Rfc2898DeriveBytes Class
Implements password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA1.
Assembly: mscorlib (in mscorlib.dll)
System.Security.Cryptography::DeriveBytes
System.Security.Cryptography::Rfc2898DeriveBytes
| Name | Description | |
|---|---|---|
![]() | Rfc2898DeriveBytes(array<Byte>^, array<Byte>^, Int32) | Initializes a new instance of the Rfc2898DeriveBytes class using a password, a salt, and number of iterations to derive the key. |
![]() | Rfc2898DeriveBytes(String^, array<Byte>^) | Initializes a new instance of the Rfc2898DeriveBytes class using a password and salt to derive the key. |
![]() | Rfc2898DeriveBytes(String^, array<Byte>^, Int32) | Initializes a new instance of the Rfc2898DeriveBytes class using a password, a salt, and number of iterations to derive the key. |
![]() | Rfc2898DeriveBytes(String^, Int32) | Initializes a new instance of the Rfc2898DeriveBytes class using the password and salt size to derive the key. |
![]() | Rfc2898DeriveBytes(String^, Int32, Int32) | Initializes a new instance of the Rfc2898DeriveBytes class using a password, a salt size, and number of iterations to derive the key. |
| Name | Description | |
|---|---|---|
![]() | IterationCount | Gets or sets the number of iterations for the operation. |
![]() | Salt | Gets or sets the key salt value for the operation. |
| Name | Description | |
|---|---|---|
![]() | CryptDeriveKey(String^, String^, Int32, array<Byte>^) | Derives a cryptographic key from the Rfc2898DeriveBytes object. |
![]() | Dispose() | When overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class.(Inherited from DeriveBytes.) |
![]() | Dispose(Boolean) | Releases the unmanaged resources used by the Rfc2898DeriveBytes class and optionally releases the managed resources.(Overrides DeriveBytes::Dispose(Boolean).) |
![]() | Equals(Object^) | Determines whether the specified object is equal to the current object.(Inherited from Object.) |
![]() | Finalize() | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.) |
![]() | GetBytes(Int32) | Returns the pseudo-random key for this object.(Overrides DeriveBytes::GetBytes(Int32).) |
![]() | GetHashCode() | Serves as the default hash function. (Inherited from Object.) |
![]() | GetType() | |
![]() | MemberwiseClone() | |
![]() | Reset() | Resets the state of the operation.(Overrides DeriveBytes::Reset().) |
![]() | ToString() | Returns a string that represents the current object.(Inherited from Object.) |
Rfc2898DeriveBytes takes a password, a salt, and an iteration count, and then generates keys through calls to the GetBytes method.
RFC 2898 includes methods for creating a key and initialization vector (IV) from a password and salt. You can use PBKDF2, a password-based key derivation function, to derive keys using a pseudo-random function that allows keys of virtually unlimited length to be generated. The Rfc2898DeriveBytes class can be used to produce a derived key from a base key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count.
For more information about PBKDF2, see RFC 2898, "PKCS #5: Password-Based Cryptography Specification Version 2.0," available on the Request for Comments Web site. See section 5.2, "PBKDF2," for complete details.
Security Note
|
|---|
Never hard-code a password within your source code. Hard-coded passwords can be retrieved from an assembly by using the Ildasm.exe (IL Disassembler), by using a hexadecimal editor, or by simply opening up the assembly in a text editor such as Notepad.exe. |
The following code example uses the Rfc2898DeriveBytes class to create two identical keys for the TripleDES class. It then encrypts and decrypts some data using the keys.
using namespace System; using namespace System::IO; using namespace System::Text; using namespace System::Security::Cryptography; // Generate a key k1 with password pwd1 and salt salt1. // Generate a key k2 with password pwd1 and salt salt1. // Encrypt data1 with key k1 using symmetric encryption, creating edata1. // Decrypt edata1 with key k2 using symmetric decryption, creating data2. // data2 should equal data1. int main() { array<String^>^passwordargs = Environment::GetCommandLineArgs(); String^ usageText = "Usage: RFC2898 <password>\nYou must specify the password for encryption.\n"; //If no file name is specified, write usage text. if ( passwordargs->Length == 1 ) { Console::WriteLine( usageText ); } else { String^ pwd1 = passwordargs[ 1 ]; array<Byte>^salt1 = gcnew array<Byte>(8); RNGCryptoServiceProvider ^ rngCsp = gcnew RNGCryptoServiceProvider(); rngCsp->GetBytes(salt1); //data1 can be a string or contents of a file. String^ data1 = "Some test data"; //The default iteration count is 1000 so the two methods use the same iteration count. int myIterations = 1000; try { Rfc2898DeriveBytes ^ k1 = gcnew Rfc2898DeriveBytes( pwd1,salt1,myIterations ); Rfc2898DeriveBytes ^ k2 = gcnew Rfc2898DeriveBytes( pwd1,salt1 ); // Encrypt the data. TripleDES^ encAlg = TripleDES::Create(); encAlg->Key = k1->GetBytes( 16 ); MemoryStream^ encryptionStream = gcnew MemoryStream; CryptoStream^ encrypt = gcnew CryptoStream( encryptionStream,encAlg->CreateEncryptor(),CryptoStreamMode::Write ); array<Byte>^utfD1 = (gcnew System::Text::UTF8Encoding( false ))->GetBytes( data1 ); encrypt->Write( utfD1, 0, utfD1->Length ); encrypt->FlushFinalBlock(); encrypt->Close(); array<Byte>^edata1 = encryptionStream->ToArray(); k1->Reset(); // Try to decrypt, thus showing it can be round-tripped. TripleDES^ decAlg = TripleDES::Create(); decAlg->Key = k2->GetBytes( 16 ); decAlg->IV = encAlg->IV; MemoryStream^ decryptionStreamBacking = gcnew MemoryStream; CryptoStream^ decrypt = gcnew CryptoStream( decryptionStreamBacking,decAlg->CreateDecryptor(),CryptoStreamMode::Write ); decrypt->Write( edata1, 0, edata1->Length ); decrypt->Flush(); decrypt->Close(); k2->Reset(); String^ data2 = (gcnew UTF8Encoding( false ))->GetString( decryptionStreamBacking->ToArray() ); if ( !data1->Equals( data2 ) ) { Console::WriteLine( "Error: The two values are not equal." ); } else { Console::WriteLine( "The two values are equal." ); Console::WriteLine( "k1 iterations: {0}", k1->IterationCount ); Console::WriteLine( "k2 iterations: {0}", k2->IterationCount ); } } catch ( Exception^ e ) { Console::WriteLine( "Error: ", e ); } } }
Available since 2.0
Silverlight
Available since 2.0
Windows Phone Silverlight
Available since 7.0
Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.



