Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
PasswordDeriveBytes Class
Definition
- Namespace:
- System.Security.Cryptography
- Assemblies:
- netstandard.dll, System.Security.Cryptography.dll
- Assemblies:
- netstandard.dll, System.Security.Cryptography.Csp.dll
- Assemblies:
- netstandard.dll, System.Security.Cryptography.dll, System.Security.Cryptography.Csp.dll
- Assembly:
- System.Security.Cryptography.Csp.dll
- Assembly:
- mscorlib.dll
- Assembly:
- netstandard.dll
- Source:
- PasswordDeriveBytes.cs
- Source:
- PasswordDeriveBytes.cs
- Source:
- PasswordDeriveBytes.cs
- Source:
- PasswordDeriveBytes.cs
- Source:
- PasswordDeriveBytes.cs
Important
Some information relates to prerelease product that may be substantially modified before itβs released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Derives a key from a password using an extension of the PBKDF1 algorithm.
public ref class PasswordDeriveBytes : System::Security::Cryptography::DeriveBytespublic class PasswordDeriveBytes : System.Security.Cryptography.DeriveBytes[System.Runtime.InteropServices.ComVisible(true)]
public class PasswordDeriveBytes : System.Security.Cryptography.DeriveBytestype PasswordDeriveBytes = class
inherit DeriveBytes[<System.Runtime.InteropServices.ComVisible(true)>]
type PasswordDeriveBytes = class
inherit DeriveBytesPublic Class PasswordDeriveBytes
Inherits DeriveBytes- Inheritance
- Attributes
Examples
The following code example creates a key from a password using the PasswordDeriveBytes class.
using System;
using System.Security.Cryptography;
using System.Text;
public class PasswordDerivedBytesExample
{
public static void Main(String[] args)
{
// Get a password from the user.
Console.WriteLine("Enter a password to produce a key:");
byte[] pwd = Encoding.Unicode.GetBytes(Console.ReadLine());
byte[] salt = CreateRandomSalt(7);
// Create a TripleDESCryptoServiceProvider object.
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
try
{
Console.WriteLine("Creating a key with PasswordDeriveBytes...");
// Create a PasswordDeriveBytes object and then create
// a TripleDES key from the password and salt.
PasswordDeriveBytes pdb = new PasswordDeriveBytes(pwd, salt);
// Create the key and set it to the Key property
// of the TripleDESCryptoServiceProvider object.
// This example uses the SHA1 algorithm.
// Due to collision problems with SHA1, Microsoft recommends SHA256 or better.
tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV);
Console.WriteLine("Operation complete.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
finally
{
// Clear the buffers
ClearBytes(pwd);
ClearBytes(salt);
// Clear the key.
tdes.Clear();
}
Console.ReadLine();
}
//////////////////////////////////////////////////////////
// Helper methods:
// CreateRandomSalt: Generates a random salt value of the
// specified length.
//
// ClearBytes: Clear the bytes in a buffer so they can't
// later be read from memory.
//////////////////////////////////////////////////////////
public static byte[] CreateRandomSalt(int length)
{
// Create a buffer
byte[] randBytes;
if (length >= 1)
{
randBytes = new byte[length];
}
else
{
randBytes = new byte[1];
}
using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
{
// Fill the buffer with random bytes.
rng.GetBytes(randBytes);
}
// return the bytes.
return randBytes;
}
public static void ClearBytes(byte[] buffer)
{
// Check arguments.
if (buffer == null)
{
throw new ArgumentException("buffer");
}
// Set each byte in the buffer to 0.
for (int x = 0; x < buffer.Length; x++)
{
buffer[x] = 0;
}
}
}
Imports System.Security.Cryptography
Imports System.Text
Module PasswordDerivedBytesExample
Sub Main(ByVal args() As String)
' Get a password from the user.
Console.WriteLine("Enter a password to produce a key:")
Dim pwd As Byte() = Encoding.Unicode.GetBytes(Console.ReadLine())
Dim salt As Byte() = CreateRandomSalt(7)
' Create a TripleDESCryptoServiceProvider object.
Dim tdes As New TripleDESCryptoServiceProvider()
Try
Console.WriteLine("Creating a key with PasswordDeriveBytes...")
' Create a PasswordDeriveBytes object and then create
' a TripleDES key from the password and salt.
Dim pdb As New PasswordDeriveBytes(pwd, salt)
' Create the key and set it to the Key property
' of the TripleDESCryptoServiceProvider object.
' This example uses the SHA1 algorithm.
' Due to collision problems with SHA1, Microsoft recommends SHA256 or better.
tdes.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, tdes.IV)
Console.WriteLine("Operation complete.")
Catch e As Exception
Console.WriteLine(e.Message)
Finally
' Clear the buffers
ClearBytes(pwd)
ClearBytes(salt)
' Clear the key.
tdes.Clear()
End Try
Console.ReadLine()
End Sub
'********************************************************
'* Helper methods:
'* createRandomSalt: Generates a random salt value of the
'* specified length.
'*
'* clearBytes: Clear the bytes in a buffer so they can't
'* later be read from memory.
'********************************************************
Function CreateRandomSalt(ByVal length As Integer) As Byte()
' Create a buffer
Dim randBytes() As Byte
If length >= 1 Then
randBytes = New Byte(length) {}
Else
randBytes = New Byte(0) {}
End If
' Create a new RandomNumberGenerator.
Using rand As RandomNumberGenerator = RandomNumberGenerator.Create()
' Fill the buffer with random bytes.
rand.GetBytes(randBytes)
End Using
' return the bytes.
Return randBytes
End Function
Sub ClearBytes(ByVal buffer() As Byte)
' Check arguments.
If buffer Is Nothing Then
Throw New ArgumentException("buffer")
End If
' Set each byte in the buffer to 0.
Dim x As Integer
For x = 0 To buffer.Length - 1
buffer(x) = 0
Next x
End Sub
End Module
Remarks
This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.
Important
Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe.
Constructors
| Name | Description |
|---|---|
| PasswordDeriveBytes(Byte[], Byte[], CspParameters) |
Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, and cryptographic service provider (CSP) to use to derive the key. |
| PasswordDeriveBytes(Byte[], Byte[], String, Int32, CspParameters) |
Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, iterations, and cryptographic service provider (CSP) to use to derive the key. |
| PasswordDeriveBytes(Byte[], Byte[], String, Int32) |
Initializes a new instance of the PasswordDeriveBytes class specifying the password, key salt, hash name, and iterations to use to derive the key. |
| PasswordDeriveBytes(Byte[], Byte[]) |
Initializes a new instance of the PasswordDeriveBytes class specifying the password and key salt to use to derive the key. |
| PasswordDeriveBytes(String, Byte[], CspParameters) |
Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, and cryptographic service provider (CSP) parameters to use to derive the key. |
| PasswordDeriveBytes(String, Byte[], String, Int32, CspParameters) |
Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, number of iterations, and cryptographic service provider (CSP) parameters to use to derive the key. |
| PasswordDeriveBytes(String, Byte[], String, Int32) |
Initializes a new instance of the PasswordDeriveBytes class with the password, key salt, hash name, and number of iterations to use to derive the key. |
| PasswordDeriveBytes(String, Byte[]) |
Initializes a new instance of the PasswordDeriveBytes class with the password and key salt to use to derive the key. |
Properties
| Name | Description |
|---|---|
| HashName |
Gets or sets the name of the hash algorithm for the operation. |
| IterationCount |
Gets or sets the number of iterations for the operation. |
| Salt |
Gets or sets the key salt value for the operation. |
Methods
| Name | Description |
|---|---|
| CryptDeriveKey(String, String, Int32, Byte[]) |
Derives a cryptographic key from the PasswordDeriveBytes object. |
| Dispose() |
When overridden in a derived class, releases all resources used by the current instance of the DeriveBytes class. (Inherited from DeriveBytes) |
| Dispose(Boolean) |
Releases the unmanaged resources used by the PasswordDeriveBytes class and optionally releases the managed resources. |
| Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
| Finalize() |
Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. |
| GetBytes(Int32) |
Obsolete.
Returns pseudo-random key bytes. |
| GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
| GetType() |
Gets the Type of the current instance. (Inherited from Object) |
| MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
| Reset() |
Resets the state of the operation. |
| ToString() |
Returns a string that represents the current object. (Inherited from Object) |
Applies to
See also
Feedback
Was this page helpful?