PasswordDeriveBytes Class

 
System_CAPS_noteNote

The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

obsoleteCodeEntityT:System.Security.Cryptography.Rfc2898DeriveBytes

Derives a key from a password using an extension of the PBKDF1 algorithm.

Namespace:   System.Security.Cryptography
Assembly:  mscorlib (in mscorlib.dll)

System::Object
  System.Security.Cryptography::DeriveBytes
    System.Security.Cryptography::PasswordDeriveBytes

[ComVisibleAttribute(true)]
public ref class PasswordDeriveBytes : DeriveBytes

NameDescription
System_CAPS_pubmethodPasswordDeriveBytes(array<Byte>^, array<Byte>^)

Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(array<Byte>^, array<Byte>^, CspParameters^)

Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, and cryptographic service provider (CSP) to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(array<Byte>^, array<Byte>^, String^, Int32)

Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, and iterations to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(array<Byte>^, array<Byte>^, String^, Int32, CspParameters^)

Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, iterations, and cryptographic service provider (CSP) to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String^, array<Byte>^)

Initializes a new instance of the PasswordDeriveBytes class with the password and key salt to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String^, array<Byte>^, CspParameters^)

Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, and cryptographic service provider (CSP) parameters to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String^, array<Byte>^, String^, Int32)

Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, and number of iterations to use to derive the key.

System_CAPS_pubmethodPasswordDeriveBytes(String^, array<Byte>^, String^, Int32, CspParameters^)

Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, number of iterations, and cryptographic service provider (CSP) parameters to use to derive the key.

NameDescription
System_CAPS_pubpropertyHashName

Gets or sets the name of the hash algorithm for the operation.

System_CAPS_pubpropertyIterationCount

Gets or sets the number of iterations for the operation.

System_CAPS_pubpropertySalt

Gets or sets the key salt value for the operation.

NameDescription
System_CAPS_pubmethodCryptDeriveKey(String^, String^, Int32, array<Byte>^)

Derives a cryptographic key from the PasswordDeriveBytes object.

System_CAPS_pubmethodDispose()

When overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class.(Inherited from DeriveBytes.)

System_CAPS_protmethodDispose(Boolean)

Releases the unmanaged resources used by the PasswordDeriveBytes class and optionally releases the managed resources.(Overrides DeriveBytes::Dispose(Boolean).)

System_CAPS_pubmethodEquals(Object^)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodGetBytes(Int32)

Obsolete. Returns pseudo-random key bytes.(Overrides DeriveBytes::GetBytes(Int32).)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodReset()

Resets the state of the operation.(Overrides DeriveBytes::Reset().)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.

System_CAPS_security Security Note

Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe.

The following code example creates a key from a password using the PasswordDeriveBytes class.

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Text;

// Generates a random salt value of the specified length.
array<Byte>^ CreateRandomSalt(int length)
{
    // Create a buffer
    array<Byte>^ randomBytes;

    if (length >= 1)
    {
        randomBytes = gcnew array <Byte>(length);
    }
    else
    {
        randomBytes = gcnew array <Byte>(1);
    }

    // Create a new RNGCryptoServiceProvider.
    RNGCryptoServiceProvider^ cryptoRNGProvider =
        gcnew RNGCryptoServiceProvider();

    // Fill the buffer with random bytes.
    cryptoRNGProvider->GetBytes(randomBytes);

    // return the bytes.
    return randomBytes;
}

// Clears the bytes in a buffer so they can't later be read from memory.
void ClearBytes(array<Byte>^ buffer)
{
    // Check arguments.
    if (buffer == nullptr)
    {
        throw gcnew ArgumentNullException("buffer");
    }

    // Set each byte in the buffer to 0.
    for (int x = 0; x <= buffer->Length - 1; x++)
    {
        buffer[x] = 0;
    }
}

int main(array<String^>^ args)
{

    // Get a password from the user.
    Console::WriteLine("Enter a password to produce a key:");

    // Security Note: Never hard-code a password within your
    // source code.  Hard-coded passwords can be retrieved
    // from a compiled assembly.
    array<Byte>^ password = Encoding::Unicode->GetBytes(Console::ReadLine());

    array<Byte>^ randomSalt = CreateRandomSalt(7);

    // Create a TripleDESCryptoServiceProvider object.
    TripleDESCryptoServiceProvider^ cryptoDESProvider =
        gcnew TripleDESCryptoServiceProvider();

    try
    {
        Console::WriteLine("Creating a key with PasswordDeriveBytes...");

        // Create a PasswordDeriveBytes object and then create
        // a TripleDES key from the password and salt.
        PasswordDeriveBytes^ passwordDeriveBytes = gcnew PasswordDeriveBytes
            (password->ToString(), randomSalt);

	   // Create the key and set it to the Key property
	   // of the TripleDESCryptoServiceProvider object.
        cryptoDESProvider->Key = passwordDeriveBytes->CryptDeriveKey
            ("TripleDES", "SHA1", 192, cryptoDESProvider->IV);
        Console::WriteLine("Operation complete.");
    }
    catch (Exception^ ex)
    {
        Console::WriteLine(ex->Message);
    }
    finally
    {
        // Clear the buffers
        ClearBytes(password);
        ClearBytes(randomSalt);

        // Clear the key.
        cryptoDESProvider->Clear();
    }

    Console::ReadLine();
}

.NET Framework
Available since 1.1

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: