None	Integer or null	null