PBKDF Class
Properties Methods Events Config Settings Errors
The PBKDF class supports using PBKDF1 and PBKDF2 to derive a key using a variety of algorithms.
Syntax
class ipworksencrypt.PBKDF
Remarks
The PBKDF component implements PBKDF2 and PBKDF1 (Password-Based Key Derivation Function 1 & 2) as described in RFC 2898.
The simplest way to use the component is to simply specify the password and salt and call create_key. Before calling create_key additional properties such as algorithm, key_length, and iterations may be set. The component supports a variety of algorithms including HMAC-SHA1, HMAC-SHA256, HMAC-MD5, and more.
The version property controls whether PBKDF1 or PBKDF2 (default) is used, although it is recommended to use PBKDF2.
After calling create_key the derived key will be held in key.
Code Example:
Pbkdf pbkdf = new Pbkdf();
pbkdf.Password = "password";
pbkdf.Salt = "0123456789ABCDEF";
pbkdf.KeyLength = 4096;
pbkdf.CreateKey();
//Now do something with pbkdf.Key
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
algorithm | The underlying pseudorandom function. |
iterations | The number of iterations to perform. |
key | The derived key. |
key_length | The desired length in bits of the derived key. |
password | The password from which a derived key is generated. |
salt | The cryptographic salt. |
use_hex | Whether the key is hex encoded. |
version | The PBKDF version. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
config | Sets or retrieves a configuration setting. |
create_key | Creates a key. |
reset | Resets the class. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
on_error | Fired when information is available about errors during data delivery. |
Config Settings
The following is a list of config settings for the class with short descriptions. Click on the links for further details.
AllowEmptyPassword | Whether an empty password can be used. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
MaskSensitiveData | Whether sensitive data is masked in log messages. |
ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
UseFIPSCompliantAPI | Tells the class whether or not to use FIPS certified APIs. |
UseInternalSecurityAPI | Whether or not to use the system security libraries or an internal implementation. |
algorithm Property
The underlying pseudorandom function.
Syntax
def get_algorithm() -> int: ... def set_algorithm(value: int) -> None: ...
algorithm = property(get_algorithm, set_algorithm)
Default Value
0
Remarks
This property specifies the algorithm used for the pseudo random function. Possible values are:
0 (pbHMACSHA1 - default) | HMAC-SHA1, The default value and most commonly used. |
1 (pbHMACSHA224) | HMAC-SHA224 |
2 (pbHMACSHA256) | HMAC-SHA256 |
3 (pbHMACSHA384) | HMAC-SHA284 |
4 (pbHMACSHA512) | HMAC-SHA512 |
5 (pbHMACMD5) | HMAC-MD5 |
6 (pbHMACRIPEMD160) | HMAC-RIPEMD160 |
7 (pbSHA1) | SHA1, Only used with PBKDF1. |
8 (pbMD5) | MD5, Only used with PBKDF1. |
9 (pbMD2) | MD2, Only used with PBKDF1. |
Note: When using PBDKF1 the maximum key_length value is 160 bits for SHA1, and 128 bits for MD2 and MD5.
iterations Property
The number of iterations to perform.
Syntax
def get_iterations() -> int: ... def set_iterations(value: int) -> None: ...
iterations = property(get_iterations, set_iterations)
Default Value
10000
Remarks
This property specifies the number of iterations to perform when deriving the key. Larger values require more time to derive a key, however they also make password cracking more difficult by increasing the amount of time required to derive each key.
The recommended minimum number of iterations is 1000, and larger values such as 10,000 are common. The default value is 10000.
key Property
The derived key.
Syntax
def get_key() -> bytes: ...
key = property(get_key, None)
Default Value
""
Remarks
This property holds the derived key. After calling create_key this property will be populated.
This property is read-only.
key_length Property
The desired length in bits of the derived key.
Syntax
def get_key_length() -> int: ... def set_key_length(value: int) -> None: ...
key_length = property(get_key_length, set_key_length)
Default Value
1024
Remarks
This property specifies the length in bits of the key.
The provided value must be divisible by 8. The default value is 1024.
Note: When version is set to PBKDF1 certain restrictions apply. When algorithm is set to MD5 the maximum length is 128. When algorithm is set to SHA1 the maximum value is 160.
password Property
The password from which a derived key is generated.
Syntax
def get_password() -> bytes: ... def set_password(value: bytes) -> None: ...
password = property(get_password, set_password)
Default Value
""
Remarks
This property specifies the password from which the derived key is created.
salt Property
The cryptographic salt.
Syntax
def get_salt() -> bytes: ... def set_salt(value: bytes) -> None: ...
salt = property(get_salt, set_salt)
Default Value
""
Remarks
This property specifies the salt used during key creation.
It is recommended to provide a salt value of at least 64 bits in length. A common length is 128 bits. It is also recommended that the salt value be randomly chosen.
use_hex Property
Whether the key is hex encoded.
Syntax
def get_use_hex() -> bool: ... def set_use_hex(value: bool) -> None: ...
use_hex = property(get_use_hex, set_use_hex)
Default Value
FALSE
Remarks
This setting specifies whether the created key is hex encoded when calling create_key. The default value is False.
version Property
The PBKDF version.
Syntax
def get_version() -> int: ... def set_version(value: int) -> None: ...
version = property(get_version, set_version)
Default Value
1
Remarks
This property specifies the PBKDF version to be used. It is recommended to use PBKDF2 for new applications. PBKDF1 is included only for compatibility with existing applications and is not recommended.
Possible values are:
- 0 (vPBKDF1)
- 1 (vPBKDF2 - default)
config Method
Sets or retrieves a configuration setting.
Syntax
def config(configuration_string: str) -> str: ...
Remarks
config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
create_key Method
Creates a key.
Syntax
def create_key() -> None: ...
Remarks
This method creates a key using a version of the Password-Based Key Derivation Function (PBKDF).
The following properties are applicable when calling this method:
- password (required)
- salt (required)
- algorithm
- iterations
- key_length
- version
Code Example:
Pbkdf pbkdf = new Pbkdf();
pbkdf.Password = "password";
pbkdf.Salt = "0123456789ABCDEF";
pbkdf.KeyLength = 4096;
pbkdf.CreateKey();
//Now do something with pbkdf.Key
reset Method
Resets the class.
Syntax
def reset() -> None: ...
Remarks
When called, the class will reset all of its properties to their default values.
on_error Event
Fired when information is available about errors during data delivery.
Syntax
class PBKDFErrorEventParams(object): @property def error_code() -> int: ... @property def description() -> str: ... # In class PBKDF: @property def on_error() -> Callable[[PBKDFErrorEventParams], None]: ... @on_error.setter def on_error(event_hook: Callable[[PBKDFErrorEventParams], None]) -> None: ...
Remarks
The on_error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.
The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.
PBKDF Config Settings
The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.PBKDF Config Settings
Pbkdf pw = new Pbkdf();
pw.Config("EncodeKey=true");
pw.Config("AllowEmptyPassword=true");
//pw.PasswordB = new byte[0];
pw.Password = "";
pw.Salt = "saltsalt";
pw.Iterations = 100;
pw.KeyLength = 160;
pw.Version = PbkdfVersions.vPBKDF2;
pw.Algorithm = PbkdfAlgorithms.pbHMACSHA1;
pw.CreateKey();
The default value is False.
Base Config Settings
The following is a list of valid code page identifiers:
Identifier | Name |
037 | IBM EBCDIC - U.S./Canada |
437 | OEM - United States |
500 | IBM EBCDIC - International |
708 | Arabic - ASMO 708 |
709 | Arabic - ASMO 449+, BCON V4 |
710 | Arabic - Transparent Arabic |
720 | Arabic - Transparent ASMO |
737 | OEM - Greek (formerly 437G) |
775 | OEM - Baltic |
850 | OEM - Multilingual Latin I |
852 | OEM - Latin II |
855 | OEM - Cyrillic (primarily Russian) |
857 | OEM - Turkish |
858 | OEM - Multilingual Latin I + Euro symbol |
860 | OEM - Portuguese |
861 | OEM - Icelandic |
862 | OEM - Hebrew |
863 | OEM - Canadian-French |
864 | OEM - Arabic |
865 | OEM - Nordic |
866 | OEM - Russian |
869 | OEM - Modern Greek |
870 | IBM EBCDIC - Multilingual/ROECE (Latin-2) |
874 | ANSI/OEM - Thai (same as 28605, ISO 8859-15) |
875 | IBM EBCDIC - Modern Greek |
932 | ANSI/OEM - Japanese, Shift-JIS |
936 | ANSI/OEM - Simplified Chinese (PRC, Singapore) |
949 | ANSI/OEM - Korean (Unified Hangul Code) |
950 | ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC) |
1026 | IBM EBCDIC - Turkish (Latin-5) |
1047 | IBM EBCDIC - Latin 1/Open System |
1140 | IBM EBCDIC - U.S./Canada (037 + Euro symbol) |
1141 | IBM EBCDIC - Germany (20273 + Euro symbol) |
1142 | IBM EBCDIC - Denmark/Norway (20277 + Euro symbol) |
1143 | IBM EBCDIC - Finland/Sweden (20278 + Euro symbol) |
1144 | IBM EBCDIC - Italy (20280 + Euro symbol) |
1145 | IBM EBCDIC - Latin America/Spain (20284 + Euro symbol) |
1146 | IBM EBCDIC - United Kingdom (20285 + Euro symbol) |
1147 | IBM EBCDIC - France (20297 + Euro symbol) |
1148 | IBM EBCDIC - International (500 + Euro symbol) |
1149 | IBM EBCDIC - Icelandic (20871 + Euro symbol) |
1200 | Unicode UCS-2 Little-Endian (BMP of ISO 10646) |
1201 | Unicode UCS-2 Big-Endian |
1250 | ANSI - Central European |
1251 | ANSI - Cyrillic |
1252 | ANSI - Latin I |
1253 | ANSI - Greek |
1254 | ANSI - Turkish |
1255 | ANSI - Hebrew |
1256 | ANSI - Arabic |
1257 | ANSI - Baltic |
1258 | ANSI/OEM - Vietnamese |
1361 | Korean (Johab) |
10000 | MAC - Roman |
10001 | MAC - Japanese |
10002 | MAC - Traditional Chinese (Big5) |
10003 | MAC - Korean |
10004 | MAC - Arabic |
10005 | MAC - Hebrew |
10006 | MAC - Greek I |
10007 | MAC - Cyrillic |
10008 | MAC - Simplified Chinese (GB 2312) |
10010 | MAC - Romania |
10017 | MAC - Ukraine |
10021 | MAC - Thai |
10029 | MAC - Latin II |
10079 | MAC - Icelandic |
10081 | MAC - Turkish |
10082 | MAC - Croatia |
12000 | Unicode UCS-4 Little-Endian |
12001 | Unicode UCS-4 Big-Endian |
20000 | CNS - Taiwan |
20001 | TCA - Taiwan |
20002 | Eten - Taiwan |
20003 | IBM5550 - Taiwan |
20004 | TeleText - Taiwan |
20005 | Wang - Taiwan |
20105 | IA5 IRV International Alphabet No. 5 (7-bit) |
20106 | IA5 German (7-bit) |
20107 | IA5 Swedish (7-bit) |
20108 | IA5 Norwegian (7-bit) |
20127 | US-ASCII (7-bit) |
20261 | T.61 |
20269 | ISO 6937 Non-Spacing Accent |
20273 | IBM EBCDIC - Germany |
20277 | IBM EBCDIC - Denmark/Norway |
20278 | IBM EBCDIC - Finland/Sweden |
20280 | IBM EBCDIC - Italy |
20284 | IBM EBCDIC - Latin America/Spain |
20285 | IBM EBCDIC - United Kingdom |
20290 | IBM EBCDIC - Japanese Katakana Extended |
20297 | IBM EBCDIC - France |
20420 | IBM EBCDIC - Arabic |
20423 | IBM EBCDIC - Greek |
20424 | IBM EBCDIC - Hebrew |
20833 | IBM EBCDIC - Korean Extended |
20838 | IBM EBCDIC - Thai |
20866 | Russian - KOI8-R |
20871 | IBM EBCDIC - Icelandic |
20880 | IBM EBCDIC - Cyrillic (Russian) |
20905 | IBM EBCDIC - Turkish |
20924 | IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol) |
20932 | JIS X 0208-1990 & 0121-1990 |
20936 | Simplified Chinese (GB2312) |
21025 | IBM EBCDIC - Cyrillic (Serbian, Bulgarian) |
21027 | Extended Alpha Lowercase |
21866 | Ukrainian (KOI8-U) |
28591 | ISO 8859-1 Latin I |
28592 | ISO 8859-2 Central Europe |
28593 | ISO 8859-3 Latin 3 |
28594 | ISO 8859-4 Baltic |
28595 | ISO 8859-5 Cyrillic |
28596 | ISO 8859-6 Arabic |
28597 | ISO 8859-7 Greek |
28598 | ISO 8859-8 Hebrew |
28599 | ISO 8859-9 Latin 5 |
28605 | ISO 8859-15 Latin 9 |
29001 | Europa 3 |
38598 | ISO 8859-8 Hebrew |
50220 | ISO 2022 Japanese with no halfwidth Katakana |
50221 | ISO 2022 Japanese with halfwidth Katakana |
50222 | ISO 2022 Japanese JIS X 0201-1989 |
50225 | ISO 2022 Korean |
50227 | ISO 2022 Simplified Chinese |
50229 | ISO 2022 Traditional Chinese |
50930 | Japanese (Katakana) Extended |
50931 | US/Canada and Japanese |
50933 | Korean Extended and Korean |
50935 | Simplified Chinese Extended and Simplified Chinese |
50936 | Simplified Chinese |
50937 | US/Canada and Traditional Chinese |
50939 | Japanese (Latin) Extended and Japanese |
51932 | EUC - Japanese |
51936 | EUC - Simplified Chinese |
51949 | EUC - Korean |
51950 | EUC - Traditional Chinese |
52936 | HZ-GB2312 Simplified Chinese |
54936 | Windows XP: GB18030 Simplified Chinese (4 Byte) |
57002 | ISCII Devanagari |
57003 | ISCII Bengali |
57004 | ISCII Tamil |
57005 | ISCII Telugu |
57006 | ISCII Assamese |
57007 | ISCII Oriya |
57008 | ISCII Kannada |
57009 | ISCII Malayalam |
57010 | ISCII Gujarati |
57011 | ISCII Punjabi |
65000 | Unicode UTF-7 |
65001 | Unicode UTF-8 |
Identifier | Name |
1 | ASCII |
2 | NEXTSTEP |
3 | JapaneseEUC |
4 | UTF8 |
5 | ISOLatin1 |
6 | Symbol |
7 | NonLossyASCII |
8 | ShiftJIS |
9 | ISOLatin2 |
10 | Unicode |
11 | WindowsCP1251 |
12 | WindowsCP1252 |
13 | WindowsCP1253 |
14 | WindowsCP1254 |
15 | WindowsCP1250 |
21 | ISO2022JP |
30 | MacOSRoman |
10 | UTF16String |
0x90000100 | UTF16BigEndian |
0x94000100 | UTF16LittleEndian |
0x8c000100 | UTF32String |
0x98000100 | UTF32BigEndian |
0x9c000100 | UTF32LittleEndian |
65536 | Proprietary |
- Product: The product the license is for.
- Product Key: The key the license was generated from.
- License Source: Where the license was found (e.g., RuntimeLicense, License File).
- License Type: The type of license installed (e.g., Royalty Free, Single Server).
- Last Valid Build: The last valid build number for which the license will work.
This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.
FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to True. This is a static setting that applies to all instances of all classes of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.
For more details, please see the FIPS 140-2 Compliance article.
Note: This setting is applicable only on Windows.
Note: Enabling FIPS compliance requires a special license; please contact sales@nsoftware.com for details.
Setting this configuration setting to True tells the class to use the internal implementation instead of using the system security libraries.
On Windows, this setting is set to False by default. On Linux/macOS, this setting is set to True by default.
To use the system security libraries for Linux, OpenSSL support must be enabled. For more information on how to enable OpenSSL, please refer to the OpenSSL Notes section.
PBKDF Errors
PBKDF Errors
116 | Password must be set. |
117 | An error occurred during hash calculation. |
118 | An invalid algorithm was specified. |