Rfc2898DeriveBytes Class
[ This article is for Windows Phone 8 developers. If you’re developing for Windows 10, see the latest documentation. ]
Implements password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA1.
System.Security.Cryptography::DeriveBytes
System.Security.Cryptography::Rfc2898DeriveBytes
Assembly: mscorlib (in mscorlib.dll)
The Rfc2898DeriveBytes type exposes the following members.
| Name | Description | |
|---|---|---|
 | Rfc2898DeriveBytes(String, array<Byte>) | Initializes a new instance of the Rfc2898DeriveBytes class using a password and salt to derive the key. |
| Rfc2898DeriveBytes(array<Byte>, array<Byte>, Int32) | Initializes a new instance of the Rfc2898DeriveBytes class using a password, a salt, and number of iterations to derive the key. |
| Rfc2898DeriveBytes(String, array<Byte>, Int32) | Initializes a new instance of the Rfc2898DeriveBytes class using a password, a salt, and number of iterations to derive the key. |
| Name | Description | |
|---|---|---|
 | IterationCount | Gets or sets the number of iterations for the operation. |
| Salt | Gets or sets the key salt value for the operation. |
| Name | Description | |
|---|---|---|
| Equals(Object) | Determines whether the specified Object is equal to the current Object. (Inherited from Object.) |
 | Finalize | Allows an object to try to free resources and perform other cleanup operations before the Object is reclaimed by garbage collection. (Inherited from Object.) |
| GetBytes | Returns a pseudo-random key from a password, salt and iteration count. (Overrides DeriveBytes::GetBytes(Int32).) |
| GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
| GetType | Gets the Type of the current instance. (Inherited from Object.) |
| MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
| Reset | Resets the state of the operation. (Overrides DeriveBytes::Reset().) |
| ToString | Returns a string that represents the current object. (Inherited from Object.) |
Rfc2898DeriveBytes takes a password, a salt, and an iteration count, and then generates keys through calls to the GetBytes method.
RFC 2898 includes methods for creating a key and initialization vector (IV) from a password and salt. You can use PBKDF2, a password-based key derivation function, to derive keys using a pseudo-random function that allows keys of virtually unlimited length to be generated. The Rfc2898DeriveBytes class can be used to produce a derived key from a base key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count.
For more information about PBKDF2, see RFC 2898, "PKCS #5: Password-Based Cryptography Specification Version 2.0," available on the Request for Comments Web site. See section 5.2, "PBKDF2," for complete details.
 Security Note: |
|---|
Never hard-code a password within your source code. Hard-coded passwords can be retrieved from an assembly by using the Microsoft Intermediate Language Disassembler (Ildasm.exe), by using a hexadecimal editor, or by simply opening up the assembly in a text editor such as Notepad.exe. |
The following example demonstrates how to use the Rfc2898DeriveBytes class to encrypt an isolated storage file. This code example is part of a larger example provided for the AesManaged class.
AesManaged#3