Unlocking Secure Key Derivation: A Guide to Java 25’s New KDF API

Introduction

Cryptographic key management is a cornerstone of secure Java applications. With Java 25, the platform introduces a standardized Key Derivation Function (KDF) API, following its preview in JDK 24 as part of JEP 478. This API brings a clean and extensible model for generating cryptographically strong keys from initial key material using well-established algorithms. In this guide, we’ll explore why KDFs are essential, how the new API is structured, and how you can leverage it in your projects.

Why Key Derivation Matters

A Key Derivation Function takes initial key material (IKM) and derives one or more cryptographically robust keys. IKM can be a shared secret from a network handshake, a user password, or entropy from a key agreement protocol. Without KDFs, raw IKM often lacks sufficient entropy or length for secure use. Here are key scenarios where KDFs shine:

• TLS and protocol handshakes: After a Diffie-Hellman or ECDH exchange, the raw shared secret should never be used directly. A KDF transforms it into session keys with proper length and randomness.
• Password-based encryption: Passwords are weak on their own. Algorithms like PBKDF2 stretch and salt them to create secure keys.
• Key diversification: A single master key can generate multiple purpose-specific sub-keys without compromising the original.

Prior to Java 25, developers had no unified API for these tasks, often resorting to low-level MAC-based constructions, vendor-specific providers, or libraries like Bouncy Castle. The new KDF API solves this by offering a standard, JCA-integrated interface that is algorithm-agnostic and provider-extensible.

Inside the KDF API

The KDF API lives in the javax.crypto package and follows the same factory-method pattern familiar from other Java cryptographic APIs. This pattern allows you to create objects without specifying their concrete class, promoting flexibility and provider interchangeability.

Obtaining a KDF Instance

To get a KDF instance, use:

KDF kdf = KDF.getInstance("HKDF-SHA256");

The getInstance() method accepts an algorithm name and optionally a Provider. This keeps the API consistent with the broader Java Cryptographic Architecture (JCA), allowing alternative implementations to be plugged in without altering your application code.

Derivation Methods

Once you have a KDF instance, you can derive either a typed SecretKey or raw byte material:

• deriveKey(String alg, AlgorithmParameterSpec params) – Derives a SecretKey for a specific target algorithm like “AES”. The parameter spec controls key length, salt, and other parameters.
• deriveData(AlgorithmParameterSpec params) – Returns the raw derived bytes, which you can use directly for non-key purposes or for further processing.

Example usage:

SecretKey aesKey = kdf.deriveKey("AES", paramSpec);
byte[] rawMaterial = kdf.deriveData(paramSpec);

The parameter specification object (AlgorithmParameterSpec) varies by algorithm. For HKDF, you might use HKDFParameterSpec which includes input key material, salt, and info fields.

Real-World Applications

The KDF API directly addresses common cryptographic needs:

• TLS 1.3 and beyond: After a key exchange, the shared secret is passed through an HKDF to produce handshake traffic keys, application keys, and more.
• Password hashing: For password storage, use algorithms like PBKDF2 via the KDF API—though Java also has a dedicated SecretKeyFactory, the KDF API provides a unified interface.
• Key wrapping and derivation: Expand a master key into separate keys for encryption, signing, and authentication without leaking information.

By standardizing these operations, Java 25 reduces reliance on third-party libraries and makes code more portable and auditable.

Conclusion

The Key Derivation Function API in Java 25 marks a significant step forward for cryptographic key management. Its clean design, based on the JCA factory pattern, simplifies deriving keys from initial material while maintaining provider flexibility. Developers can now write more secure, maintainable code without reaching for external libraries. As the API matures, expect broader algorithm support and tighter integration with other Java security features.