PasswordDeriveBytes Class

 
System_CAPS_noteNote

The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

obsoleteCodeEntityT:System.Security.Cryptography.Rfc2898DeriveBytes

Derives a key from a password using an extension of the PBKDF1 algorithm.

Namespace:   System.Security.Cryptography
Assembly:  mscorlib (in mscorlib.dll)

System.Object
  System.Security.Cryptography.DeriveBytes
    System.Security.Cryptography.PasswordDeriveBytes

[ComVisibleAttribute(true)]
public class PasswordDeriveBytes : DeriveBytes

NameDescription
System_CAPS_pubmethodPasswordDeriveBytes(Byte[], Byte[])

Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(Byte[], Byte[], CspParameters)

Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, and cryptographic service provider (CSP) to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(Byte[], Byte[], String, Int32)

Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, and iterations to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(Byte[], Byte[], String, Int32, CspParameters)

Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, iterations, and cryptographic service provider (CSP) to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String, Byte[])

Initializes a new instance of the PasswordDeriveBytes class with the password and key salt to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String, Byte[], CspParameters)

Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, and cryptographic service provider (CSP) parameters to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String, Byte[], String, Int32)

Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, and number of iterations to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String, Byte[], String, Int32, CspParameters)

Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, number of iterations, and cryptographic service provider (CSP) parameters to use to derive the key.

NameDescription
System_CAPS_pubpropertyHashName

Gets or sets the name of the hash algorithm for the operation.

System_CAPS_pubpropertyIterationCount

Gets or sets the number of iterations for the operation.

System_CAPS_pubpropertySalt

Gets or sets the key salt value for the operation.

NameDescription
System_CAPS_pubmethodCryptDeriveKey(String, String, Int32, Byte[])

Derives a cryptographic key from the PasswordDeriveBytes object.

System_CAPS_pubmethodDispose()

When overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class.(Inherited from DeriveBytes.)

System_CAPS_protmethodDispose(Boolean)

Releases the unmanaged resources used by the PasswordDeriveBytes class and optionally releases the managed resources.(Overrides DeriveBytes.Dispose(Boolean).)

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodGetBytes(Int32)

Obsolete. Returns pseudo-random key bytes.(Overrides DeriveBytes.GetBytes(Int32).)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodReset()

Resets the state of the operation.(Overrides DeriveBytes.Reset().)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.

System_CAPS_security Security Note

Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe.

The following code example creates a key from a password using the PasswordDeriveBytes class.

using System;
using System.Security.Cryptography;
using System.Text;

public class PasswordDerivedBytesExample
{

    public static void Main(String[] args)
    {

        // Get a password from the user.
        Console.WriteLine("Enter a password to produce a key:");

        byte[] pwd = Encoding.Unicode.GetBytes(Console.ReadLine());

        byte[] salt = CreateRandomSalt(7);

        // Create a TripleDESCryptoServiceProvider object.
        TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();

        try
        {
            Console.WriteLine("Creating a key with PasswordDeriveBytes...");

            // Create a PasswordDeriveBytes object and then create
            // a TripleDES key from the password and salt.
            PasswordDeriveBytes pdb = new PasswordDeriveBytes(pwd, salt);


            // Create the key and set it to the Key property
            // of the TripleDESCryptoServiceProvider object.
            tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV);


            Console.WriteLine("Operation complete.");
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }
        finally
        {
            // Clear the buffers
            ClearBytes(pwd);
            ClearBytes(salt);

            // Clear the key.
            tdes.Clear();
        }

        Console.ReadLine();
    }

    //////////////////////////////////////////////////////////
    // Helper methods:
    // CreateRandomSalt: Generates a random salt value of the
    //                   specified length.
    //
    // ClearBytes: Clear the bytes in a buffer so they can't
    //             later be read from memory.
    //////////////////////////////////////////////////////////

    public static byte[] CreateRandomSalt(int length)
    {
        // Create a buffer
        byte[] randBytes;

        if (length >= 1)
        {
            randBytes = new byte[length];
        }
        else
        {
            randBytes = new byte[1];
        }

        // Create a new RNGCryptoServiceProvider.
        RNGCryptoServiceProvider rand = new RNGCryptoServiceProvider();

        // Fill the buffer with random bytes.
        rand.GetBytes(randBytes);

        // return the bytes.
        return randBytes;
    }

    public static void ClearBytes(byte[] buffer)
    {
        // Check arguments.
        if (buffer == null)
        {
            throw new ArgumentException("buffer");
        }

        // Set each byte in the buffer to 0.
        for (int x = 0; x < buffer.Length; x++)
        {
            buffer[x] = 0;
        }
    }
}

.NET Framework
Available since 1.1

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: