Rfc2898DeriveBytes 建構函式
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
初始化 Rfc2898DeriveBytes 類別的新執行個體。
多載
| Rfc2898DeriveBytes(String, Byte[]) |
已淘汰.
使用密碼和 Salt 來衍生金鑰,以初始化 Rfc2898DeriveBytes 類別的新執行個體。 |
| Rfc2898DeriveBytes(String, Int32) |
已淘汰.
使用密碼和 Salt 大小來衍生金鑰,以初始化 Rfc2898DeriveBytes 類別的新執行個體。 |
| Rfc2898DeriveBytes(Byte[], Byte[], Int32) |
已淘汰.
使用密碼、Salt 和反覆計數來衍生金鑰,以初始化 Rfc2898DeriveBytes 類別的新執行個體。 |
| Rfc2898DeriveBytes(String, Byte[], Int32) |
已淘汰.
使用密碼、Salt 和反覆計數來衍生金鑰,以初始化 Rfc2898DeriveBytes 類別的新執行個體。 |
| Rfc2898DeriveBytes(String, Int32, Int32) |
已淘汰.
使用密碼、Salt 大小和反覆計數來衍生金鑰,以初始化 Rfc2898DeriveBytes 類別的新執行個體。 |
| Rfc2898DeriveBytes(Byte[], Byte[], Int32, HashAlgorithmName) |
將 Rfc2898DeriveBytes 類別的新執行個體初始化,該類別使用指定的密碼、salt、反覆項目數和雜湊演算法名稱來衍生金鑰。 |
| Rfc2898DeriveBytes(String, Byte[], Int32, HashAlgorithmName) |
將 Rfc2898DeriveBytes 類別的新執行個體初始化,該類別使用指定的密碼、salt、反覆項目數和雜湊演算法名稱來衍生金鑰。 |
| Rfc2898DeriveBytes(String, Int32, Int32, HashAlgorithmName) |
將 Rfc2898DeriveBytes 類別的新執行個體初始化,該類別使用指定的密碼、salt 大小、反覆項目數和雜湊演算法名稱來衍生金鑰。 |
Rfc2898DeriveBytes(String, Byte[])
警告
The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.
使用密碼和 Salt 來衍生金鑰,以初始化 Rfc2898DeriveBytes 類別的新執行個體。
public:
Rfc2898DeriveBytes(System::String ^ password, cli::array <System::Byte> ^ salt);public Rfc2898DeriveBytes (string password, byte[] salt);[System.Obsolete("The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.", DiagnosticId="SYSLIB0041", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public Rfc2898DeriveBytes (string password, byte[] salt);new System.Security.Cryptography.Rfc2898DeriveBytes : string * byte[] -> System.Security.Cryptography.Rfc2898DeriveBytes[<System.Obsolete("The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.", DiagnosticId="SYSLIB0041", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
new System.Security.Cryptography.Rfc2898DeriveBytes : string * byte[] -> System.Security.Cryptography.Rfc2898DeriveBytesPublic Sub New (password As String, salt As Byte())參數
- password
- String
用來衍生金鑰的密碼。
- salt
- Byte[]
用來衍生金鑰的金鑰 Salt。
- 屬性
例外狀況
指定的 Salt 大小小於 8 個位元組,或反覆計數小於 1。
密碼或 Salt 是 null。
範例
下列程式代碼範例會 Rfc2898DeriveBytes 使用 類別來建立 類別的 Aes 兩個相同索引鍵。 然後,它會使用金鑰來加密和解密某些數據。
using namespace System;
using namespace System::IO;
using namespace System::Text;
using namespace System::Security::Cryptography;
// Generate a key k1 with password pwd1 and salt salt1.
// Generate a key k2 with password pwd1 and salt salt1.
// Encrypt data1 with key k1 using symmetric encryption, creating edata1.
// Decrypt edata1 with key k2 using symmetric decryption, creating data2.
// data2 should equal data1.
int main()
{
array<String^>^passwordargs = Environment::GetCommandLineArgs();
String^ usageText = "Usage: RFC2898 <password>\nYou must specify the password for encryption.\n";
//If no file name is specified, write usage text.
if ( passwordargs->Length == 1 )
{
Console::WriteLine( usageText );
}
else
{
String^ pwd1 = passwordargs[ 1 ];
array<Byte>^salt1 = gcnew array<Byte>(8);
RNGCryptoServiceProvider ^ rngCsp = gcnew RNGCryptoServiceProvider();
rngCsp->GetBytes(salt1);
//data1 can be a string or contents of a file.
String^ data1 = "Some test data";
//The default iteration count is 1000 so the two methods use the same iteration count.
int myIterations = 1000;
try
{
Rfc2898DeriveBytes ^ k1 = gcnew Rfc2898DeriveBytes( pwd1,salt1,myIterations );
Rfc2898DeriveBytes ^ k2 = gcnew Rfc2898DeriveBytes( pwd1,salt1 );
// Encrypt the data.
Aes^ encAlg = Aes::Create();
encAlg->Key = k1->GetBytes( 16 );
MemoryStream^ encryptionStream = gcnew MemoryStream;
CryptoStream^ encrypt = gcnew CryptoStream( encryptionStream,encAlg->CreateEncryptor(),CryptoStreamMode::Write );
array<Byte>^utfD1 = (gcnew System::Text::UTF8Encoding( false ))->GetBytes( data1 );
encrypt->Write( utfD1, 0, utfD1->Length );
encrypt->FlushFinalBlock();
encrypt->Close();
array<Byte>^edata1 = encryptionStream->ToArray();
k1->Reset();
// Try to decrypt, thus showing it can be round-tripped.
Aes^ decAlg = Aes::Create();
decAlg->Key = k2->GetBytes( 16 );
decAlg->IV = encAlg->IV;
MemoryStream^ decryptionStreamBacking = gcnew MemoryStream;
CryptoStream^ decrypt = gcnew CryptoStream( decryptionStreamBacking,decAlg->CreateDecryptor(),CryptoStreamMode::Write );
decrypt->Write( edata1, 0, edata1->Length );
decrypt->Flush();
decrypt->Close();
k2->Reset();
String^ data2 = (gcnew UTF8Encoding( false ))->GetString( decryptionStreamBacking->ToArray() );
if ( !data1->Equals( data2 ) )
{
Console::WriteLine( "Error: The two values are not equal." );
}
else
{
Console::WriteLine( "The two values are equal." );
Console::WriteLine( "k1 iterations: {0}", k1->IterationCount );
Console::WriteLine( "k2 iterations: {0}", k2->IterationCount );
}
}
catch ( Exception^ e )
{
Console::WriteLine( "Error: ", e );
}
}
}
using System;
using System.IO;
using System.Text;
using System.Security.Cryptography;
public class rfc2898test
{
// Generate a key k1 with password pwd1 and salt salt1.
// Generate a key k2 with password pwd1 and salt salt1.
// Encrypt data1 with key k1 using symmetric encryption, creating edata1.
// Decrypt edata1 with key k2 using symmetric decryption, creating data2.
// data2 should equal data1.
private const string usageText = "Usage: RFC2898 <password>\nYou must specify the password for encryption.\n";
public static void Main(string[] passwordargs)
{
//If no file name is specified, write usage text.
if (passwordargs.Length == 0)
{
Console.WriteLine(usageText);
}
else
{
string pwd1 = passwordargs[0];
// Create a byte array to hold the random value.
byte[] salt1 = new byte[8];
using (RNGCryptoServiceProvider rngCsp = new
RNGCryptoServiceProvider())
{
// Fill the array with a random value.
rngCsp.GetBytes(salt1);
}
//data1 can be a string or contents of a file.
string data1 = "Some test data";
//The default iteration count is 1000 so the two methods use the same iteration count.
int myIterations = 1000;
try
{
Rfc2898DeriveBytes k1 = new Rfc2898DeriveBytes(pwd1, salt1,
myIterations);
Rfc2898DeriveBytes k2 = new Rfc2898DeriveBytes(pwd1, salt1);
// Encrypt the data.
Aes encAlg = Aes.Create();
encAlg.Key = k1.GetBytes(16);
MemoryStream encryptionStream = new MemoryStream();
CryptoStream encrypt = new CryptoStream(encryptionStream,
encAlg.CreateEncryptor(), CryptoStreamMode.Write);
byte[] utfD1 = new System.Text.UTF8Encoding(false).GetBytes(
data1);
encrypt.Write(utfD1, 0, utfD1.Length);
encrypt.FlushFinalBlock();
encrypt.Close();
byte[] edata1 = encryptionStream.ToArray();
k1.Reset();
// Try to decrypt, thus showing it can be round-tripped.
Aes decAlg = Aes.Create();
decAlg.Key = k2.GetBytes(16);
decAlg.IV = encAlg.IV;
MemoryStream decryptionStreamBacking = new MemoryStream();
CryptoStream decrypt = new CryptoStream(
decryptionStreamBacking, decAlg.CreateDecryptor(), CryptoStreamMode.Write);
decrypt.Write(edata1, 0, edata1.Length);
decrypt.Flush();
decrypt.Close();
k2.Reset();
string data2 = new UTF8Encoding(false).GetString(
decryptionStreamBacking.ToArray());
if (!data1.Equals(data2))
{
Console.WriteLine("Error: The two values are not equal.");
}
else
{
Console.WriteLine("The two values are equal.");
Console.WriteLine("k1 iterations: {0}", k1.IterationCount);
Console.WriteLine("k2 iterations: {0}", k2.IterationCount);
}
}
catch (Exception e)
{
Console.WriteLine("Error: {0}", e);
}
}
}
}
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Public Class rfc2898test
' Generate a key k1 with password pwd1 and salt salt1.
' Generate a key k2 with password pwd1 and salt salt1.
' Encrypt data1 with key k1 using symmetric encryption, creating edata1.
' Decrypt edata1 with key k2 using symmetric decryption, creating data2.
' data2 should equal data1.
Private Const usageText As String = "Usage: RFC2898 <password>" + vbLf + "You must specify the password for encryption." + vbLf
Public Shared Sub Main(ByVal passwordargs() As String)
'If no file name is specified, write usage text.
If passwordargs.Length = 0 Then
Console.WriteLine(usageText)
Else
Dim pwd1 As String = passwordargs(0)
Dim salt1(8) As Byte
Using rngCsp As New RNGCryptoServiceProvider()
rngCsp.GetBytes(salt1)
End Using
'data1 can be a string or contents of a file.
Dim data1 As String = "Some test data"
'The default iteration count is 1000 so the two methods use the same iteration count.
Dim myIterations As Integer = 1000
Try
Dim k1 As New Rfc2898DeriveBytes(pwd1, salt1, myIterations)
Dim k2 As New Rfc2898DeriveBytes(pwd1, salt1)
' Encrypt the data.
Dim encAlg As Aes = Aes.Create()
encAlg.Key = k1.GetBytes(16)
Dim encryptionStream As New MemoryStream()
Dim encrypt As New CryptoStream(encryptionStream, encAlg.CreateEncryptor(), CryptoStreamMode.Write)
Dim utfD1 As Byte() = New System.Text.UTF8Encoding(False).GetBytes(data1)
encrypt.Write(utfD1, 0, utfD1.Length)
encrypt.FlushFinalBlock()
encrypt.Close()
Dim edata1 As Byte() = encryptionStream.ToArray()
k1.Reset()
' Try to decrypt, thus showing it can be round-tripped.
Dim decAlg As Aes = Aes.Create()
decAlg.Key = k2.GetBytes(16)
decAlg.IV = encAlg.IV
Dim decryptionStreamBacking As New MemoryStream()
Dim decrypt As New CryptoStream(decryptionStreamBacking, decAlg.CreateDecryptor(), CryptoStreamMode.Write)
decrypt.Write(edata1, 0, edata1.Length)
decrypt.Flush()
decrypt.Close()
k2.Reset()
Dim data2 As String = New UTF8Encoding(False).GetString(decryptionStreamBacking.ToArray())
If Not data1.Equals(data2) Then
Console.WriteLine("Error: The two values are not equal.")
Else
Console.WriteLine("The two values are equal.")
Console.WriteLine("k1 iterations: {0}", k1.IterationCount)
Console.WriteLine("k2 iterations: {0}", k2.IterationCount)
End If
Catch e As Exception
Console.WriteLine("Error: ", e)
End Try
End If
End Sub
End Class
備註
salt 大小必須為 8 個字節或更大。
RFC 2898 包含從密碼和 salt 建立金鑰和初始化向量的方法, (IV) 。 您可以使用 PBKDF2,這是密碼型密鑰衍生函式,使用虛擬隨機函式來衍生密鑰,以允許產生幾乎無限制長度的密鑰。 類別 Rfc2898DeriveBytes 可用來從基底索引鍵和其他參數產生衍生密鑰。 在密碼型密鑰衍生函式中,基底密鑰是密碼,而其他參數則是 salt 值和反覆項目計數。
如需 PBKDF2 的詳細資訊,請參閱 RFC 2898,標題為「PKCS #5:Password-Based 密碼編譯規格 2.0 版」。 如需完整詳細數據,請參閱第 5.2 節 「PBKDF2」。。
重要
絕對不要在原始程式碼中硬式編碼密碼。 使用 Ildasm.exe (IL 反組譯程式) 、使用十六進位編輯器,或在文本編輯器中開啟元件,例如 Notepad.exe,即可從元件擷取硬式編碼密碼。
另請參閱
適用於
Rfc2898DeriveBytes(String, Int32)
警告
The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.
使用密碼和 Salt 大小來衍生金鑰,以初始化 Rfc2898DeriveBytes 類別的新執行個體。
public:
Rfc2898DeriveBytes(System::String ^ password, int saltSize);public Rfc2898DeriveBytes (string password, int saltSize);[System.Obsolete("The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.", DiagnosticId="SYSLIB0041", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public Rfc2898DeriveBytes (string password, int saltSize);new System.Security.Cryptography.Rfc2898DeriveBytes : string * int -> System.Security.Cryptography.Rfc2898DeriveBytes[<System.Obsolete("The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.", DiagnosticId="SYSLIB0041", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
new System.Security.Cryptography.Rfc2898DeriveBytes : string * int -> System.Security.Cryptography.Rfc2898DeriveBytesPublic Sub New (password As String, saltSize As Integer)參數
- password
- String
用來衍生金鑰的密碼。
- saltSize
- Int32
您希望此類別產生之隨機 Salt 的大小。
- 屬性
例外狀況
指定的 Salt 大小小於 8 個位元組。
密碼或 Salt 是 null。
備註
salt 大小必須為 8 個字節或更大。
RFC 2898 包含從密碼和 salt 建立金鑰和初始化向量的方法, (IV) 。 您可以使用 PBKDF2,這是密碼型密鑰衍生函式,使用虛擬隨機函式來衍生密鑰,以允許產生幾乎無限制長度的密鑰。 類別 Rfc2898DeriveBytes 可用來從基底索引鍵和其他參數產生衍生密鑰。 在密碼型密鑰衍生函式中,基底密鑰是密碼,而其他參數則是 salt 值和反覆項目計數。
如需 PBKDF2 的詳細資訊,請參閱 RFC 2898,標題為「PKCS #5:Password-Based 密碼編譯規格 2.0 版」。 如需完整詳細數據,請參閱第 5.2 節 「PBKDF2」。。
重要
絕對不要在原始程式碼中硬式編碼密碼。 使用 Ildasm.exe (IL 反組譯程式) 、使用十六進位編輯器,或在文本編輯器中開啟元件,例如 Notepad.exe,即可從元件擷取硬式編碼密碼。
另請參閱
適用於
Rfc2898DeriveBytes(Byte[], Byte[], Int32)
警告
The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.
使用密碼、Salt 和反覆計數來衍生金鑰,以初始化 Rfc2898DeriveBytes 類別的新執行個體。
public:
Rfc2898DeriveBytes(cli::array <System::Byte> ^ password, cli::array <System::Byte> ^ salt, int iterations);public Rfc2898DeriveBytes (byte[] password, byte[] salt, int iterations);[System.Obsolete("The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.", DiagnosticId="SYSLIB0041", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public Rfc2898DeriveBytes (byte[] password, byte[] salt, int iterations);new System.Security.Cryptography.Rfc2898DeriveBytes : byte[] * byte[] * int -> System.Security.Cryptography.Rfc2898DeriveBytes[<System.Obsolete("The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.", DiagnosticId="SYSLIB0041", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
new System.Security.Cryptography.Rfc2898DeriveBytes : byte[] * byte[] * int -> System.Security.Cryptography.Rfc2898DeriveBytesPublic Sub New (password As Byte(), salt As Byte(), iterations As Integer)參數
- password
- Byte[]
用來衍生金鑰的密碼。
- salt
- Byte[]
用來衍生金鑰的金鑰 Salt。
- iterations
- Int32
操作的重複次數。
- 屬性
例外狀況
指定的 Salt 大小小於 8 個位元組,或反覆計數小於 1。
密碼或 Salt 是 null。
備註
salt 大小必須是 8 個字節或更大,且反覆專案計數必須大於零。 建議的反覆運算數目下限為 1000。
RFC 2898 包含從密碼和 salt 建立金鑰和初始化向量的方法, (IV) 。 您可以使用 PBKDF2,這是密碼型密鑰衍生函式,使用虛擬隨機函式來衍生密鑰,以允許產生幾乎無限制長度的密鑰。 類別 Rfc2898DeriveBytes 可用來從基底索引鍵和其他參數產生衍生密鑰。 在密碼型密鑰衍生函式中,基底密鑰是密碼,而其他參數則是 salt 值和反覆項目計數。
如需 PBKDF2 的詳細資訊,請參閱 RFC 2898,標題為「PKCS #5:Password-Based 密碼編譯規格 2.0 版」。 如需完整詳細數據,請參閱第 5.2 節 「PBKDF2」。。
重要
絕對不要在原始程式碼中硬式編碼密碼。 使用 Ildasm.exe (IL 反組譯程式) 、使用十六進位編輯器,或在文本編輯器中開啟元件,例如 Notepad.exe,即可從元件擷取硬式編碼密碼。
適用於
Rfc2898DeriveBytes(String, Byte[], Int32)
警告
The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.
使用密碼、Salt 和反覆計數來衍生金鑰,以初始化 Rfc2898DeriveBytes 類別的新執行個體。
public:
Rfc2898DeriveBytes(System::String ^ password, cli::array <System::Byte> ^ salt, int iterations);public Rfc2898DeriveBytes (string password, byte[] salt, int iterations);[System.Obsolete("The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.", DiagnosticId="SYSLIB0041", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public Rfc2898DeriveBytes (string password, byte[] salt, int iterations);new System.Security.Cryptography.Rfc2898DeriveBytes : string * byte[] * int -> System.Security.Cryptography.Rfc2898DeriveBytes[<System.Obsolete("The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.", DiagnosticId="SYSLIB0041", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
new System.Security.Cryptography.Rfc2898DeriveBytes : string * byte[] * int -> System.Security.Cryptography.Rfc2898DeriveBytesPublic Sub New (password As String, salt As Byte(), iterations As Integer)參數
- password
- String
用來衍生金鑰的密碼。
- salt
- Byte[]
用來衍生金鑰的金鑰 Salt。
- iterations
- Int32
操作的重複次數。
- 屬性
例外狀況
指定的 Salt 大小小於 8 個位元組,或反覆計數小於 1。
密碼或 Salt 是 null。
範例
下列程式代碼範例會 Rfc2898DeriveBytes 使用 類別來建立 類別的 Aes 兩個相同索引鍵。 然後,它會使用金鑰來加密和解密某些數據。
using namespace System;
using namespace System::IO;
using namespace System::Text;
using namespace System::Security::Cryptography;
// Generate a key k1 with password pwd1 and salt salt1.
// Generate a key k2 with password pwd1 and salt salt1.
// Encrypt data1 with key k1 using symmetric encryption, creating edata1.
// Decrypt edata1 with key k2 using symmetric decryption, creating data2.
// data2 should equal data1.
int main()
{
array<String^>^passwordargs = Environment::GetCommandLineArgs();
String^ usageText = "Usage: RFC2898 <password>\nYou must specify the password for encryption.\n";
//If no file name is specified, write usage text.
if ( passwordargs->Length == 1 )
{
Console::WriteLine( usageText );
}
else
{
String^ pwd1 = passwordargs[ 1 ];
array<Byte>^salt1 = gcnew array<Byte>(8);
RNGCryptoServiceProvider ^ rngCsp = gcnew RNGCryptoServiceProvider();
rngCsp->GetBytes(salt1);
//data1 can be a string or contents of a file.
String^ data1 = "Some test data";
//The default iteration count is 1000 so the two methods use the same iteration count.
int myIterations = 1000;
try
{
Rfc2898DeriveBytes ^ k1 = gcnew Rfc2898DeriveBytes( pwd1,salt1,myIterations );
Rfc2898DeriveBytes ^ k2 = gcnew Rfc2898DeriveBytes( pwd1,salt1 );
// Encrypt the data.
Aes^ encAlg = Aes::Create();
encAlg->Key = k1->GetBytes( 16 );
MemoryStream^ encryptionStream = gcnew MemoryStream;
CryptoStream^ encrypt = gcnew CryptoStream( encryptionStream,encAlg->CreateEncryptor(),CryptoStreamMode::Write );
array<Byte>^utfD1 = (gcnew System::Text::UTF8Encoding( false ))->GetBytes( data1 );
encrypt->Write( utfD1, 0, utfD1->Length );
encrypt->FlushFinalBlock();
encrypt->Close();
array<Byte>^edata1 = encryptionStream->ToArray();
k1->Reset();
// Try to decrypt, thus showing it can be round-tripped.
Aes^ decAlg = Aes::Create();
decAlg->Key = k2->GetBytes( 16 );
decAlg->IV = encAlg->IV;
MemoryStream^ decryptionStreamBacking = gcnew MemoryStream;
CryptoStream^ decrypt = gcnew CryptoStream( decryptionStreamBacking,decAlg->CreateDecryptor(),CryptoStreamMode::Write );
decrypt->Write( edata1, 0, edata1->Length );
decrypt->Flush();
decrypt->Close();
k2->Reset();
String^ data2 = (gcnew UTF8Encoding( false ))->GetString( decryptionStreamBacking->ToArray() );
if ( !data1->Equals( data2 ) )
{
Console::WriteLine( "Error: The two values are not equal." );
}
else
{
Console::WriteLine( "The two values are equal." );
Console::WriteLine( "k1 iterations: {0}", k1->IterationCount );
Console::WriteLine( "k2 iterations: {0}", k2->IterationCount );
}
}
catch ( Exception^ e )
{
Console::WriteLine( "Error: ", e );
}
}
}
using System;
using System.IO;
using System.Text;
using System.Security.Cryptography;
public class rfc2898test
{
// Generate a key k1 with password pwd1 and salt salt1.
// Generate a key k2 with password pwd1 and salt salt1.
// Encrypt data1 with key k1 using symmetric encryption, creating edata1.
// Decrypt edata1 with key k2 using symmetric decryption, creating data2.
// data2 should equal data1.
private const string usageText = "Usage: RFC2898 <password>\nYou must specify the password for encryption.\n";
public static void Main(string[] passwordargs)
{
//If no file name is specified, write usage text.
if (passwordargs.Length == 0)
{
Console.WriteLine(usageText);
}
else
{
string pwd1 = passwordargs[0];
// Create a byte array to hold the random value.
byte[] salt1 = new byte[8];
using (RNGCryptoServiceProvider rngCsp = new
RNGCryptoServiceProvider())
{
// Fill the array with a random value.
rngCsp.GetBytes(salt1);
}
//data1 can be a string or contents of a file.
string data1 = "Some test data";
//The default iteration count is 1000 so the two methods use the same iteration count.
int myIterations = 1000;
try
{
Rfc2898DeriveBytes k1 = new Rfc2898DeriveBytes(pwd1, salt1,
myIterations);
Rfc2898DeriveBytes k2 = new Rfc2898DeriveBytes(pwd1, salt1);
// Encrypt the data.
Aes encAlg = Aes.Create();
encAlg.Key = k1.GetBytes(16);
MemoryStream encryptionStream = new MemoryStream();
CryptoStream encrypt = new CryptoStream(encryptionStream,
encAlg.CreateEncryptor(), CryptoStreamMode.Write);
byte[] utfD1 = new System.Text.UTF8Encoding(false).GetBytes(
data1);
encrypt.Write(utfD1, 0, utfD1.Length);
encrypt.FlushFinalBlock();
encrypt.Close();
byte[] edata1 = encryptionStream.ToArray();
k1.Reset();
// Try to decrypt, thus showing it can be round-tripped.
Aes decAlg = Aes.Create();
decAlg.Key = k2.GetBytes(16);
decAlg.IV = encAlg.IV;
MemoryStream decryptionStreamBacking = new MemoryStream();
CryptoStream decrypt = new CryptoStream(
decryptionStreamBacking, decAlg.CreateDecryptor(), CryptoStreamMode.Write);
decrypt.Write(edata1, 0, edata1.Length);
decrypt.Flush();
decrypt.Close();
k2.Reset();
string data2 = new UTF8Encoding(false).GetString(
decryptionStreamBacking.ToArray());
if (!data1.Equals(data2))
{
Console.WriteLine("Error: The two values are not equal.");
}
else
{
Console.WriteLine("The two values are equal.");
Console.WriteLine("k1 iterations: {0}", k1.IterationCount);
Console.WriteLine("k2 iterations: {0}", k2.IterationCount);
}
}
catch (Exception e)
{
Console.WriteLine("Error: {0}", e);
}
}
}
}
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Public Class rfc2898test
' Generate a key k1 with password pwd1 and salt salt1.
' Generate a key k2 with password pwd1 and salt salt1.
' Encrypt data1 with key k1 using symmetric encryption, creating edata1.
' Decrypt edata1 with key k2 using symmetric decryption, creating data2.
' data2 should equal data1.
Private Const usageText As String = "Usage: RFC2898 <password>" + vbLf + "You must specify the password for encryption." + vbLf
Public Shared Sub Main(ByVal passwordargs() As String)
'If no file name is specified, write usage text.
If passwordargs.Length = 0 Then
Console.WriteLine(usageText)
Else
Dim pwd1 As String = passwordargs(0)
Dim salt1(8) As Byte
Using rngCsp As New RNGCryptoServiceProvider()
rngCsp.GetBytes(salt1)
End Using
'data1 can be a string or contents of a file.
Dim data1 As String = "Some test data"
'The default iteration count is 1000 so the two methods use the same iteration count.
Dim myIterations As Integer = 1000
Try
Dim k1 As New Rfc2898DeriveBytes(pwd1, salt1, myIterations)
Dim k2 As New Rfc2898DeriveBytes(pwd1, salt1)
' Encrypt the data.
Dim encAlg As Aes = Aes.Create()
encAlg.Key = k1.GetBytes(16)
Dim encryptionStream As New MemoryStream()
Dim encrypt As New CryptoStream(encryptionStream, encAlg.CreateEncryptor(), CryptoStreamMode.Write)
Dim utfD1 As Byte() = New System.Text.UTF8Encoding(False).GetBytes(data1)
encrypt.Write(utfD1, 0, utfD1.Length)
encrypt.FlushFinalBlock()
encrypt.Close()
Dim edata1 As Byte() = encryptionStream.ToArray()
k1.Reset()
' Try to decrypt, thus showing it can be round-tripped.
Dim decAlg As Aes = Aes.Create()
decAlg.Key = k2.GetBytes(16)
decAlg.IV = encAlg.IV
Dim decryptionStreamBacking As New MemoryStream()
Dim decrypt As New CryptoStream(decryptionStreamBacking, decAlg.CreateDecryptor(), CryptoStreamMode.Write)
decrypt.Write(edata1, 0, edata1.Length)
decrypt.Flush()
decrypt.Close()
k2.Reset()
Dim data2 As String = New UTF8Encoding(False).GetString(decryptionStreamBacking.ToArray())
If Not data1.Equals(data2) Then
Console.WriteLine("Error: The two values are not equal.")
Else
Console.WriteLine("The two values are equal.")
Console.WriteLine("k1 iterations: {0}", k1.IterationCount)
Console.WriteLine("k2 iterations: {0}", k2.IterationCount)
End If
Catch e As Exception
Console.WriteLine("Error: ", e)
End Try
End If
End Sub
End Class
備註
salt 大小必須是 8 個字節或更大,且反覆專案計數必須大於零。 建議的反覆運算數目下限為 1000。
RFC 2898 包含從密碼和 salt 建立金鑰和初始化向量的方法, (IV) 。 您可以使用 PBKDF2,這是密碼型密鑰衍生函式,使用虛擬隨機函式來衍生密鑰,以允許產生幾乎無限制長度的密鑰。 類別 Rfc2898DeriveBytes 可用來從基底索引鍵和其他參數產生衍生密鑰。 在密碼型密鑰衍生函式中,基底密鑰是密碼,而其他參數則是 salt 值和反覆項目計數。
如需 PBKDF2 的詳細資訊,請參閱 RFC 2898,標題為「PKCS #5:Password-Based 密碼編譯規格 2.0 版」。 如需完整詳細數據,請參閱第 5.2 節 「PBKDF2」。。
重要
絕對不要在原始程式碼中硬式編碼密碼。 使用 Ildasm.exe (IL 反組譯程式) 、使用十六進位編輯器,或在文本編輯器中開啟元件,例如 Notepad.exe,即可從元件擷取硬式編碼密碼。
另請參閱
適用於
Rfc2898DeriveBytes(String, Int32, Int32)
警告
The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.
使用密碼、Salt 大小和反覆計數來衍生金鑰,以初始化 Rfc2898DeriveBytes 類別的新執行個體。
public:
Rfc2898DeriveBytes(System::String ^ password, int saltSize, int iterations);public Rfc2898DeriveBytes (string password, int saltSize, int iterations);[System.Obsolete("The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.", DiagnosticId="SYSLIB0041", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public Rfc2898DeriveBytes (string password, int saltSize, int iterations);new System.Security.Cryptography.Rfc2898DeriveBytes : string * int * int -> System.Security.Cryptography.Rfc2898DeriveBytes[<System.Obsolete("The default hash algorithm and iteration counts in Rfc2898DeriveBytes constructors are outdated and insecure. Use a constructor that accepts the hash algorithm and the number of iterations.", DiagnosticId="SYSLIB0041", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
new System.Security.Cryptography.Rfc2898DeriveBytes : string * int * int -> System.Security.Cryptography.Rfc2898DeriveBytesPublic Sub New (password As String, saltSize As Integer, iterations As Integer)參數
- password
- String
用來衍生金鑰的密碼。
- saltSize
- Int32
您希望此類別產生之隨機 Salt 的大小。
- iterations
- Int32
操作的重複次數。
- 屬性
例外狀況
指定的 Salt 大小小於 8 個位元組,或反覆計數小於 1。
密碼或 Salt 是 null。
iterations 超出範圍。 這個參數需要非負數的數字。
備註
salt 大小必須是 8 個字節或更大,而且反覆運算計數必須大於零。 建議的反覆項目數目下限為 1000。
RFC 2898 包含從密碼和 salt 建立金鑰和初始化向量的方法, (IV) 。 您可以使用 PBKDF2 作為密碼型金鑰衍生函式,使用虛擬隨機函式來衍生密鑰,以允許產生幾乎無限制長度的金鑰。 類別 Rfc2898DeriveBytes 可用來從基底索引鍵和其他參數產生衍生密鑰。 在密碼型密鑰衍生函式中,基底密鑰是密碼,而其他參數則是 salt 值和反覆項目計數。
如需 PBKDF2 的詳細資訊,請參閱 RFC 2898,標題為「PKCS #5:Password-Based 密碼編譯規格 2.0 版」。 如需完整詳細數據,請參閱第 5.2 節“ PBKDF2”
重要
請勿在原始程式碼中硬式編碼密碼。 硬式編碼的密碼可以使用 Ildasm.exe (IL 反組譯程式) 、十六進位編輯器從元件擷取,或只要在文本編輯器中開啟元件,例如 Notepad.exe。
另請參閱
適用於
Rfc2898DeriveBytes(Byte[], Byte[], Int32, HashAlgorithmName)
將 Rfc2898DeriveBytes 類別的新執行個體初始化,該類別使用指定的密碼、salt、反覆項目數和雜湊演算法名稱來衍生金鑰。
public:
Rfc2898DeriveBytes(cli::array <System::Byte> ^ password, cli::array <System::Byte> ^ salt, int iterations, System::Security::Cryptography::HashAlgorithmName hashAlgorithm);public Rfc2898DeriveBytes (byte[] password, byte[] salt, int iterations, System.Security.Cryptography.HashAlgorithmName hashAlgorithm);new System.Security.Cryptography.Rfc2898DeriveBytes : byte[] * byte[] * int * System.Security.Cryptography.HashAlgorithmName -> System.Security.Cryptography.Rfc2898DeriveBytesPublic Sub New (password As Byte(), salt As Byte(), iterations As Integer, hashAlgorithm As HashAlgorithmName)參數
- password
- Byte[]
用來衍生金鑰的密碼。
- salt
- Byte[]
用來衍生金鑰的金鑰 Salt。
- iterations
- Int32
操作的重複次數。
- hashAlgorithm
- HashAlgorithmName
要用來衍生金鑰的雜湊演算法。
例外狀況
saltSize 小於零。
雜湊演算法名稱無效。
適用於
Rfc2898DeriveBytes(String, Byte[], Int32, HashAlgorithmName)
將 Rfc2898DeriveBytes 類別的新執行個體初始化,該類別使用指定的密碼、salt、反覆項目數和雜湊演算法名稱來衍生金鑰。
public:
Rfc2898DeriveBytes(System::String ^ password, cli::array <System::Byte> ^ salt, int iterations, System::Security::Cryptography::HashAlgorithmName hashAlgorithm);public Rfc2898DeriveBytes (string password, byte[] salt, int iterations, System.Security.Cryptography.HashAlgorithmName hashAlgorithm);new System.Security.Cryptography.Rfc2898DeriveBytes : string * byte[] * int * System.Security.Cryptography.HashAlgorithmName -> System.Security.Cryptography.Rfc2898DeriveBytesPublic Sub New (password As String, salt As Byte(), iterations As Integer, hashAlgorithm As HashAlgorithmName)參數
- password
- String
用來衍生金鑰的密碼。
- salt
- Byte[]
用來衍生金鑰的金鑰 Salt。
- iterations
- Int32
操作的重複次數。
- hashAlgorithm
- HashAlgorithmName
要用來衍生金鑰的雜湊演算法。
例外狀況
雜湊演算法名稱無效。
適用於
Rfc2898DeriveBytes(String, Int32, Int32, HashAlgorithmName)
將 Rfc2898DeriveBytes 類別的新執行個體初始化,該類別使用指定的密碼、salt 大小、反覆項目數和雜湊演算法名稱來衍生金鑰。
public:
Rfc2898DeriveBytes(System::String ^ password, int saltSize, int iterations, System::Security::Cryptography::HashAlgorithmName hashAlgorithm);public Rfc2898DeriveBytes (string password, int saltSize, int iterations, System.Security.Cryptography.HashAlgorithmName hashAlgorithm);new System.Security.Cryptography.Rfc2898DeriveBytes : string * int * int * System.Security.Cryptography.HashAlgorithmName -> System.Security.Cryptography.Rfc2898DeriveBytesPublic Sub New (password As String, saltSize As Integer, iterations As Integer, hashAlgorithm As HashAlgorithmName)參數
- password
- String
用來衍生金鑰的密碼。
- saltSize
- Int32
您希望此類別產生之隨機 Salt 的大小。
- iterations
- Int32
操作的重複次數。
- hashAlgorithm
- HashAlgorithmName
要用來衍生金鑰的雜湊演算法。
例外狀況
saltSize 小於零。
雜湊演算法名稱無效。
