| Constructors: NewRfc2898DeriveBytes |
Initializes a new instance of the Rfc2898DeriveBytes class using a password, a salt or salt size, and number of iterations to derive the key.
Public Function NewRfc2898DeriveBytes( ByRef Password As Variant, ByRef Salt As Variant, Optional ByVal Iterations As Long = 1000 ) As Rfc2898DeriveBytes
Default: 1000
The salt size must be 8 bytes or larger and the iteration count must be greater than zero. The minimum recommended number of iterations is 1000.
RFC 2898 includes methods for creating a key and initialization vector (IV) from a password and salt. You can use PBKDF2, a password-based key derivation function, to derive keys using a pseudo-random function that allows keys of virtually unlimited length to be generated. The Rfc2898DeriveBytes class can be used to produce a derived key from a base key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count.
| Exception | Condition |
|---|---|
| ArgumentException | The specified salt size is smaller than 8 bytes or the iteration count is less than 1. |
| ArgumentNullException | The password or salt is an unitialized array. |
The following code example uses the Rfc2898DeriveBytes class to create two identical keys for the TripleDES class. It then encrypts and decrypts some data using the keys.
Public Sub Main() Const Pwd1 As String = "Simple Password" Dim Salt1(8) As Byte Dim RngCsp As New RNGCryptoServiceProvider RngCsp.GetBytes Salt1 ' Data1 can be a string or contents of a file. Const Data1 As String = "Some test data" ' The default iteration count is 1000 so the two methods use the same iteration count. Const MyIterations As Long = 1000 On Error GoTo Catch Dim K1 As Rfc2898DeriveBytes Dim K2 As Rfc2898DeriveBytes Set K1 = NewRfc2898DeriveBytes(Pwd1, Salt1, MyIterations) Set K2 = NewRfc2898DeriveBytes(Pwd1, Salt1) ' Encrypt the data. Dim EncAlg As TripleDES Dim EncryptionStream As New MemoryStream Dim Encrypt As CryptoStream Dim UtfD1() As Byte Set EncAlg = TripleDES.Create() EncAlg.Key = K1.GetBytes(16) Set Encrypt = NewCryptoStream(EncryptionStream, EncAlg.CreateEncryptor(), CryptoStreamMode.WriteMode) UtfD1 = NewUTF8Encoding(False).GetBytes(Data1) Encrypt.WriteBlock UtfD1, 0, CorArray.Length(UtfD1) Encrypt.FlushFinalBlock Encrypt.CloseStream Dim EData1() As Byte EData1 = EncryptionStream.ToArray() K1.Reset ' Try to decrypt, thus showing it can be round-tripped. Dim DecAlg As TripleDES Dim DecryptionStreamBacking As New MemoryStream Dim Decrypt As CryptoStream Set DecAlg = TripleDES.Create() DecAlg.Key = K2.GetBytes(16) DecAlg.IV = EncAlg.IV Set Decrypt = NewCryptoStream(DecryptionStreamBacking, DecAlg.CreateDecryptor(), CryptoStreamMode.WriteMode) Decrypt.WriteBlock EData1, 0, CorArray.Length(EData1) Decrypt.Flush Decrypt.CloseStream K2.Reset Dim Data2 As String Data2 = NewUTF8Encoding(False).GetString(DecryptionStreamBacking.ToArray()) If Data1 <> Data2 Then Debug.Print "Error: The two values are not equal." Else Debug.Print "The two values are equal." Debug.Print CorString.Format("K1 iterations: {0}", K1.IterationCount) Debug.Print CorString.Format("K2 iterations: {0}", K2.IterationCount) End If Exit Sub Catch: Dim Ex As Exception Catch Ex, Err Debug.Print Ex.ToString End Sub ' This example code produces the following output. ' ' The two values are equal. ' K1 iterations: 1000 ' K2 iterations: 1000