security.PBKDF2.GenerateKey
Generates a password of a given size based on a human readable password using Password-Based Key Derivation Function 2 (PBKDF2)
Syntax
security.PBKDF2.GenerateKey(
password STRING,
salt STRING,
hash STRING,
iter INTEGER,
keySize INTEGER )
RETURNS STRING
- password defines the human readable password to derive using the PBKDF2 method.
- salt defines the base64 random value created
using
Security.RandomGenerator.CreateRandomString()
. Can beNULL
. - hash defines the hash operation. By default, it is
"SHA1". Valid values include:
- SHA1
- SHA224
- SHA256
- SHA384
- SHA512
- MD5
- iter defines the number of iterations to compute the derived password. This value must be greater than or equal to zero (>=0).
- keySize defines the size in bytes of the returned key. Must be greater than zero (>0)
Usage
This method generates a password of a given size based on a human readable password using PBKDF2.
In practice, with the same salt value and the same human readable password, the same key can be regenerated in another application and therefore used as symmetric key to decrypt data encrypted in the initial application.
This method may raise exception -15700 (operation failed) or -15701 (invalid parameter).
In case of error, the method throws an exception and sets the
STATUS
variable. Depending on the error, a human-readable description of the
problem is available in the SQLCA.SQLERRM
register. See Error handling in GWS calls (STATUS).
For an example using PBKDF2
methods, see Example: Using security.PBKDF2 methods.