Test of RFC6070 & demo of pbkdf2 usage in python
#!/usr/bin/env python
import os
import binascii
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend
backend = default_backend()
# Verify RFC6070 test vectors
kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=20, salt=b"salt", iterations=1, backend=backend)
kdf.verify(b"password", binascii.unhexlify("0c60c80f961f0e71f3a9b524af6012062fe037a6"))
kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=20, salt=b"salt", iterations=2, backend=backend)
kdf.verify(b"password", binascii.unhexlify("ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"))
kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=20, salt=b"salt", iterations=4096, backend=backend)
kdf.verify(b"password", binascii.unhexlify("4b007901b765489abead49d926f721d065a429c1"))
kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=20, salt=b"salt", iterations=16777216, backend=backend)
kdf.verify(b"password", binascii.unhexlify("eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"))
kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=25, salt=b"saltSALTsaltSALTsaltSALTsaltSALTsalt", iterations=4096, backend=backend)
kdf.verify(b"passwordPASSWORDpassword", binascii.unhexlify("3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"))
kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=16, salt=b"sa\0lt", iterations=4096, backend=backend)
kdf.verify(b"pass\0word", binascii.unhexlify("56fa6aa75548099dcc37d7f03425e0c3"))
print("All RFC6070 test vectors **PASSED**!")
#!/usr/bin/env python
import os
import binascii
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend
backend = default_backend()
salt = b"324d9e95"
# salt will be 8 bytes, each character means a byte:
# 00000011 00000010 00000100 00001101 00001001 00001110 00001001 00000101
# In the case of binascii.unhexlify(salt), salt will be 4 bytes, two characters meas a byte:
# ==> 32 -> '2', 4d -> 'M', 9e -> '\x9e' 95 -> '\x95'
# ==> b'2M\x9e\x95'
# ==> 00000010 01001110 10011110 10010101
salt = b"\x8d\x3d\x71\xd6\x1f\x47\xa9\x2d"
# salt will be 8 bytes, each \xnn means a byte:
# 10001101 00111101 01110001 11010110 00011111 01000111 10101001 00101101
# In this situation, we can use binascii.unhexlify() to covert hex string to binary array:
# salt = binascii.unhexlify("8d3d71d61f47a92d")
password = b"123456"
# This is the same as:
# password = b"\x31\x32\x33\x34\x35\x36"
print(binascii.hexlify(salt))
print(binascii.hexlify(password))
# derive
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=100000,
backend=backend
)
key = kdf.derive(password)
# This is the same as printf("%02x" data[i]) in c programming language.
print(binascii.hexlify(key))