KeyMgr Configuration

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

KeyMgr Configuration Settings

ContinueOnInvalidKey: Whether to continue loading the keyring when an invalid key is found.

This setting determines whether the component will continue loading keys when an invalid key is found. This is applicable when calling LoadKeyring. If set to False (default) the component throws an exception. If set to True the component will fire the Error event with information about the key which failed to load, and then continue loading additional keys.

ImportAllKeys: Whether or not to import all keys found in a key file.

When calling ImportKey with a UserId parameter of "*" or "", the component will import all keys found in the file if this property is set to True (default). If this is set to False when the UserId parameter of ImportKey is set to "*" or "", only the first key found in the file will be imported. The default value is True.

KeyEncryptionAlgorithm: The encryption algorithm used when creating a key.

Specifies the encryption algorithm to use when calling CreateKey. The default value is "CAST5". Possible values are "CAST5", "3DES", "AES256", "AES192", "AES128", "IDEA", and "BLOWFISH".

KeyIdLength: Specifies the length of the key's Id.

When querying the Id field the value will be returned with the length (in octets) specified. The default value is 4. The only other acceptable value is 8.

KeyUsage: Flags that show intended use for the key being created.

When calling CreateKey this setting defines the flags that show the intended use for the key. The default value is (0x0F). The value of KeyUsage is a combination of the following flags:


0x01	This key may be used to certify other keys.
0x02	This key may be used to sign data.
0x0C	This key may be used to encrypt communications and encrypt storage.
0x10	The private component of this key may have been split by a secret-sharing mechanism.
0x20	This key may be used for authentication.
0x80	The private component of this key may be in the possession of more than one person.

KeyValidityTime: The validity period for the key being created.

When CreateKey creates a new key, the key is valid the moment it is created. KeyValidityTime determines the number of days until expiration. The default value is 365 days. The special value 0 means the key will never expire.

PublicKeyAlgorithm: The public key algorithm for the key being created.

Specifies the public key algorithm to use when creating the key via CreateKey. The default value is "RSA". Possible values are "RSA", "DSA", and "RSA-Legacy".

The "RSA-Legacy" algorithm should not be used under normal circumstances. It should only be used to create PGP 2.6.2 compatible keys, when required. This type of key will not have subkeys.

Note: When creating a DSA key only PublicKeyLength values of 512 and 1024 are supported. Additionally the PublicKeySignatureHashAlgorithm value "MD5" is not supported.

PublicKeyLength: Specifies the public key length when creating a key.

Specifies the length of the public key when calling CreateKey. The default value is 1024. Common values are 512, 1024, and 2048.

DSAPublicSubKeyLength: Specifies the public subkey length when creating a DSA key.

This setting is only applicable when creating DSA keys with CreateKey. This specifies the length of the public ElGamal subkey. The value is 0 means this setting is not used and the subkey will have the length defined in PublicKeyLength. The default value is 0.

PublicKeySignatureHashAlgorithm: The public key signature hash algorithm used when creating a key.

This setting specifies the public key signature algorithm to be used when calling CreateKey. The default value is "SHA1". Possible values are:

SHA1 (default)
MD5
SHA256
SHA384
SHA512
SHA224

PublicKeyringFile: The file name of the public keyring file.

This specifies the name of the public keyring file. The default value is "pubring.gpg". This may be set to a file name only, or a full path including the file name.

SecretKeyringFile: The file name of the secret keyring file.

This specifies the name of the secret keyring file. The default value is "secring.gpg". This may be set to a file name only, or a full path including the file name.

RawKeyData: Returns detailed key and keyring data for debugging purposes.

This setting will return detailed debugging information about the current key and keyring.

RevocationCode: The reason why the key was revoked.

This setting specifies why the key was revoked. It is only applicable if Revoked is True. This may be set before calling RevokeKey and may be inspected after importing and selecting a revoked key. Possible values are:


0	No reason specified
1	Key is superseded
2	Key material has been compromised
3	Key is retired and no longer used
4	User Id information is no longer valid
100-110	Private Use

The default value is 0.

RevocationReason: Text describing why the key was revoked.

This setting specifies text description of why the key was revoked. It is only applicable if Revoked is True. This may be set before calling RevokeKey and may be queried after importing and selecting a revoked key. The default value is an empty string.

Revoker: The revoker's key Id.

This setting returns the key Id of the designated revoker associated with this key. This will only be present if a separate revoker was added to the key (for instance by calling AddRevoker). If more than one revoker was added this setting will return a comma-separated list of key Ids.

VersionHeader: The Version header value in ASCII armored public keys.

This setting specifies the Version header value included in newly created public keys. This includes keys that are exported via ExportPublicKey where the UseAsciiArmor parameter is true. The default value is "IPWorks! OpenPGP v9.0".

AutoSelectDSASignatureHashAlgorithm: Whether or not to select a suitable signature hash algorithm automatically.

When set to true the component will automatically select an appropriate hash algorithm for DSA keys. DSA requires that the hash be 160 bits or larger. This means the MD5 hash algorithm is not a valid option. The default value is True.

LogLevel: Specifies the level of detail that is logged.

This setting controls the level of detail that is logged through the Status event. Possible values are:


0 (None)	No events are logged.
1 (Info - default)	Informational events are logged.
2 (Verbose)	Detailed data is logged.
3 (Debug)	Debug data is logged.

UseFipsCompliantAlgorithms: Restricts the usage to FIPS compliant algorithms only.

When enabled the component will only support FIPS compliant algorithms. If a non-FIPS compliant algorithm is used an exception is thrown. The following algorithms are supported when this setting is True:

3DES
AES128
AES192
AES256
RSA
DSA
SHA1
SHA256
SHA384
SHA512
SHA224

The default value is False.

Base Configuration Settings


	GUIAvailable: Tells the component whether or not a message loop is available for processing events. In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The component will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation. In some non-GUI applications an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GuiAvailable to false will ensure that the component does not attempt to process external events.
	UseBackgroundThread: Whether threads created by the component are background threads. If set to True, when the component creates a thread the thread's IsBackground property will be explicitly set to True. By default this setting is False.
	UseManagedSecurityAPI: Tells the component whether or not to use the system security libraries or a managed implementation. By default the component will use the system security libraries to perform cryptographic functions. This means calls to unmanaged code will be made. In certain environments this is not desirable. To use a completely managed security implementation set this setting to True. Setting this to True tells the component to use the internal managed implementation instead of using the system's security API. Note that when this value is set the product's system dll is no longer required as a reference, as all unmanaged code is stored in this file.