PasswordDeriveBytes Class
Derives a key from a password using an extension of the PBKDF1 algorithm.
System.Security.Cryptography::DeriveBytes
System.Security.Cryptography::PasswordDeriveBytes
Assembly: mscorlib (in mscorlib.dll)
The PasswordDeriveBytes type exposes the following members.
| Name | Description | |
|---|---|---|
![]() | PasswordDeriveBytes(array<Byte>, array<Byte>) | Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key. |
![]() | PasswordDeriveBytes(String, array<Byte>) | Initializes a new instance of the PasswordDeriveBytes class with the password and key salt to use to derive the key. |
![]() | PasswordDeriveBytes(array<Byte>, array<Byte>, CspParameters) | Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, and cryptographic service provider (CSP) to use to derive the key. |
![]() | PasswordDeriveBytes(String, array<Byte>, CspParameters) | Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, and cryptographic service provider (CSP) parameters to use to derive the key. |
![]() | PasswordDeriveBytes(array<Byte>, array<Byte>, String, Int32) | Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, and iterations to use to derive the key. |
![]() | PasswordDeriveBytes(String, array<Byte>, String, Int32) | Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, and number of iterations to use to derive the key. |
![]() | PasswordDeriveBytes(array<Byte>, array<Byte>, String, Int32, CspParameters) | Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, iterations, and cryptographic service provider (CSP) to use to derive the key. |
![]() | PasswordDeriveBytes(String, array<Byte>, String, Int32, CspParameters) | Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, number of iterations, and cryptographic service provider (CSP) parameters to use to derive the key. |
| Name | Description | |
|---|---|---|
![]() | HashName | Gets or sets the name of the hash algorithm for the operation. |
![]() | IterationCount | Gets or sets the number of iterations for the operation. |
![]() | Salt | Gets or sets the key salt value for the operation. |
| Name | Description | |
|---|---|---|
![]() | CryptDeriveKey | Derives a cryptographic key from the PasswordDeriveBytes object. |
![]() | Dispose() | When overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class. (Inherited from DeriveBytes.) |
![]() | Dispose(Boolean) | Releases the unmanaged resources used by the PasswordDeriveBytes class and optionally releases the managed resources. (Overrides DeriveBytes::Dispose(Boolean).) |
![]() | Equals(Object) | Determines whether the specified Object is equal to the current Object. (Inherited from Object.) |
![]() | Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
![]() | GetBytes | Obsolete. Returns pseudo-random key bytes. (Overrides DeriveBytes::GetBytes(Int32).) |
![]() | GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
![]() | GetType | Gets the Type of the current instance. (Inherited from Object.) |
![]() | MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
![]() | Reset | Resets the state of the operation. (Overrides DeriveBytes::Reset().) |
![]() | ToString | Returns a string that represents the current object. (Inherited from Object.) |
This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.
Security Note |
|---|
Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (MSIL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe. |
The following code example creates a key from a password using the PasswordDeriveBytes class.
using namespace System; using namespace System::Security::Cryptography; using namespace System::Text; // Generates a random salt value of the specified length. array<Byte>^ CreateRandomSalt(int length) { // Create a buffer array<Byte>^ randomBytes; if (length >= 1) { randomBytes = gcnew array <Byte>(length); } else { randomBytes = gcnew array <Byte>(1); } // Create a new RNGCryptoServiceProvider. RNGCryptoServiceProvider^ cryptoRNGProvider = gcnew RNGCryptoServiceProvider(); // Fill the buffer with random bytes. cryptoRNGProvider->GetBytes(randomBytes); // return the bytes. return randomBytes; } // Clears the bytes in a buffer so they can't later be read from memory. void ClearBytes(array<Byte>^ buffer) { // Check arguments. if (buffer == nullptr) { throw gcnew ArgumentNullException("buffer"); } // Set each byte in the buffer to 0. for (int x = 0; x <= buffer->Length - 1; x++) { buffer[x] = 0; } } int main(array<String^>^ args) { // Get a password from the user. Console::WriteLine("Enter a password to produce a key:"); // Security Note: Never hard-code a password within your // source code. Hard-coded passwords can be retrieved // from a compiled assembly. array<Byte>^ password = Encoding::Unicode->GetBytes(Console::ReadLine()); array<Byte>^ randomSalt = CreateRandomSalt(7); // Create a TripleDESCryptoServiceProvider object. TripleDESCryptoServiceProvider^ cryptoDESProvider = gcnew TripleDESCryptoServiceProvider(); try { Console::WriteLine("Creating a key with PasswordDeriveBytes..."); // Create a PasswordDeriveBytes object and then create // a TripleDES key from the password and salt. PasswordDeriveBytes^ passwordDeriveBytes = gcnew PasswordDeriveBytes (password->ToString(), randomSalt); // Create the key and set it to the Key property // of the TripleDESCryptoServiceProvider object. cryptoDESProvider->Key = passwordDeriveBytes->CryptDeriveKey ("TripleDES", "SHA1", 192, cryptoDESProvider->IV); Console::WriteLine("Operation complete."); } catch (Exception^ ex) { Console::WriteLine(ex->Message); } finally { // Clear the buffers ClearBytes(password); ClearBytes(randomSalt); // Clear the key. cryptoDESProvider->Clear(); } Console::ReadLine(); }
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
