PBKDF Component

Properties   Methods   Events   Config Settings   Errors  

The PBKDF component supports using PBKDF1 and PBKDF2 to derive a key using a variety of algorithms.

Syntax

TipcPBKDF

Remarks

The PBKDF component implements PBKDF2 and PBKDF1 (Password-Based Key Derivation Function 1 & 2) as described in RFC 2898.

The simplest way to use the component is to simply specify the Password and Salt and call CreateKey. Before calling CreateKey additional properties such as Algorithm, KeyLength, and Iterations may be set. The component supports a variety of algorithms including HMAC-SHA1, HMAC-SHA256, HMAC-MD5, and more.

The Version property controls whether PBKDF1 or PBKDF2 (default) is used, although it is recommended to use PBKDF2.

After calling CreateKey the derived key will be held in Key.

Code Example: Pbkdf pbkdf = new Pbkdf(); pbkdf.Password = "password"; pbkdf.Salt = "0123456789ABCDEF"; pbkdf.KeyLength = 4096; pbkdf.CreateKey(); //Now do something with pbkdf.Key

Property List


The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

AlgorithmThe underlying pseudorandom function.
IterationsThe number of iterations to perform.
KeyThe derived key.
KeyLengthThe desired length in bits of the derived key.
PasswordThe password from which a derived key is generated.
SaltThe cryptographic salt.
UseHexWhether the key is hex encoded.
VersionThe PBKDF version.

Method List


The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

ConfigSets or retrieves a configuration setting.
CreateKeyCreates a key.
ResetResets the component.

Event List


The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

ErrorFired when information is available about errors during data delivery.

Config Settings


The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AllowEmptyPasswordWhether an empty password can be used.
BuildInfoInformation about the product's build.
CodePageThe system code page used for Unicode to Multibyte translations.
LicenseInfoInformation about the current license.
MaskSensitiveDataWhether sensitive data is masked in log messages.
UseFIPSCompliantAPITells the component whether or not to use FIPS certified APIs.
UseInternalSecurityAPIWhether or not to use the system security libraries or an internal implementation.

Algorithm Property (PBKDF Component)

The underlying pseudorandom function.

Syntax

property Algorithm: TipcTPBKDFAlgorithms read get_Algorithm write set_Algorithm;
TipcTPBKDFAlgorithms = ( pbHMACSHA1, pbHMACSHA224, pbHMACSHA256, pbHMACSHA384, pbHMACSHA512, pbHMACMD5, pbHMACRIPEMD160, pbSHA1, pbMD5, pbMD2 );

Default Value

pbHMACSHA1

Remarks

This property specifies the algorithm used for the pseudo random function. Possible values are:

0 (pbHMACSHA1 - default) HMAC-SHA1, The default value and most commonly used.
1 (pbHMACSHA224) HMAC-SHA224
2 (pbHMACSHA256) HMAC-SHA256
3 (pbHMACSHA384) HMAC-SHA284
4 (pbHMACSHA512) HMAC-SHA512
5 (pbHMACMD5) HMAC-MD5
6 (pbHMACRIPEMD160) HMAC-RIPEMD160
7 (pbSHA1) SHA1, Only used with PBKDF1.
8 (pbMD5) MD5, Only used with PBKDF1.
9 (pbMD2) MD2, Only used with PBKDF1.

Note: When using PBDKF1 the maximum KeyLength value is 160 bits for SHA1, and 128 bits for MD2 and MD5.

Iterations Property (PBKDF Component)

The number of iterations to perform.

Syntax

property Iterations: Integer read get_Iterations write set_Iterations;

Default Value

10000

Remarks

This property specifies the number of iterations to perform when deriving the key. Larger values require more time to derive a key, however they also make password cracking more difficult by increasing the amount of time required to derive each key.

The recommended minimum number of iterations is 1000, and larger values such as 10,000 are common. The default value is 10000.

Key Property (PBKDF Component)

The derived key.

Syntax

property Key: String read get_Key;
property KeyB: TBytes read get_KeyB;

Default Value

''

Remarks

This property holds the derived key. After calling CreateKey this property will be populated.

This property is read-only.

KeyLength Property (PBKDF Component)

The desired length in bits of the derived key.

Syntax

property KeyLength: Integer read get_KeyLength write set_KeyLength;

Default Value

1024

Remarks

This property specifies the length in bits of the Key.

The provided value must be divisible by 8. The default value is 1024.

Note: When Version is set to PBKDF1 certain restrictions apply. When Algorithm is set to MD5 the maximum length is 128. When Algorithm is set to SHA1 the maximum value is 160.

Password Property (PBKDF Component)

The password from which a derived key is generated.

Syntax

property Password: String read get_Password write set_Password;
property PasswordB: TBytes read get_PasswordB write set_PasswordB;

Default Value

''

Remarks

This property specifies the password from which the derived key is created.

Salt Property (PBKDF Component)

The cryptographic salt.

Syntax

property Salt: String read get_Salt write set_Salt;
property SaltB: TBytes read get_SaltB write set_SaltB;

Default Value

''

Remarks

This property specifies the salt used during key creation.

It is recommended to provide a salt value of at least 64 bits in length. A common length is 128 bits. It is also recommended that the salt value be randomly chosen.

UseHex Property (PBKDF Component)

Whether the key is hex encoded.

Syntax

property UseHex: Boolean read get_UseHex write set_UseHex;

Default Value

false

Remarks

This setting specifies whether the created Key is hex encoded when calling CreateKey. The default value is False.

Version Property (PBKDF Component)

The PBKDF version.

Syntax

property Version: TipcTVersions read get_Version write set_Version;
TipcTVersions = ( vPBKDF1, vPBKDF2 );

Default Value

vPBKDF2

Remarks

This property specifies the PBKDF version to be used. It is recommended to use PBKDF2 for new applications. PBKDF1 is included only for compatibility with existing applications and is not recommended.

Possible values are:

  • 0 (vPBKDF1)
  • 1 (vPBKDF2 - default)

Config Method (PBKDF Component)

Sets or retrieves a configuration setting.

Syntax

function Config(ConfigurationString: String): String;

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreateKey Method (PBKDF Component)

Creates a key.

Syntax

procedure CreateKey();

Remarks

This method creates a key using a version of the Password-Based Key Derivation Function (PBKDF).

The following properties are applicable when calling this method:

This method populates the Key property with the created (derived) key.

Code Example: Pbkdf pbkdf = new Pbkdf(); pbkdf.Password = "password"; pbkdf.Salt = "0123456789ABCDEF"; pbkdf.KeyLength = 4096; pbkdf.CreateKey(); //Now do something with pbkdf.Key

Reset Method (PBKDF Component)

Resets the component.

Syntax

procedure Reset();

Remarks

When called, the component will reset all of its properties to their default values.

Error Event (PBKDF Component)

Fired when information is available about errors during data delivery.

Syntax

type TErrorEvent = procedure (
  Sender: TObject;
  ErrorCode: Integer;
  const Description: String
) of Object;

property OnError: TErrorEvent read FOnError write FOnError;

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component raises an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Config Settings (PBKDF Component)

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

PBKDF Config Settings

AllowEmptyPassword:   Whether an empty password can be used.

This setting specifies whether or not you can pass an empty password to Password. An empty string or empty byte array can be used, like in the example below. Pbkdf pw = new Pbkdf(); pw.Config("EncodeKey=true"); pw.Config("AllowEmptyPassword=true"); //pw.PasswordB = new byte[0]; pw.Password = ""; pw.Salt = "saltsalt"; pw.Iterations = 100; pw.KeyLength = 160; pw.Version = PbkdfVersions.vPBKDF2; pw.Algorithm = PbkdfAlgorithms.pbHMACSHA1; pw.CreateKey(); The default value is False.

Base Config Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

CodePage:   The system code page used for Unicode to Multibyte translations.

The default code page is Unicode UTF-8 (65001).

The following is a list of valid code page identifiers:

IdentifierName
037IBM EBCDIC - U.S./Canada
437OEM - United States
500IBM EBCDIC - International
708Arabic - ASMO 708
709Arabic - ASMO 449+, BCON V4
710Arabic - Transparent Arabic
720Arabic - Transparent ASMO
737OEM - Greek (formerly 437G)
775OEM - Baltic
850OEM - Multilingual Latin I
852OEM - Latin II
855OEM - Cyrillic (primarily Russian)
857OEM - Turkish
858OEM - Multilingual Latin I + Euro symbol
860OEM - Portuguese
861OEM - Icelandic
862OEM - Hebrew
863OEM - Canadian-French
864OEM - Arabic
865OEM - Nordic
866OEM - Russian
869OEM - Modern Greek
870IBM EBCDIC - Multilingual/ROECE (Latin-2)
874ANSI/OEM - Thai (same as 28605, ISO 8859-15)
875IBM EBCDIC - Modern Greek
932ANSI/OEM - Japanese, Shift-JIS
936ANSI/OEM - Simplified Chinese (PRC, Singapore)
949ANSI/OEM - Korean (Unified Hangul Code)
950ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC)
1026IBM EBCDIC - Turkish (Latin-5)
1047IBM EBCDIC - Latin 1/Open System
1140IBM EBCDIC - U.S./Canada (037 + Euro symbol)
1141IBM EBCDIC - Germany (20273 + Euro symbol)
1142IBM EBCDIC - Denmark/Norway (20277 + Euro symbol)
1143IBM EBCDIC - Finland/Sweden (20278 + Euro symbol)
1144IBM EBCDIC - Italy (20280 + Euro symbol)
1145IBM EBCDIC - Latin America/Spain (20284 + Euro symbol)
1146IBM EBCDIC - United Kingdom (20285 + Euro symbol)
1147IBM EBCDIC - France (20297 + Euro symbol)
1148IBM EBCDIC - International (500 + Euro symbol)
1149IBM EBCDIC - Icelandic (20871 + Euro symbol)
1200Unicode UCS-2 Little-Endian (BMP of ISO 10646)
1201Unicode UCS-2 Big-Endian
1250ANSI - Central European
1251ANSI - Cyrillic
1252ANSI - Latin I
1253ANSI - Greek
1254ANSI - Turkish
1255ANSI - Hebrew
1256ANSI - Arabic
1257ANSI - Baltic
1258ANSI/OEM - Vietnamese
1361Korean (Johab)
10000MAC - Roman
10001MAC - Japanese
10002MAC - Traditional Chinese (Big5)
10003MAC - Korean
10004MAC - Arabic
10005MAC - Hebrew
10006MAC - Greek I
10007MAC - Cyrillic
10008MAC - Simplified Chinese (GB 2312)
10010MAC - Romania
10017MAC - Ukraine
10021MAC - Thai
10029MAC - Latin II
10079MAC - Icelandic
10081MAC - Turkish
10082MAC - Croatia
12000Unicode UCS-4 Little-Endian
12001Unicode UCS-4 Big-Endian
20000CNS - Taiwan
20001TCA - Taiwan
20002Eten - Taiwan
20003IBM5550 - Taiwan
20004TeleText - Taiwan
20005Wang - Taiwan
20105IA5 IRV International Alphabet No. 5 (7-bit)
20106IA5 German (7-bit)
20107IA5 Swedish (7-bit)
20108IA5 Norwegian (7-bit)
20127US-ASCII (7-bit)
20261T.61
20269ISO 6937 Non-Spacing Accent
20273IBM EBCDIC - Germany
20277IBM EBCDIC - Denmark/Norway
20278IBM EBCDIC - Finland/Sweden
20280IBM EBCDIC - Italy
20284IBM EBCDIC - Latin America/Spain
20285IBM EBCDIC - United Kingdom
20290IBM EBCDIC - Japanese Katakana Extended
20297IBM EBCDIC - France
20420IBM EBCDIC - Arabic
20423IBM EBCDIC - Greek
20424IBM EBCDIC - Hebrew
20833IBM EBCDIC - Korean Extended
20838IBM EBCDIC - Thai
20866Russian - KOI8-R
20871IBM EBCDIC - Icelandic
20880IBM EBCDIC - Cyrillic (Russian)
20905IBM EBCDIC - Turkish
20924IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol)
20932JIS X 0208-1990 & 0121-1990
20936Simplified Chinese (GB2312)
21025IBM EBCDIC - Cyrillic (Serbian, Bulgarian)
21027Extended Alpha Lowercase
21866Ukrainian (KOI8-U)
28591ISO 8859-1 Latin I
28592ISO 8859-2 Central Europe
28593ISO 8859-3 Latin 3
28594ISO 8859-4 Baltic
28595ISO 8859-5 Cyrillic
28596ISO 8859-6 Arabic
28597ISO 8859-7 Greek
28598ISO 8859-8 Hebrew
28599ISO 8859-9 Latin 5
28605ISO 8859-15 Latin 9
29001Europa 3
38598ISO 8859-8 Hebrew
50220ISO 2022 Japanese with no halfwidth Katakana
50221ISO 2022 Japanese with halfwidth Katakana
50222ISO 2022 Japanese JIS X 0201-1989
50225ISO 2022 Korean
50227ISO 2022 Simplified Chinese
50229ISO 2022 Traditional Chinese
50930Japanese (Katakana) Extended
50931US/Canada and Japanese
50933Korean Extended and Korean
50935Simplified Chinese Extended and Simplified Chinese
50936Simplified Chinese
50937US/Canada and Traditional Chinese
50939Japanese (Latin) Extended and Japanese
51932EUC - Japanese
51936EUC - Simplified Chinese
51949EUC - Korean
51950EUC - Traditional Chinese
52936HZ-GB2312 Simplified Chinese
54936Windows XP: GB18030 Simplified Chinese (4 Byte)
57002ISCII Devanagari
57003ISCII Bengali
57004ISCII Tamil
57005ISCII Telugu
57006ISCII Assamese
57007ISCII Oriya
57008ISCII Kannada
57009ISCII Malayalam
57010ISCII Gujarati
57011ISCII Punjabi
65000Unicode UTF-7
65001Unicode UTF-8
The following is a list of valid code page identifiers for Mac OS only:
IdentifierName
1ASCII
2NEXTSTEP
3JapaneseEUC
4UTF8
5ISOLatin1
6Symbol
7NonLossyASCII
8ShiftJIS
9ISOLatin2
10Unicode
11WindowsCP1251
12WindowsCP1252
13WindowsCP1253
14WindowsCP1254
15WindowsCP1250
21ISO2022JP
30MacOSRoman
10UTF16String
0x90000100UTF16BigEndian
0x94000100UTF16LittleEndian
0x8c000100UTF32String
0x98000100UTF32BigEndian
0x9c000100UTF32LittleEndian
65536Proprietary

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a component is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g., RuntimeLicense, License File).
  • License Type: The type of license installed (e.g., Royalty Free, Single Server).
  • Last Valid Build: The last valid build number for which the license will work.
MaskSensitiveData:   Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to True to mask sensitive data. The default is True.

This setting only works on these components: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseFIPSCompliantAPI:   Tells the component whether or not to use FIPS certified APIs.

When set to True, the component will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle Federal Information Processing Standards (FIPS), while all other Windows editions make use of Microsoft security libraries.

FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to True. This is a static setting that applies to all instances of all components of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.

For more details, please see the FIPS 140-2 Compliance article.

Note: This setting is applicable only on Windows.

Note: Enabling FIPS compliance requires a special license; please contact sales@nsoftware.com for details.

UseInternalSecurityAPI:   Whether or not to use the system security libraries or an internal implementation.

When set to False, the component will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this configuration setting to True tells the component to use the internal implementation instead of using the system security libraries.

This setting is set to False by default on all platforms.

Trappable Errors (PBKDF Component)

PBKDF Errors

116   Password must be set.
117   An error occurred during hash calculation.
118   An invalid algorithm was specified.