CMS Pipeline Component
Properties Configuration Settings
The CMS pipeline component implements the Cryptography Message Syntax standard for encryption and decryption with public key cryptography and X.509 digital certificates.
Remarks
The CMS pipeline component is used for encrypting, decrypting, signing, and verifying messages. The pipeline component supports processing message in PEM, DER (binary) and SMIME formats.
CMS Encoder Pipeline Component
The Encoder takes an unencrypted/unsigned data entity and generates an CMS entity as output.
Encrypting
The Encoder will only encrypt incoming data if the EncryptData property is set to True. Encrypting requires that the RecipientCert property is set to a certificate containing the public key that should be used to encrypt the data. The EncryptingAlgorithm and UseOAEP properties can be specified for further control of encryption.
Signing
The Encoder will only sign the data if the SignData property is set to True. Signing requires that the Certificate property is set to a certificate containing the private key that should be used to sign the data. The SigningAlgorithm and UsePSS properties can be specified for further control of the signature.
CMS Decoder Pipeline Component
The Decoder takes an encrypted/signed CMS entity and will decrypt/verify the message and produce the original message.
Decrypting
The Decoder will only attempt to decrypt incoming data if the DecryptData property is set to True. Decryption requires that the Certificate property is set to a certificate containing the private key that can decrypt the data (the private key that is paired with the public key that was used to encrypt the data). The RequireOAEP property can be set to True to instruct the pipeline component to throw an error if the data was not encrypted with OAEP (Optimal Asymmetric Encryption Padding).
Verifying Signatures
The Decoder will only attempt to verify the signature of the incoming data if the VerifySignature property is set to True. Verification requires that the certificate used to sign the data was attached to the message, or that the SignerCert property is set to the signer's certificate. The RequirePSS property can be set to True to instruct the pipeline component to throw an error if the data was not signed with RSA-PSS (RSA Probabilistic Signature Scheme).
Encoder Property List
The following is the full list of the properties of the encoder pipeline component with short descriptions. Click on the links for further details.
Certificate | The Certificate used to Sign or Decrypt messages. |
EnableCompression | Specifies whether to compress the message. |
EncryptData | Whether to encrypt the data. |
EncryptionAlgorithm | The algorithm to use for encryption. |
IncludeCertificates | Specifies whether to include the signer's certificate with the signed message. |
Other | Defines a set of configuration settings to be used by the pipeline component. |
OutputFormat | Specifies the output format. |
RecipientCert | The certificate used to encrypt the data. |
RuntimeLicense | Specifies the component runtime license key. |
SignatureHashAlgorithm | The signature hash algorithm used during signing. |
SignData | Whether to sign the MIME data. |
TempPath | The path to which temporary files are written at runtime. |
TransportLog | Tells the component where and how to report information about its operations. |
UseOAEP | Whether to use OAEP when encrypting the MIME data. |
UsePSS | Whether to use RSA-PSS when signing. |
Decoder Property List
The following is the full list of the properties of the decoder pipeline component with short descriptions. Click on the links for further details.
Certificate | The Certificate used to Sign or Decrypt messages. |
DecryptData | Whether to decrypt the incoming data. |
EnableCompression | Specifies whether to compress the message. |
Other | Defines a set of configuration settings to be used by the pipeline component. |
RequireOAEP | Whether an error should be thrown if OAEP was not used to encrypt the incoming message. |
RequirePSS | Whether an error should be thrown if RSA-PSS was not used to encrypt the incoming message. |
RuntimeLicense | Specifies the component runtime license key. |
SignerCert | Contains the certificate of the message signer. |
TempPath | The path to which temporary files are written at runtime. |
TransportLog | Tells the component where and how to report information about its operations. |
VerifySignature | Whether to attempt to verify the signature on the SMIME data. |
Configuration Settings
The following is a list of configuration settings for the pipeline component with short descriptions. Click on the links for further details.
CompressBeforeSign | Specifies whether to compress before signing. |
GenerateSignatureTimestamp | Whether to generate timestamps in signatures. |
IncludeHeaders | Tells the component whether to include the headers when encoding the message. |
IncludeInternalHeaders | Tells the component whether or not to include the internal headers when encoding the message. |