Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Duplicate .NET's Rfc2898DeriveBytes Functionality

See more Encryption Examples

Demonstrates how to duplicate the results produced by .NET's System.Security.Cryptography.Rfc2898DeriveBytes class.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.Crypt2;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  crypt: TCrypt2;
  salt: string;
  saltHex: string;
  dkHex: string;

begin
  //  This example assumes Chilkat Crypt2 to have been previously unlocked.
  //  See Unlock Crypt2 for sample code.

  //  This example demonstrates how to duplicate the results produced
  //  by .NET's System.Security.Cryptography.Rfc2898DeriveBytes class.

  //  For example, here is C# code that transforms a password string into
  //  bytes that can be used as a secret key for symmetric encryption (such as AES, blowfish, 3DES, etc.)
  //  
  //      Rfc2898DeriveBytes deriveBytes = new Rfc2898DeriveBytes("secret", System.Text.Encoding.UTF8.GetBytes("saltsalt123"), numIterations);
  //      byte[] secretKeyBytes = deriveBytes.GetBytes(numBytes);

  //  (The Rfc2898DeriveBytes computation is really just the PBKDF2 algorithm with SHA-1 hashing.)
  //  In Chilkat, this is what we do to match...

  //  First, let's get a test vector with known results.  Both Chilkat AND Microsoft should produce
  //  the same results.  RFC 6070 has some PBKDF2 HMAC-SHA1 Test Vectors.  Here is one of them:

  //       Input:
  //         P = "passwordPASSWORDpassword" (24 octets)
  //         S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
  //         c = 4096
  //         dkLen = 25
  //  
  //       Output:
  //         DK = 3d 2e ec 4f e4 1c 84 9b
  //              80 c8 d8 36 62 c0 e4 4a
  //              8b 29 1a 96 4c f2 f0 70
  //              38                      (25 octets)
  //  
  //  

  crypt := TCrypt2.Create;

  salt := 'saltSALTsaltSALTsaltSALTsaltSALTsalt';
  //  Given that the salt is really binary data (can be any random bunch of bytes),
  //  we must pass the exact hex string representation of the salt bytes.
  //  In this case, we're getting the utf-8 byte representation of our salt string,
  //  which is identical to the us-ascii byte representation because there are no 8bit chars..
  saltHex := crypt.EncodeString(salt,'utf-8','hex');

  //  Duplicate the test vector as shown above.
  dkHex := crypt.Pbkdf2('passwordPASSWORDpassword','utf-8','sha1',saltHex,4096,25 * 8,'hex');
  WriteLn(dkHex);


  crypt.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.