Sample code for 30+ languages & platforms
Objective-C

Duplicate .NET's Rfc2898DeriveBytes Functionality

See more Encryption Examples

Demonstrates how to duplicate the results produced by .NET's System.Security.Cryptography.Rfc2898DeriveBytes class.

Chilkat Objective-C Downloads

Objective-C
#import <CkoCrypt2.h>
#import <NSString.h>

// This example assumes Chilkat Crypt2 to have been previously unlocked.
// See Unlock Crypt2 for sample code.

// This example demonstrates how to duplicate the results produced
// by .NET's System.Security.Cryptography.Rfc2898DeriveBytes class.

// For example, here is C# code that transforms a password string into
// bytes that can be used as a secret key for symmetric encryption (such as AES, blowfish, 3DES, etc.)
// 
//     Rfc2898DeriveBytes deriveBytes = new Rfc2898DeriveBytes("secret", System.Text.Encoding.UTF8.GetBytes("saltsalt123"), numIterations);
//     byte[] secretKeyBytes = deriveBytes.GetBytes(numBytes);

// (The Rfc2898DeriveBytes computation is really just the PBKDF2 algorithm with SHA-1 hashing.)
// In Chilkat, this is what we do to match...

// First, let's get a test vector with known results.  Both Chilkat AND Microsoft should produce
// the same results.  RFC 6070 has some PBKDF2 HMAC-SHA1 Test Vectors.  Here is one of them:

//      Input:
//        P = "passwordPASSWORDpassword" (24 octets)
//        S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
//        c = 4096
//        dkLen = 25
// 
//      Output:
//        DK = 3d 2e ec 4f e4 1c 84 9b
//             80 c8 d8 36 62 c0 e4 4a
//             8b 29 1a 96 4c f2 f0 70
//             38                      (25 octets)
// 
// 

CkoCrypt2 *crypt = [[CkoCrypt2 alloc] init];

NSString *salt = @"saltSALTsaltSALTsaltSALTsaltSALTsalt";
// Given that the salt is really binary data (can be any random bunch of bytes),
// we must pass the exact hex string representation of the salt bytes.
// In this case, we're getting the utf-8 byte representation of our salt string,
// which is identical to the us-ascii byte representation because there are no 8bit chars..
NSString *saltHex = [crypt EncodeString: salt charset: @"utf-8" encoding: @"hex"];

// Duplicate the test vector as shown above.
NSString *dkHex = [crypt Pbkdf2: @"passwordPASSWORDpassword" charset: @"utf-8" hashAlg: @"sha1" salt: saltHex iterationCount: [NSNumber numberWithInt: 4096] outputKeyBitLen: [NSNumber numberWithInt: (25 * 8)] encoding: @"hex"];
NSLog(@"%@",dkHex);