Edit

BCryptDeriveKeyPBKDF2 function (bcrypt.h)

  • Article

The BCryptDeriveKeyPBKDF2 function derives a key from a hash value by using the PBKDF2 key derivation algorithm as defined by RFC 2898.

Syntax

NTSTATUS BCryptDeriveKeyPBKDF2(
  [in]           BCRYPT_ALG_HANDLE hPrf,
  [in, optional] PUCHAR            pbPassword,
  [in]           ULONG             cbPassword,
  [in, optional] PUCHAR            pbSalt,
  [in]           ULONG             cbSalt,
  [in]           ULONGLONG         cIterations,
  [out]          PUCHAR            pbDerivedKey,
  [in]           ULONG             cbDerivedKey,
  [in]           ULONG             dwFlags
);

Parameters

[in] hPrf

The handle of an algorithm provider that provides the pseudo-random function. This should be an algorithm provider that performs a Message Authentication Code computation. When you use the default Microsoft algorithm provider, any hashing algorithm opened by using the BCRYPT_ALG_HANDLE_HMAC_FLAG flag can be used.

Note  Only algorithms that implement the BCRYPT_IS_KEYED_HASH property can be used to populate this parameter.
 

[in, optional] pbPassword

A pointer to a buffer that contains the password parameter for the PBKDF2 key derivation algorithm.

Note  Any secret information used in the key derivation should be passed in this buffer.

 

[in] cbPassword

The length, in bytes, of the data in the buffer pointed to by the pbPassword parameter.

[in, optional] pbSalt

A pointer to a buffer that contains the salt argument for the PBKDF2 key derivation algorithm.

Note  Any information that is not secret and that is used in the key derivation should be passed in this buffer.
 

[in] cbSalt

The length, in bytes, of the salt argument pointed to by the pbSalt parameter.

[in] cIterations

The iteration count for the PBKDF2 key derivation algorithm.

[out] pbDerivedKey

A pointer to a buffer that receives the derived key.

[in] cbDerivedKey

The length, in bytes, of the derived key returned in the buffer pointed to by the pbDerivedKey parameter.

[in] dwFlags

This parameter is reserved and must be set to zero.

Return value

Returns a status code that indicates the success or failure of the function.

Possible return codes include, but are not limited to, the following.

Return code Description
STATUS_SUCCESS
 The function was successful.
STATUS_INVALID_HANDLE
 The handle in the hPrf parameter is not valid.
STATUS_INVALID_PARAMETER
 One or more parameters are not valid.
STATUS_NO_MEMORY
 A memory allocation failure occurred.

Requirements

Requirement Value
Minimum supported client Windows 7 [desktop apps | UWP apps]
Minimum supported server Windows Server 2008 R2 [desktop apps | UWP apps]
Target Platform Windows
Header bcrypt.h
Library Bcrypt.lib
DLL Bcrypt.dll