diff --git a/src/services/secure-credentials.service.ts b/src/services/secure-credentials.service.ts
index 2e79c28..890c1f0 100644
--- a/src/services/secure-credentials.service.ts
+++ b/src/services/secure-credentials.service.ts
@@ -272,15 +272,19 @@ export class SecureCredentialsService {
   private async deriveSpendKey(masterKey: CryptoKey, salt: Uint8Array): Promise<string> {
     const spendSalt = new Uint8Array([...salt, 0x73, 0x70, 0x65, 0x6e, 0x64]); // "spend"
 
-    const spendKeyMaterial = await crypto.subtle.deriveBits(
-      {
-        name: 'PBKDF2',
-        salt: spendSalt,
-        iterations: 1000,
-        hash: 'SHA-256'
-      },
-      masterKey,
-      256
+    // Use HMAC with the master key to derive spend key
+    const hmacKey = await crypto.subtle.importKey(
+      'raw',
+      await crypto.subtle.exportKey('raw', masterKey),
+      { name: 'HMAC', hash: 'SHA-256' },
+      false,
+      ['sign']
+    );
+
+    const spendKeyMaterial = await crypto.subtle.sign(
+      'HMAC',
+      hmacKey,
+      spendSalt
     );
 
     return Array.from(new Uint8Array(spendKeyMaterial))
@@ -294,15 +298,19 @@ export class SecureCredentialsService {
   private async deriveScanKey(masterKey: CryptoKey, salt: Uint8Array): Promise<string> {
     const scanSalt = new Uint8Array([...salt, 0x73, 0x63, 0x61, 0x6e]); // "scan"
 
-    const scanKeyMaterial = await crypto.subtle.deriveBits(
-      {
-        name: 'PBKDF2',
-        salt: scanSalt,
-        iterations: 1000,
-        hash: 'SHA-256'
-      },
-      masterKey,
-      256
+    // Use HMAC with the master key to derive scan key
+    const hmacKey = await crypto.subtle.importKey(
+      'raw',
+      await crypto.subtle.exportKey('raw', masterKey),
+      { name: 'HMAC', hash: 'SHA-256' },
+      false,
+      ['sign']
+    );
+
+    const scanKeyMaterial = await crypto.subtle.sign(
+      'HMAC',
+      hmacKey,
+      scanSalt
     );
 
     return Array.from(new Uint8Array(scanKeyMaterial))