CryptoSys API Library Manual

PBE_Kdf2Hex

Derives a key of any length from a password using the PBKDF2 algorithm from PKCS #5 with the salt and output derived key encoded in hexadecimal.

VB6/VBA Syntax

Public Declare Function PBE_Kdf2Hex Lib "diCryptoSys.dll" (ByVal strOutput As String, ByVal nMaxChars As Long, ByVal nKeyBytes As Long, ByVal strPwd As String, ByVal strSaltHex As String, ByVal nCount As Long, ByVal nOptions As Long) As Long

nRet = PBE_Kdf2Hex(strDerivedKey, nMaxChars, nKeyLen, strPassword, strSaltHex, nCount, nOptions)

Parameters

strOutput
[out] String to receive the hexadecimal-encoded derived key.
nMaxChars
[in] Long specifying the maximum number of characters in strOutput.
nKeyLen
[in] Long specifying the size of the required key in bytes.
strPassword
[in] String containing the password.
strSaltHex
[in] String containing the salt in hex format.
nCount
[in] Long specifying the required iteration count.
nOptions
[in] Long Option flags. Select one of:
HMAC with:
API_HASH_SHA1 (0) to use the SHA-1 hash algorithm (default)
API_HASH_MD5 to use the MD5 algorithm
API_HASH_SHA256 to use the SHA-256 algorithm
API_HASH_SHA384 to use the SHA-384 algorithm
API_HASH_SHA512 to use the SHA-512 algorithm
API_HASH_SHA224 to use the SHA-224 algorithm

C/C++ Syntax

long _stdcall PBE_Kdf2Hex(char *szOutput, long nOutChars, long dkBytes, const char *szPwd, const char *szSaltHex, long count, long reserved);

Returns (VB6/C)

Long: If successful, the return value is 0; otherwise it returns a non-zero error code.

.NET Equivalent

Pbe.Kdf2 Method (Int32, String, String, Int32)

COM/ASP Equivalent

pbe.DKF2FromString
Public Function DKF2FromString(ByVal nBytes As Long, ByVal strPassword As String, ByVal strSaltHex As String, nCount As Long) As String

See pbe.DKF2FromString.

Remarks

The output string strOutput should be pre-dimensioned to be at least double the required key length in bytes. (Hint: specify nMaxChars as Len(strOutput)). The seed strSaltHex is specified in hex format and can be any even number of hex digits in length. The password strPassword is normal text, not hexadecimal.

Example

Dim strDerivedKey As String
Dim nKeyLen As Long
Dim strPassword As String
Dim strSaltHex As String
Dim nCount As Long
Dim nRet As Long

strPassword = "password"  ' NB normal text, not hex

' Set 8-byte salt = 78 57 8E 5A 5D 63 CB 06
strSaltHex = "78578E5A5D63CB06"

' Iteration count is 2048
nCount = 2048

' Pre-dimension output string for derived key to 
' required length of 24 bytes i.e. 48 hex chars
' (Don't forget to do this)
nKeyLen = 24
strDerivedKey = String(2 * nKeyLen, " ")

' Derive PBKDF2 key using function from CryptoSys API
nRet = PBE_Kdf2Hex(strDerivedKey, Len(strDerivedKey), nKeyLen, _
	strPassword, strSaltHex, nCount, 0)

' Check against test vector
Debug.Print "Derived key = " & strDerivedKey
Debug.Print "Correct key = BFDE6BE94DF7E11DD409BCE20A0255EC327CB936FFE93643"

This should result in output as follows:

Derived key = BFDE6BE94DF7E11DD409BCE20A0255EC327CB936FFE93643
Correct key = BFDE6BE94DF7E11DD409BCE20A0255EC327CB936FFE93643

See Also

PBE_Kdf2

[Contents] [Index]

[HOME]   [NEXT: PC1_Bytes...]
Copyright © 2001-11 D.I. Management Services Pty Ltd. All rights reserved.