Pascal (Lazarus/Delphi)
Pascal (Lazarus/Delphi)
Duplicate .NET's Rfc2898DeriveBytes Functionality
See more Encryption Examples
Demonstrates how to duplicate the results produced by .NET's System.Security.Cryptography.Rfc2898DeriveBytes class.Chilkat Pascal (Lazarus/Delphi) Downloads
program ChilkatDemo;
// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.
{$IFDEF FPC}
{$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}
uses
{$IFDEF UNIX}
cthreads,
{$ENDIF}
SysUtils,
CkDllLoader,
Chilkat.Crypt2;
// ---------------------------------------------------------------------------
procedure RunDemo;
var
crypt: TCrypt2;
salt: string;
saltHex: string;
dkHex: string;
begin
// This example assumes Chilkat Crypt2 to have been previously unlocked.
// See Unlock Crypt2 for sample code.
// This example demonstrates how to duplicate the results produced
// by .NET's System.Security.Cryptography.Rfc2898DeriveBytes class.
// For example, here is C# code that transforms a password string into
// bytes that can be used as a secret key for symmetric encryption (such as AES, blowfish, 3DES, etc.)
//
// Rfc2898DeriveBytes deriveBytes = new Rfc2898DeriveBytes("secret", System.Text.Encoding.UTF8.GetBytes("saltsalt123"), numIterations);
// byte[] secretKeyBytes = deriveBytes.GetBytes(numBytes);
// (The Rfc2898DeriveBytes computation is really just the PBKDF2 algorithm with SHA-1 hashing.)
// In Chilkat, this is what we do to match...
// First, let's get a test vector with known results. Both Chilkat AND Microsoft should produce
// the same results. RFC 6070 has some PBKDF2 HMAC-SHA1 Test Vectors. Here is one of them:
// Input:
// P = "passwordPASSWORDpassword" (24 octets)
// S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
// c = 4096
// dkLen = 25
//
// Output:
// DK = 3d 2e ec 4f e4 1c 84 9b
// 80 c8 d8 36 62 c0 e4 4a
// 8b 29 1a 96 4c f2 f0 70
// 38 (25 octets)
//
//
crypt := TCrypt2.Create;
salt := 'saltSALTsaltSALTsaltSALTsaltSALTsalt';
// Given that the salt is really binary data (can be any random bunch of bytes),
// we must pass the exact hex string representation of the salt bytes.
// In this case, we're getting the utf-8 byte representation of our salt string,
// which is identical to the us-ascii byte representation because there are no 8bit chars..
saltHex := crypt.EncodeString(salt,'utf-8','hex');
// Duplicate the test vector as shown above.
dkHex := crypt.Pbkdf2('passwordPASSWORDpassword','utf-8','sha1',saltHex,4096,25 * 8,'hex');
WriteLn(dkHex);
crypt.Free;
end;
// ---------------------------------------------------------------------------
begin
try
RunDemo;
except
on E: Exception do
WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
end;
WriteLn;
{$IFDEF MSWINDOWS}
WriteLn('Press Enter to exit...');
ReadLn;
{$ENDIF}
end.