Windows apps
Collapse the table of content
Expand the table of content
Information
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

PasswordDeriveBytes Constructor (array<Byte>^, array<Byte>^)

 

Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key.

Namespace:   System.Security.Cryptography
Assembly:  mscorlib (in mscorlib.dll)

public:
PasswordDeriveBytes(
	array<unsigned char>^ password,
	array<unsigned char>^ salt
)

Parameters

password
Type: array<System::Byte>^

The password to derive the key for.

salt
Type: array<System::Byte>^

The key salt to use to derive the key.

System_CAPS_security Security Note

Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

The following code example creates a key from a password using the PasswordDeriveBytes class.

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Text;

// Generates a random salt value of the specified length.
array<Byte>^ CreateRandomSalt(int length)
{
    // Create a buffer
    array<Byte>^ randomBytes;

    if (length >= 1)
    {
        randomBytes = gcnew array <Byte>(length);
    }
    else
    {
        randomBytes = gcnew array <Byte>(1);
    }

    // Create a new RNGCryptoServiceProvider.
    RNGCryptoServiceProvider^ cryptoRNGProvider =
        gcnew RNGCryptoServiceProvider();

    // Fill the buffer with random bytes.
    cryptoRNGProvider->GetBytes(randomBytes);

    // return the bytes.
    return randomBytes;
}

// Clears the bytes in a buffer so they can't later be read from memory.
void ClearBytes(array<Byte>^ buffer)
{
    // Check arguments.
    if (buffer == nullptr)
    {
        throw gcnew ArgumentNullException("buffer");
    }

    // Set each byte in the buffer to 0.
    for (int x = 0; x <= buffer->Length - 1; x++)
    {
        buffer[x] = 0;
    }
}

int main(array<String^>^ args)
{

    // Get a password from the user.
    Console::WriteLine("Enter a password to produce a key:");

    // Security Note: Never hard-code a password within your
    // source code.  Hard-coded passwords can be retrieved
    // from a compiled assembly.
    array<Byte>^ password = Encoding::Unicode->GetBytes(Console::ReadLine());

    array<Byte>^ randomSalt = CreateRandomSalt(7);

    // Create a TripleDESCryptoServiceProvider object.
    TripleDESCryptoServiceProvider^ cryptoDESProvider =
        gcnew TripleDESCryptoServiceProvider();

    try
    {
        Console::WriteLine("Creating a key with PasswordDeriveBytes...");

        // Create a PasswordDeriveBytes object and then create
        // a TripleDES key from the password and salt.
        PasswordDeriveBytes^ passwordDeriveBytes = gcnew PasswordDeriveBytes
            (password->ToString(), randomSalt);

	   // Create the key and set it to the Key property
	   // of the TripleDESCryptoServiceProvider object.
        cryptoDESProvider->Key = passwordDeriveBytes->CryptDeriveKey
            ("TripleDES", "SHA1", 192, cryptoDESProvider->IV);
        Console::WriteLine("Operation complete.");
    }
    catch (Exception^ ex)
    {
        Console::WriteLine(ex->Message);
    }
    finally
    {
        // Clear the buffers
        ClearBytes(password);
        ClearBytes(randomSalt);

        // Clear the key.
        cryptoDESProvider->Clear();
    }

    Console::ReadLine();
}

.NET Framework
Available since 2.0
Return to top
Show:
© 2017 Microsoft