Sample code for 30+ languages & platforms
Java

Duplicate .NET's Rfc2898DeriveBytes Functionality

See more Encryption Examples

Demonstrates how to duplicate the results produced by .NET's System.Security.Cryptography.Rfc2898DeriveBytes class.

Chilkat Java Downloads

Java
import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    //  This example assumes Chilkat Crypt2 to have been previously unlocked.
    //  See Unlock Crypt2 for sample code.

    //  This example demonstrates how to duplicate the results produced
    //  by .NET's System.Security.Cryptography.Rfc2898DeriveBytes class.

    //  For example, here is C# code that transforms a password string into
    //  bytes that can be used as a secret key for symmetric encryption (such as AES, blowfish, 3DES, etc.)
    //  
    //      Rfc2898DeriveBytes deriveBytes = new Rfc2898DeriveBytes("secret", System.Text.Encoding.UTF8.GetBytes("saltsalt123"), numIterations);
    //      byte[] secretKeyBytes = deriveBytes.GetBytes(numBytes);

    //  (The Rfc2898DeriveBytes computation is really just the PBKDF2 algorithm with SHA-1 hashing.)
    //  In Chilkat, this is what we do to match...

    //  First, let's get a test vector with known results.  Both Chilkat AND Microsoft should produce
    //  the same results.  RFC 6070 has some PBKDF2 HMAC-SHA1 Test Vectors.  Here is one of them:

    //       Input:
    //         P = "passwordPASSWORDpassword" (24 octets)
    //         S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
    //         c = 4096
    //         dkLen = 25
    //  
    //       Output:
    //         DK = 3d 2e ec 4f e4 1c 84 9b
    //              80 c8 d8 36 62 c0 e4 4a
    //              8b 29 1a 96 4c f2 f0 70
    //              38                      (25 octets)
    //  
    //  

    CkCrypt2 crypt = new CkCrypt2();

    String salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt";
    //  Given that the salt is really binary data (can be any random bunch of bytes),
    //  we must pass the exact hex string representation of the salt bytes.
    //  In this case, we're getting the utf-8 byte representation of our salt string,
    //  which is identical to the us-ascii byte representation because there are no 8bit chars..
    String saltHex = crypt.encodeString(salt,"utf-8","hex");

    //  Duplicate the test vector as shown above.
    String dkHex = crypt.pbkdf2("passwordPASSWORDpassword","utf-8","sha1",saltHex,4096,25 * 8,"hex");
    System.out.println(dkHex);
  }
}