PBKDF Component

Properties   Methods   Events   Config Settings   Errors  

The PBKDF component supports using PBKDF1 and PBKDF2 to derive a key using a variety of algorithms.

Syntax

nsoftware.IPWorksEncrypt.Pbkdf

Remarks

The PBKDF component implements PBKDF2 and PBKDF1 (Password-Based Key Derivation Function 1 & 2) as described in RFC 2898.

The simplest way to use the component is to simply specify the Password and Salt and call CreateKey. Before calling CreateKey additional properties such as Algorithm, KeyLength, and Iterations may be set. The component supports a variety of algorithms including HMAC-SHA1, HMAC-SHA256, HMAC-MD5, and more.

The Version property controls whether PBKDF1 or PBKDF2 (default) is used, although it is recommended to use PBKDF2.

After calling CreateKey the derived key will be held in Key.

Code Example: Pbkdf pbkdf = new Pbkdf(); pbkdf.Password = "password"; pbkdf.Salt = "0123456789ABCDEF"; pbkdf.KeyLength = 4096; pbkdf.CreateKey(); //Now do something with pbkdf.Key

Property List


The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

AlgorithmThe underlying pseudorandom function.
IterationsThe number of iterations to perform.
KeyThe derived key.
KeyLengthThe desired length in bits of the derived key.
PasswordThe master password from which a derived key is generated.
SaltThe cryptographic salt.
UseHexWhether the key is hex encoded.
VersionThe PBKDF version.

Method List


The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

ConfigSets or retrieves a configuration setting.
CreateKeyCreates a key.
ResetResets the component

Event List


The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

ErrorFired when information is available about errors during data delivery.

Config Settings


The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AllowEmptyPasswordWhether an empty password can be used.
BuildInfoInformation about the product's build.
GUIAvailableWhether or not a message loop is available for processing events.
LicenseInfoInformation about the current license.
MaskSensitiveWhether sensitive data is masked in log messages.
UseInternalSecurityAPIWhether or not to use the system security libraries or an internal implementation.

Algorithm Property (PBKDF Component)

The underlying pseudorandom function.

Syntax

public PbkdfAlgorithms Algorithm { get; set; }

enum PbkdfAlgorithms { pbHMACSHA1, pbHMACSHA224, pbHMACSHA256, pbHMACSHA384, pbHMACSHA512, pbHMACMD5, pbHMACRIPEMD160, pbSHA1, pbMD5, pbMD2 }
Public Property Algorithm As PbkdfAlgorithms

Enum PbkdfAlgorithms pbHMACSHA1 pbHMACSHA224 pbHMACSHA256 pbHMACSHA384 pbHMACSHA512 pbHMACMD5 pbHMACRIPEMD160 pbSHA1 pbMD5 pbMD2 End Enum

Default Value

0

Remarks

This property specifies the algorithm used for the pseudo random function. Possible values are:

0 (pbHMACSHA1 - default) HMAC-SHA1, The default value and most commonly used.
1 (pbHMACSHA224) HMAC-SHA224
2 (pbHMACSHA256) HMAC-SHA256
3 (pbHMACSHA384) HMAC-SHA284
4 (pbHMACSHA512) HMAC-SHA512
5 (pbHMACMD5) HMAC-MD5
6 (pbHMACRIPEMD160) HMAC-RIPEMD160
7 (pbSHA1) SHA1, Only used with PBKDF1.
8 (pbMD5) MD5, Only used with PBKDF1.
9 (pbMD2) MD2, Only used with PBKDF1.

Note: When using PBDKF1 the maximum KeyLength value is 160 bits for SHA1, and 128 bits for MD2 and MD5.

Iterations Property (PBKDF Component)

The number of iterations to perform.

Syntax

public int Iterations { get; set; }
Public Property Iterations As Integer

Default Value

10000

Remarks

This property specifies the number of iterations to perform when deriving the key. Larger values require more time to derive a key, however they also make password cracking more difficult by increasing the amount of time required to derive each key.

The recommended minimum number of iterations is 1000, and larger values such as 10,000 are common. The default value is 10000.

Key Property (PBKDF Component)

The derived key.

Syntax

public string Key { get; }
public byte[] KeyB { get; }
Public ReadOnly Property Key As String
Public ReadOnly Property KeyB As Byte()

Default Value

""

Remarks

This property holds the derived key. After calling CreateKey this property will be populated.

This property is read-only.

KeyLength Property (PBKDF Component)

The desired length in bits of the derived key.

Syntax

public int KeyLength { get; set; }
Public Property KeyLength As Integer

Default Value

1024

Remarks

This property specifies the length in bits of the Key.

The provided value must be divisible by 8. The default value is 1024.

Note: When Version is set to PBKDF1 certain restrictions apply. When Algorithm is set to MD5 the maximum length is 128. When Algorithm is set to SHA1 the maximum value is 160.

Password Property (PBKDF Component)

The master password from which a derived key is generated.

Syntax

public string Password { get; set; }
public byte[] PasswordB { get; set; }
Public Property Password As String
Public Property PasswordB As Byte()

Default Value

""

Remarks

This property specifies the password from which the derived key is created.

Salt Property (PBKDF Component)

The cryptographic salt.

Syntax

public string Salt { get; set; }
public byte[] SaltB { get; set; }
Public Property Salt As String
Public Property SaltB As Byte()

Default Value

""

Remarks

This property specifies the salt used during key creation.

It is recommended to provide a salt value of at least 64 bits in length. A common length is 128 bits. It is also recommended that the salt value be randomly chosen.

UseHex Property (PBKDF Component)

Whether the key is hex encoded.

Syntax

public bool UseHex { get; set; }
Public Property UseHex As Boolean

Default Value

False

Remarks

This setting specifies whether the created Key is hex encoded when calling CreateKey. The default value is False.

Version Property (PBKDF Component)

The PBKDF version.

Syntax

public PbkdfVersions Version { get; set; }

enum PbkdfVersions { vPBKDF1, vPBKDF2 }
Public Property Version As PbkdfVersions

Enum PbkdfVersions vPBKDF1 vPBKDF2 End Enum

Default Value

1

Remarks

This property specifies the PBKDF version to be used. It is recommended to use PBKDF2 for new applications. PBKDF1 is included only for compatibility with existing applications and is not recommended.

Possible values are:

  • 0 (vPBKDF1)
  • 1 (vPBKDF2 - default)

Config Method (PBKDF Component)

Sets or retrieves a configuration setting.

Syntax

public string Config(string configurationString);

Async Version
public async Task<string> Config(string configurationString);
public async Task<string> Config(string configurationString, CancellationToken cancellationToken);
Public Function Config(ByVal ConfigurationString As String) As String

Async Version
Public Function Config(ByVal ConfigurationString As String) As Task(Of String)
Public Function Config(ByVal ConfigurationString As String, cancellationToken As CancellationToken) As Task(Of String)

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreateKey Method (PBKDF Component)

Creates a key.

Syntax

public void CreateKey();

Async Version
public async Task CreateKey();
public async Task CreateKey(CancellationToken cancellationToken);
Public Sub CreateKey()

Async Version
Public Sub CreateKey() As Task
Public Sub CreateKey(cancellationToken As CancellationToken) As Task

Remarks

This method creates a key using a version of the Password-Based Key Derivation Function (PBKDF).

The following properties are applicable when calling this method:

This method populates the Key property with the created (derived) key.

Code Example: Pbkdf pbkdf = new Pbkdf(); pbkdf.Password = "password"; pbkdf.Salt = "0123456789ABCDEF"; pbkdf.KeyLength = 4096; pbkdf.CreateKey(); //Now do something with pbkdf.Key

Reset Method (PBKDF Component)

Resets the component

Syntax

public void Reset();

Async Version
public async Task Reset();
public async Task Reset(CancellationToken cancellationToken);
Public Sub Reset()

Async Version
Public Sub Reset() As Task
Public Sub Reset(cancellationToken As CancellationToken) As Task

Remarks

When called, the component will reset all of its properties to their default values.

Error Event (PBKDF Component)

Fired when information is available about errors during data delivery.

Syntax

public event OnErrorHandler OnError;

public delegate void OnErrorHandler(object sender, PbkdfErrorEventArgs e);

public class PbkdfErrorEventArgs : EventArgs {
  public int ErrorCode { get; }
  public string Description { get; }
}
Public Event OnError As OnErrorHandler

Public Delegate Sub OnErrorHandler(sender As Object, e As PbkdfErrorEventArgs)

Public Class PbkdfErrorEventArgs Inherits EventArgs
  Public ReadOnly Property ErrorCode As Integer
  Public ReadOnly Property Description As String
End Class

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component throws an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Config Settings (PBKDF Component)

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

PBKDF Config Settings

AllowEmptyPassword:   Whether an empty password can be used.

This setting specifies whether or not you can pass an empty password to Password. An empty string or empty byte array can be used, like in the example below. Pbkdf pw = new Pbkdf(); pw.Config("EncodeKey=true"); pw.Config("AllowEmptyPassword=true"); //pw.PasswordB = new byte[0]; pw.Password = ""; pw.Salt = "saltsalt"; pw.Iterations = 100; pw.KeyLength = 160; pw.Version = PbkdfVersions.vPBKDF2; pw.Algorithm = PbkdfAlgorithms.pbHMACSHA1; pw.CreateKey(); The default value is False.

Base Config Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

GUIAvailable:   Whether or not a message loop is available for processing events.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The component will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications, an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the component does not attempt to process external events.

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a component is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g., RuntimeLicense, License File).
  • License Type: The type of license installed (e.g., Royalty Free, Single Server).
  • Last Valid Build: The last valid build number for which the license will work.
MaskSensitive:   Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is true.

This setting only works on these components: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseInternalSecurityAPI:   Whether or not to use the system security libraries or an internal implementation.

When set to false, the component will use the system security libraries by default to perform cryptographic functions where applicable. In this case, calls to unmanaged code will be made. In certain environments, this is not desirable. To use a completely managed security implementation, set this setting to true.

Setting this configuration setting to true tells the component to use the internal implementation instead of using the system security libraries.

On Windows, this setting is set to false by default. On Linux/macOS, this setting is set to true by default.

If using the .NET Standard Library, this setting will be true on all platforms. The .NET Standard library does not support using the system security libraries.

Note: This setting is static. The value set is applicable to all components used in the application.

When this value is set, the product's system dynamic link library (DLL) is no longer required as a reference, as all unmanaged code is stored in that file.

Trappable Errors (PBKDF Component)

PBKDF Errors

116   Password must be set.
117   An error occurred during hash calculation.
118   An invalid algorithm was specified.