Home Library Learn Samples Downloads Support Community Forums
1 out of 1 rated this helpful - Rate this topic

PasswordDeriveBytes Class

.NET Framework 4.5

Derives a key from a password using an extension of the PBKDF1 algorithm.

System.Object
  System.Security.Cryptography.DeriveBytes
    System.Security.Cryptography.PasswordDeriveBytes

Namespace:  System.Security.Cryptography
Assembly:  mscorlib (in mscorlib.dll)
C#
C++
F#
VB
Copy 
[ComVisibleAttribute(true)]
public class PasswordDeriveBytes : DeriveBytes

The PasswordDeriveBytes type exposes the following members.

  NameDescription
Public methodPasswordDeriveBytes(Byte[], Byte[])Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key.
Public methodPasswordDeriveBytes(String, Byte[])Initializes a new instance of the PasswordDeriveBytes class with the password and key salt to use to derive the key.
Public methodPasswordDeriveBytes(Byte[], Byte[], CspParameters)Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, and cryptographic service provider (CSP) to use to derive the key.
Public methodPasswordDeriveBytes(String, Byte[], CspParameters)Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, and cryptographic service provider (CSP) parameters to use to derive the key.
Public methodPasswordDeriveBytes(Byte[], Byte[], String, Int32)Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, and iterations to use to derive the key.
Public methodPasswordDeriveBytes(String, Byte[], String, Int32)Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, and number of iterations to use to derive the key.
Public methodPasswordDeriveBytes(Byte[], Byte[], String, Int32, CspParameters)Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, iterations, and cryptographic service provider (CSP) to use to derive the key.
Public methodPasswordDeriveBytes(String, Byte[], String, Int32, CspParameters)Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, number of iterations, and cryptographic service provider (CSP) parameters to use to derive the key.
Top
  NameDescription
Public propertyHashNameGets or sets the name of the hash algorithm for the operation.
Public propertyIterationCountGets or sets the number of iterations for the operation.
Public propertySaltGets or sets the key salt value for the operation.
Top
  NameDescription
Public methodCryptDeriveKeyDerives a cryptographic key from the PasswordDeriveBytes object.
Public methodDispose()When overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class. (Inherited from DeriveBytes.)
Protected methodDispose(Boolean)Releases the unmanaged resources used by the PasswordDeriveBytes class and optionally releases the managed resources. (Overrides DeriveBytes.Dispose(Boolean).)
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetBytes Obsolete. Returns pseudo-random key bytes. (Overrides DeriveBytes.GetBytes(Int32).)
Public methodGetHashCodeServes as a hash function for a particular type. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodResetResets the state of the operation. (Overrides DeriveBytes.Reset().)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.

Security noteSecurity Note

Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (MSIL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe.

The following code example creates a key from a password using the PasswordDeriveBytes class.

C#
C++
VB
Copy 
using System;
using System.Security.Cryptography;
using System.Text;

public class PasswordDerivedBytesExample
{

    public static void Main(String[] args)
    {

        // Get a password from the user.
        Console.WriteLine("Enter a password to produce a key:");

        byte[] pwd = Encoding.Unicode.GetBytes(Console.ReadLine());

        byte[] salt = CreateRandomSalt(7);

        // Create a TripleDESCryptoServiceProvider object.
        TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();

        try
        {
            Console.WriteLine("Creating a key with PasswordDeriveBytes...");

            // Create a PasswordDeriveBytes object and then create 
            // a TripleDES key from the password and salt.
            PasswordDeriveBytes pdb = new PasswordDeriveBytes(pwd, salt);


            // Create the key and set it to the Key property 
            // of the TripleDESCryptoServiceProvider object.
            tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV);


            Console.WriteLine("Operation complete.");
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }
        finally
        {
            // Clear the buffers
            ClearBytes(pwd);
            ClearBytes(salt);

            // Clear the key.
            tdes.Clear();
        }

        Console.ReadLine();
    }

    ////////////////////////////////////////////////////////// 
    // Helper methods: 
    // CreateRandomSalt: Generates a random salt value of the 
    //                   specified length. 
    // 
    // ClearBytes: Clear the bytes in a buffer so they can't 
    //             later be read from memory. 
    ////////////////////////////////////////////////////////// 

    public static byte[] CreateRandomSalt(int length)
    {
        // Create a buffer 
        byte[] randBytes;

        if (length >= 1)
        {
            randBytes = new byte[length];
        }
        else
        {
            randBytes = new byte[1];
        }

        // Create a new RNGCryptoServiceProvider.
        RNGCryptoServiceProvider rand = new RNGCryptoServiceProvider();

        // Fill the buffer with random bytes.
        rand.GetBytes(randBytes);

        // return the bytes. 
        return randBytes;
    }

    public static void ClearBytes(byte[] buffer)
    {
        // Check arguments. 
        if (buffer == null)
        {
            throw new ArgumentException("buffer");
        }

        // Set each byte in the buffer to 0. 
        for (int x = 0; x < buffer.Length; x++)
        {
            buffer[x] = 0;
        }
    }
}

.NET Framework

Supported in: 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.
|
Site Feedback
© 2013 Microsoft. All rights reserved.