PasswordDeriveBytes Class

 
obsoleteCodeEntityT:System.Security.Cryptography.Rfc2898DeriveBytes

Derives a key from a password using an extension of the PBKDF1 algorithm.

Namespace:   System.Security.Cryptography
Assembly:  mscorlib (in mscorlib.dll)

System.Object
  System.Security.Cryptography.DeriveBytes
    System.Security.Cryptography.PasswordDeriveBytes

<ComVisibleAttribute(True)>
Public Class PasswordDeriveBytes
	Inherits DeriveBytes

NameDescription
System_CAPS_pubmethodPasswordDeriveBytes(Byte(), Byte())

Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(Byte(), Byte(), CspParameters)

Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, and cryptographic service provider (CSP) to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(Byte(), Byte(), String, Int32)

Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, and iterations to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(Byte(), Byte(), String, Int32, CspParameters)

Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, iterations, and cryptographic service provider (CSP) to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String, Byte())

Initializes a new instance of the PasswordDeriveBytes class with the password and key salt to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String, Byte(), CspParameters)

Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, and cryptographic service provider (CSP) parameters to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String, Byte(), String, Int32)

Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, and number of iterations to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String, Byte(), String, Int32, CspParameters)

Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, number of iterations, and cryptographic service provider (CSP) parameters to use to derive the key.

NameDescription
System_CAPS_pubpropertyHashName

Gets or sets the name of the hash algorithm for the operation.

System_CAPS_pubpropertyIterationCount

Gets or sets the number of iterations for the operation.

System_CAPS_pubpropertySalt

Gets or sets the key salt value for the operation.

NameDescription
System_CAPS_pubmethodCryptDeriveKey(String, String, Int32, Byte())

Derives a cryptographic key from the PasswordDeriveBytes object.

System_CAPS_pubmethodDispose()

When overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class.(Inherited from DeriveBytes.)

System_CAPS_protmethodDispose(Boolean)

Releases the unmanaged resources used by the PasswordDeriveBytes class and optionally releases the managed resources.(Overrides DeriveBytes.Dispose(Boolean).)

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodGetBytes(Int32)

Obsolete. Returns pseudo-random key bytes.(Overrides DeriveBytes.GetBytes(Int32).)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodReset()

Resets the state of the operation.(Overrides DeriveBytes.Reset().)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.

System_CAPS_security Security Note

Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe.

The following code example creates a key from a password using the PasswordDeriveBytes class.

Imports System
Imports System.Security.Cryptography
Imports System.Text



Module PasswordDerivedBytesExample


    Sub Main(ByVal args() As String)

        ' Get a password from the user.
        Console.WriteLine("Enter a password to produce a key:")

        Dim pwd As Byte() = Encoding.Unicode.GetBytes(Console.ReadLine())

        Dim salt As Byte() = CreateRandomSalt(7)

        ' Create a TripleDESCryptoServiceProvider object.
        Dim tdes As New TripleDESCryptoServiceProvider()

        Try
            Console.WriteLine("Creating a key with PasswordDeriveBytes...")

            ' Create a PasswordDeriveBytes object and then create 
            ' a TripleDES key from the password and salt.
            Dim pdb As New PasswordDeriveBytes(pwd, salt)


            ' Create the key and set it to the Key property
            ' of the TripleDESCryptoServiceProvider object.
            tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV)


            Console.WriteLine("Operation complete.")
        Catch e As Exception
            Console.WriteLine(e.Message)
        Finally
            ' Clear the buffers
            ClearBytes(pwd)
            ClearBytes(salt)

            ' Clear the key.
            tdes.Clear()
        End Try

        Console.ReadLine()

    End Sub


    '********************************************************
    '* Helper methods:
    '* createRandomSalt: Generates a random salt value of the 
    '*                   specified length.  
    '*
    '* clearBytes: Clear the bytes in a buffer so they can't 
    '*             later be read from memory.
    '********************************************************
    Function CreateRandomSalt(ByVal length As Integer) As Byte()
        ' Create a buffer
        Dim randBytes() As Byte

        If length >= 1 Then
            randBytes = New Byte(length) {}
        Else
            randBytes = New Byte(0) {}
        End If

        ' Create a new RNGCryptoServiceProvider.
        Dim rand As New RNGCryptoServiceProvider()

        ' Fill the buffer with random bytes.
        rand.GetBytes(randBytes)

        ' return the bytes.
        Return randBytes

    End Function


    Sub ClearBytes(ByVal buffer() As Byte)
        ' Check arguments.
        If buffer Is Nothing Then
            Throw New ArgumentException("buffer")
        End If

        ' Set each byte in the buffer to 0.
        Dim x As Integer
        For x = 0 To buffer.Length - 1
            buffer(x) = 0
        Next x

    End Sub
End Module

.NET Framework
Available since 1.1

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: