PBKDF Control
Properties Methods Events Config Settings Errors
The PBKDF control supports using PBKDF1 and PBKDF2 to derive a key using a variety of algorithms.
Syntax
PBKDF
Remarks
The PBKDF component implements PBKDF2(Password-Based Key Derivation Function 2) and PBKDF1 described in RFC 2898.
The simplest way to use the component is to simply specify the Password and Salt and call CreateKey. Before calling CreateKey additional properties such as Algorithm, KeyLength, and Iterations may be set. The component supports a variety of algorithms including HMAC-SHA1, HMAC-SHA256, HMAC-MD5, and more.
The Version property controls whether PBKDF1 or PBKDF2 (default) is used, although it is recommended to use PBKDF2.
After calling CreateKey the derived key will be held in Key.
Code Example:
Pbkdf pbkdf = new Pbkdf();
pbkdf.Password = "password";
pbkdf.Salt = "0123456789ABCDEF";
pbkdf.KeyLength = 4096;
pbkdf.CreateKey();
//Now do something with pbkdf.Key
Property List
The following is the full list of the properties of the control with short descriptions. Click on the links for further details.
| Algorithm | The underlying pseudorandom function. |
| Iterations | The number of iterations to perform. |
| Key | The derived key. |
| KeyLength | The desired length in bits of the derived key. |
| Password | The master password from which a derived key is generated. |
| Salt | The cryptographic salt. |
| UseHex | Whether the key is hex encoded. |
| Version | The PBKDF version. |
Method List
The following is the full list of the methods of the control with short descriptions. Click on the links for further details.
| Config | Sets or retrieves a configuration setting. |
| CreateKey | Creates a derived key. |
| Reset | Resets the control. |
Event List
The following is the full list of the events fired by the control with short descriptions. Click on the links for further details.
| Error | Information about errors during data delivery. |
Config Settings
The following is a list of config settings for the control with short descriptions. Click on the links for further details.
| AllowEmptyPassword | Whether an empty password can be used. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| MaskSensitive | Whether sensitive data is masked in log messages. |
| UseInternalSecurityAPI | Tells the control whether or not to use the system security libraries or an internal implementation. |
Algorithm Property (PBKDF Control)
The underlying pseudorandom function.
Syntax
pbkdfcontrol.Algorithm[=integer]
Possible Values
pbHMACSHA1(0), pbHMACSHA224(1), pbHMACSHA256(2), pbHMACSHA384(3), pbHMACSHA512(4), pbHMACMD5(5), pbHMACRIPEMD160(6), pbSHA1(7), pbMD5(8), pbMD2(9)
Default Value
0
Remarks
This property specifies the algorithm used for the pseudo random function. Possible values are:
| 0 (pbHMACSHA1 - default) | HMAC-SHA1, The default value and most commonly used. |
| 1 (pbHMACSHA224) | HMAC-SHA224 |
| 2 (pbHMACSHA256) | HMAC-SHA256 |
| 3 (pbHMACSHA384) | HMAC-SHA284 |
| 4 (pbHMACSHA512) | HMAC-SHA512 |
| 5 (pbHMACMD5) | HMAC-MD5 |
| 6 (pbHMACRIPEMD160) | HMAC-RIPEMD160 |
| 7 (pbSHA1) | SHA1, Only used with PBKDF1. |
| 8 (pbMD5) | MD5, Only used with PBKDF1. |
| 9 (pbMD2) | MD2, Only used with PBKDF1. |
Note: When using PBDKF1 the maximum KeyLength value is 160 bits for SHA1, and 128 bits for MD2 and MD5.
Data Type
Integer
Iterations Property (PBKDF Control)
The number of iterations to perform.
Syntax
pbkdfcontrol.Iterations[=integer]
Default Value
10000
Remarks
This property specifies the number of iterations to perform when deriving the key. Larger values require more time to derive a key, however they also make password cracking more difficult by increasing the amount of time required to derive each key.
The recommended minimum number of iterations is 1000, and larger values such as 10,000 are common. The default value is 10000.
Data Type
Integer
Key Property (PBKDF Control)
The derived key.
Syntax
pbkdfcontrol.Key
Default Value
""
Remarks
This property holds the derived key. After calling CreateKey this property will be populated.
To read or write binary data to the property, a Variant (Byte Array) version is provided in .KeyB.
This property is read-only.
Data Type
Binary String
KeyLength Property (PBKDF Control)
The desired length in bits of the derived key.
Syntax
pbkdfcontrol.KeyLength[=integer]
Default Value
1024
Remarks
This property specifies the length in bits of the Key.
The provided value must be divisible by 8. The default value is 1024.
Note: When Version is set to PBKDF1 certain restrictions apply. When Algorithm is set to MD5 the maximum length is 128. When Algorithm is set to SHA1 the maximum value is 160.
Data Type
Integer
Password Property (PBKDF Control)
The master password from which a derived key is generated.
Syntax
pbkdfcontrol.Password[=string]
Default Value
""
Remarks
This property specifies the password from which the derived key is created.
To read or write binary data to the property, a Variant (Byte Array) version is provided in .PasswordB.
Data Type
Binary String
Salt Property (PBKDF Control)
The cryptographic salt.
Syntax
pbkdfcontrol.Salt[=string]
Default Value
""
Remarks
This property specifies the salt used during key creation.
It is recommended to provide a salt value of at least 64 bits in length. A common length is 128 bits. It is also recommended that the salt value be randomly chosen.
To read or write binary data to the property, a Variant (Byte Array) version is provided in .SaltB.
Data Type
Binary String
UseHex Property (PBKDF Control)
Whether the key is hex encoded.
Syntax
pbkdfcontrol.UseHex[=boolean]
Default Value
False
Remarks
This setting specifies whether the created Key is hex encoded when calling CreateKey. The default value is False.
Data Type
Boolean
Version Property (PBKDF Control)
The PBKDF version.
Syntax
pbkdfcontrol.Version[=integer]
Possible Values
vPBKDF1(0), vPBKDF2(1)
Default Value
1
Remarks
This property specifies the PBKDF version to be used. It is recommended to use PBKDF2 for new applications. PBKDF1 is included only for compatibility with existing applications and is not recommended.
Possible values are:
- 0 (vPBKDF1)
- 1 (vPBKDF2 - default)
Data Type
Integer
Config Method (PBKDF Control)
Sets or retrieves a configuration setting.
Syntax
pbkdfcontrol.Config ConfigurationString
Remarks
Config is a generic method available in every control. It is used to set and retrieve configuration settings for the control.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the control, access to these internal properties is provided through the Config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
CreateKey Method (PBKDF Control)
Creates a derived key.
Syntax
pbkdfcontrol.CreateKey
Remarks
This method creates a derived key based.
The following properties are applicable when calling this method:
This method populates the Key property with the derived key.Code Example:
Pbkdf pbkdf = new Pbkdf();
pbkdf.Password = "password";
pbkdf.Salt = "0123456789ABCDEF";
pbkdf.KeyLength = 4096;
pbkdf.CreateKey();
//Now do something with pbkdf.Key
Reset Method (PBKDF Control)
Resets the control.
Syntax
pbkdfcontrol.Reset
Remarks
When called, the control will reset all of its properties to their default values.
Error Event (PBKDF Control)
Information about errors during data delivery.
Syntax
Sub pbkdfcontrol_Error(ErrorCode As Integer, Description As String)
Remarks
The Error event is fired in case of exceptional conditions during message processing. Normally the control fails with an error.
ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.
Config Settings (PBKDF Control)
The control accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the control, access to these internal properties is provided through the Config method.PBKDF Config Settings | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
AllowEmptyPassword:
Whether an empty password can be used.This setting specifies whether or not you can pass an empty password to Password. An empty string or empty byte array can be used, like in the example below.
Pbkdf pw = new Pbkdf();
pw.Config("EncodeKey=true");
pw.Config("AllowEmptyPassword=true");
//pw.PasswordB = new byte[0];
pw.Password = "";
pw.Salt = "saltsalt";
pw.Iterations = 100;
pw.KeyLength = 160;
pw.Version = PbkdfVersions.vPBKDF2;
pw.Algorithm = PbkdfAlgorithms.pbHMACSHA1;
pw.CreateKey();
The default value is False.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Base Config Settings | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CodePage:
The system code page used for Unicode to Multibyte translations.The default code page is Unicode UTF-8 (65001).
The following is a list of valid code page identifiers:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MaskSensitive:
Whether sensitive data is masked in log messages.In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to to mask sensitive data. The default is .
This setting only works on these controls: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| UseInternalSecurityAPI:
Tells the control whether or not to use the system security libraries or an internal implementation.
When set to , the control will use the system security libraries by default to perform cryptographic functions where applicable.
Setting this setting to tells the control to use the internal implementation instead of using the system security libraries. This setting is set to by default on all platforms. |
Trappable Errors (PBKDF Control)
PBKDF Errors
| 20117 Password must be set. | |
| 20118 An error occurred during hash calculation. | |
| 20119 An invalid algorithm was specified. |