|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Genereate Key with SecureString and Rfc2898DeriveBytesHi
Is it possible to generate an encryption key with a SecureString and the Rfc2898DeriveBytes class? Thanks and Regards, andersch Hi,
what do you want to do? The RNGCryptoServiceProvider class is usually used to create keys - it generates good random numbers. If you want to generate a key from a password, have a look at PasswordDeriveBytes. --- Dominick Baier, DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Hi > > Is it possible to generate an encryption key with a SecureString and > the Rfc2898DeriveBytes class? > > Thanks and Regards, > andersch Hi Dominick
Yes, I would like to generate a encryption key from a password. And for this, I would like to use the new Rfc2898DeriveBytes class (PKCS#5 v2.0). But, I would like to use a SecureString as password. In my application, the user enters his password in the SecureTextBox control (http://weblogs.asp.net/pglavich/archive/2006/02/26/439077.aspx). And now I would like to generate a key from this 'password', which is a SecureString and not a System.String. Thanks, andersch Show quoteHide quote "Dominick Baier" wrote: > Hi, > > what do you want to do? > > The RNGCryptoServiceProvider class is usually used to create keys - it generates > good random numbers. > > If you want to generate a key from a password, have a look at PasswordDeriveBytes. > > --- > Dominick Baier, DevelopMentor > http://www.leastprivilege.com > > > Hi > > > > Is it possible to generate an encryption key with a SecureString and > > the Rfc2898DeriveBytes class? > > > > Thanks and Regards, > > andersch > > > depending on what you want to do PasswordDeriveBytes may be better - Rfc2898DeriveBytes
forces you to use salt (which you have to store somewhere). Keep that in mind. Since neither PDB nor Rfc2898DB support SecureString - there is no option. You can of course conert the key to a secure string afterwards. But since you have to convert it back to a byte array at some point to pass into an encryption class the benefit of SecureString is debatable. --- Dominick Baier, DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Hi Dominick > > Yes, I would like to generate a encryption key from a password. And > for this, I would like to use the new Rfc2898DeriveBytes class (PKCS#5 > v2.0). > > But, I would like to use a SecureString as password. In my > application, the user enters his password in the SecureTextBox control > (http://weblogs.asp.net/pglavich/archive/2006/02/26/439077.aspx). And > now I would like to generate a key from this 'password', which is a > SecureString and not a System.String. > > Thanks, > andersch > "Dominick Baier" wrote: > >> Hi, >> >> what do you want to do? >> >> The RNGCryptoServiceProvider class is usually used to create keys - >> it generates good random numbers. >> >> If you want to generate a key from a password, have a look at >> PasswordDeriveBytes. >> >> --- >> Dominick Baier, DevelopMentor >> http://www.leastprivilege.com >>> Hi >>> >>> Is it possible to generate an encryption key with a SecureString and >>> the Rfc2898DeriveBytes class? >>> >>> Thanks and Regards, >>> andersch 
Other interesting topics
Using remoting features inside a .NET applet loaded in a tag object
Configuration Tool missing Sending signed and encrypted email. VS 2005 publish and app.config encryption problem remote registry access issue on Vista RC1 StrongNameIdentityPermission BinaryFormatter.Deserialize and Smart Clients Drag and Drop Outlook email to Dot Net Framework application? Problems with code access security policy Security Windows Application and Web application |
|||||||||||||||||||||||
