GoogleKMS Component

Properties   Methods   Events   Config Settings   Errors  

The GoogleKMS component provides an easy-to-use interface for the Google Cloud Key Management Service.

Syntax

TckGoogleKMS

Remarks

The GoogleKMS component makes it easy to work with the Google Cloud Key Management Service (KMS) in a secure manner using TLS. Google KMS allows you to create and manage key rings that contain symmetric and asymmetric keys. Each key has one or more versions which can be used for cryptographic operations.

To begin, register for a Google Cloud account. Set the GoogleProjectId property to your full Google Cloud project Id, and set the Location property to the Google Cloud location you'd like to make requests against (by default, the us multi-regional location is used). Note that each location's resources are completely separate from the others'.

This component requires authentication via OAuth 2.0. First, perform OAuth authentication using the OAuth property to set the appropriate fields for the chosen OAuthClientProfile and OAuthGrantType.

The component has the following defaults:

Application Profile

This profile encompasses the most basic grant types that OAuth supports. When this profile is set, all the requests and response handling is done by the component. Depending on the grant type, this may involve launching a browser so a user can login to authenticate with a authorization server. It may also involve starting an embedded web server to receive a response from a redirect.

To start the authentication and authorization process, the Authorize method should be called. If the authorization and authentication was successful, then the OAuthAccessToken property will be populated. Additionally, if a refresh token was provided the OAuthRefreshToken property will be populated as well. These values of the fields are for informational purposes. The component will also cache these tokens along with when the OAuthAccessToken will be expired. When a method that makes requests to the service provider is called or the Authorize method is called the component will automatically check to see if the access token is expired. If it is, it will then automatically try to get a new OAuthAccessToken. If the Authorize method was not used and user interaction would be required, the component will throw an error which can be caught. When user interaction is needed depends on what grant type is set in the OAuthGrantType property. To force the component to only check the access token when the Authorize method is called, the OAuthAutomaticRefresh configuration setting can be set to false.

A brief description of the supported values for the OAuthGrantType property are below. For more information, see the service documentation.

Authorization Code

When using the Authorization Code grant type, the component will use an authorization code to get an access token. For this OAuthGrantType the component expects a OAuthClientId, OAuthClientSecret, OAuthServerAuthURL, and OAuthServerTokenURL to be set. When the Authorize method is called, the component will start the embedded web server and launch the browser so the user can authorize the application. Once the user authorizes, the service provider will redirect them to the embedded web server and the component will parse the authorization code, setting the OAuthAuthorizationCode property, from the redirect. Immediately, the component will make a request to the token server to exchange the authorization code for an access token. The token server will return an access token and possibly a refresh token. If the OAuthRefreshToken property is set, or a refresh token is cached, then the component will not launch the browser and use the refresh token in its request to the token server instead of an authorization code.

Example: GoogleKMS googlekms = new GoogleKMS(); googlekms.OAuth.ClientProfile = CloudOAuthClientProfiles.cocpApplication; googlekms.OAuth.GrantType = OAuthSettingsGrantTypes.cogtAuthorizationCode; googlekms.OAuth.ClientId = CLIENT_ID; googlekms.OAuth.ClientSecret = CLIENT_SECRET; googlekms.Authorize();

Implicit

Note: This grant type is considered insecure and should only be used when necessary.

When using the Implicit grant type, the component will request the authorization server to get an access token. For this OAuthGrantType the component expects a OAuthClientId, OAuthClientSecret, and OAuthServerAuthURL to be set. When the Authorize method is called, the component will start the embedded web server and launch the browser so the user can authorize the application. Once the user authorizes, the service provider will redirect them to the embedded web server and the component will parse the access token from the redirect.

A disadvantage of the grant type is that can not use a refresh token to silently get a new access token. Most service providers offer a way to silently get a new access token. See the service documentation for specifics. This means the component will not be able to automatically get a fresh token once it expires.

Web Profile

External OAuth Support

Bearer ACCESS_TOKEN_VALUE

Assign this value to the Authorization property before attempting any operations. Setting the Authorization property will cause the component to ignore the values set in the OAuth property.

For Example: Oauth oauth = new Oauth(); oauth.ClientId = "CLIENT_ID"; oauth.ClientSecret = "CLIENT_SECRET"; oauth.AuthorizationScope = "https://www.googleapis.com/auth/cloud-platform"; oauth.ServerAuthURL = "https://accounts.google.com/o/oauth2/auth"; oauth.ServerTokenURL = "https://accounts.google.com/o/oauth2/token"; oauth.GrantType = OauthGrantTypes.ogtAuthorizationCode; googlekms.Authorization = oauth.GetAuthorization(); Consult the documentation for the service for more information about supported scope values and more details on OAuth authentication.

Using the Component

First, select which key ring the component should interact with using the KeyRing property. If the selected key ring does not yet exist, use the CreateKeyRing method to create it. Note that key rings cannot be deleted later, and therefore key ring names can never be reused within a given Location (unless you create a new Google Cloud project).

Once a key ring has been selected (and created, if necessary), keys can be created in it using the CreateKey method. A key consists of one or more key versions (which themselves can be thought of as distinct resources), each of which has its own cryptographic material. Symmetric keys have a primary version which is used when encrypting data. Asymmetric keys do not have a primary version; a specific version must always be targeted.

When a key is created, a single key version is automatically created for it as well (and for symmetric keys, this becomes the primary version). Additional key versions can be created using the CreateVersion method. Each key version receives a sequentially-assigned version Id, and the first version's Id is always 1. As will become apparent, most operations are performed with key versions, not keys. googlekms.KeyRing = "MyKeyRing"; googlekms.CreateKeyRing(); // When a key is created, you specify its name, purpose, algorithm, and protection level. // Refer to the CreateKey method's documentation for more information. googlekms.CreateKey("MyKey", 1, "GOOGLE_SYMMETRIC_ENCRYPTION", false); // When a new version is created, the algorithm and protection level are reused. googlekms.CreateVersion("MyKey");

Like key rings, keys and key versions cannot be deleted. However, a key version can be disabled, or its cryptographic material can be destroyed, making it permanently unusable. To enable or disable a key version, use the SetVersionEnabled method; to destroy a key version's cryptographic material, use the DestroyVersion method. Note that the latter doesn't destroy the cryptographic material immediately; instead, it schedules it for destruction 24 hours from the time of the call. The CancelDestruction method can be called within this waiting period to cancel the destruction. // Disable a key version to make it unusable until it is re-enabled. googlekms.SetVersionEnabled("MyKey", "7", false); // Destroy a key version's cryptographic material to make it permanently unusable. googlekms.DestroyVersion("MyKey", "7"); // The destruction takes place after a 24 hour waiting period; it can be canceled during that period. // If destruction is canceled, the key version is always placed into a disabled state. googlekms.CancelDestruction("MyKey", "7");

To list key rings, keys, or key versions, use the ListKeyRings, ListKeys, or ListVersions method. If there are multiple pages of results when listing a resource, the appropriate marker property will be populated, and all pages of results can be accumulated by continuing to call the relevant listing method until the marker property is empty. do { googlekms.ListKeyRings(); } while (!string.IsNullOrEmpty(googlekms.KeyRingMarker)); foreach (GoogleKeyRing keyring in googlekms.KeyRings) { Console.WriteLine(keyring.Name); } googlekms.KeyRing = "MyKeyRing"; do { googlekms.ListKeys(); } while (!string.IsNullOrEmpty(googlekms.KeyMarker)); foreach (GoogleKey key in googlekms.Keys) { Console.WriteLine(key.Name); } do { googlekms.ListKeyVersions("MyKey"); } while (!string.IsNullOrEmpty(googlekms.VersionMarker)); foreach (GoogleKeyVersion version in googlekms.Versions) { Console.WriteLine(version.Name + " " + version.VersionId); }

Depending on a key's purpose, it can be used to perform different cryptographic operations. Keys whose purpose is encryption/decryption can be used in Encrypt and Decrypt operations. Keys whose purpose is sign/verify can be used in Sign and Verify operations. To perform a cryptographic operation, use InputData or InputFile to supply the input data that should be processed. All operations will output the result data to OutputData or OutputFile (except Verify; refer to its documentation for more information).

Note that Google does not support server-side asymmetric encryption or asymmetric verification. The component performs these operations locally as a convenience to account for this. // Create an asymmetric key whose purpose is encryption/decryption. googlekms.CreateKey("MyAsymmEncKey", 3, "RSA_DECRYPT_OAEP_3072_SHA256", false); // Encrypt the string "Test123" and write the encrypted data to an output file. googlekms.InputData = "Test123"; googlekms.OutputFile = "C:/temp/enc.dat"; googlekms.Encrypt("MyAsymmEncKey", "1"); // ...Later, decrypt the data again. googlekms.InputFile = "C:/temp/enc.dat"; googlekms.OutputFile = ""; // So that the data will be output to the OutputData property. googlekms.Decrypt("MyAsymmEncKey", "1");

The component also supports a variety of other functionality, including:

• Retrieval of a single resource's information with GetKeyRingInfo, GetKeyInfo, or GetVersionInfo.
• Getting an asymmetric key's public key using GetPublicKey.
• Label support using AddLabel and the Labels properties.
• Updating key information with UpdateKey and SetPrimaryVersion.
• And more!

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AdditionalData Property (GoogleKMS Component)

Additional data to send when performing symmetric encryption or decryption.

Syntax

__property String AdditionalData = { read=FAdditionalData, write=FSetAdditionalData };
__property DynamicArray<Byte> AdditionalDataB = { read=FAdditionalDataB, write=FSetAdditionalDataB };

Default Value

""

Remarks

This property can be set before calling Encrypt or Decrypt with a symmetric key to have the server include the specified data, known as additional authenticated data, when performing the cryptographic operation. If such data is provided during encryption, it must also be provided in order to successfully decrypt the data. Refer to the Google Cloud KMS documentation for more information.

Up to 65536 bytes of data may be provided. Note that this property is ignored when asymmetric encryption or decryption is performed.

This property is not available at design time.

Data Type

Byte Array

Authorization Property (GoogleKMS Component)

OAuth 2.0 Authorization Token.

Syntax

__property String Authorization = { read=FAuthorization, write=FSetAuthorization };

Default Value

""

Remarks

This component supports authentication via OAuth 2.0. First, perform OAuth authentication using the OAuth component or a separate process. Once complete you should have an authorization string which looks like:

Bearer ACCESS_TOKEN

Data Type

String

FirewallAutoDetect Property (GoogleKMS Component)

Whether to automatically detect and use firewall system settings, if available.

Syntax

__property bool FirewallAutoDetect = { read=FFirewallAutoDetect, write=FSetFirewallAutoDetect };

Default Value

False

Remarks

Whether to automatically detect and use firewall system settings, if available.

Data Type

Boolean

FirewallType Property (GoogleKMS Component)

The type of firewall to connect through.

Syntax

__property TckGoogleKMSFirewallTypes FirewallType = { read=FFirewallType, write=FSetFirewallType };

enum TckGoogleKMSFirewallTypes {
  fwNone=0,
  fwTunnel=1,
  fwSOCKS4=2,
  fwSOCKS5=3,
  fwSOCKS4A=10
};

Default Value

fwNone

Remarks

The type of firewall to connect through. The applicable values are as follows:

Data Type

Integer

FirewallHost Property (GoogleKMS Component)

The name or IP address of the firewall (optional).

Syntax

__property String FirewallHost = { read=FFirewallHost, write=FSetFirewallHost };

Default Value

""

Remarks

The name or IP address of the firewall (optional). If a FirewallHost is given, the requested connections will be authenticated through the specified firewall when connecting.

If this property is set to a Domain Name, a DNS request is initiated. Upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, the component raises an exception.

Data Type

String

FirewallPassword Property (GoogleKMS Component)

A password if authentication is to be used when connecting through the firewall.

Syntax

__property String FirewallPassword = { read=FFirewallPassword, write=FSetFirewallPassword };

Default Value

""

Remarks

A password if authentication is to be used when connecting through the firewall. If FirewallHost is specified, the FirewallUser and FirewallPassword properties are used to connect and authenticate to the given firewall. If the authentication fails, the component raises an exception.

Data Type

String

FirewallPort Property (GoogleKMS Component)

The Transmission Control Protocol (TCP) port for the firewall Host .

Syntax

__property int FirewallPort = { read=FFirewallPort, write=FSetFirewallPort };

Default Value

0

Remarks

The Transmission Control Protocol (TCP) port for the firewall FirewallHost. See the description of the FirewallHost property for details.

Note: This property is set automatically when FirewallType is set to a valid value. See the description of the FirewallType property for details.

Data Type

Integer

FirewallUser Property (GoogleKMS Component)

A username if authentication is to be used when connecting through a firewall.

Syntax

__property String FirewallUser = { read=FFirewallUser, write=FSetFirewallUser };

Default Value

""

Remarks

A username if authentication is to be used when connecting through a firewall. If FirewallHost is specified, this property and the FirewallPassword property are used to connect and authenticate to the given Firewall. If the authentication fails, the component raises an exception.

Data Type

String

GoogleProjectId Property (GoogleKMS Component)

The Id of the Google Cloud project to make requests against.

Syntax

__property String GoogleProjectId = { read=FGoogleProjectId, write=FSetGoogleProjectId };

Default Value

""

Remarks

This property specifies the Id of the Google Cloud project that the component should make requests against; it must be set before attempting any operations.

Note that the full Google Cloud project Id must be specified, not just the project number.

This property is not available at design time.

Data Type

String

Idle Property (GoogleKMS Component)

The current status of the component.

Syntax

__property bool Idle = { read=FIdle };

Default Value

True

Remarks

This property will be False if the component is currently busy (communicating or waiting for an answer), and True at all other times.

This property is read-only.

Data Type

Boolean

InputData Property (GoogleKMS Component)

The data to process.

Syntax

__property String InputData = { read=FInputData, write=FSetInputData };
__property DynamicArray<Byte> InputDataB = { read=FInputDataB, write=FSetInputDataB };

Default Value

""

Remarks

This property specifies the data that should be processed in a cryptographic operation.

Input Sources & Output Destinations

The component automatically determines the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

1. The InputFile property
2. The InputData property

The first valid input source found is used. The order in which the output properties are considered is as follows:

1. The OutputFile property
2. The OutputData property

This property is not available at design time.

Data Type

Byte Array

InputFile Property (GoogleKMS Component)

The file whose data should be processed.

Syntax

__property String InputFile = { read=FInputFile, write=FSetInputFile };

Default Value

""

Remarks

This property specifies the file whose data should be processed in a cryptographic operation. It accepts both absolute and relative file paths.

Input Sources & Output Destinations

The component automatically determines the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

1. The InputFile property
2. The InputData property

The first valid input source found is used. The order in which the output properties are considered is as follows:

1. The OutputFile property
2. The OutputData property

Data Type

String

KeyMarker Property (GoogleKMS Component)

A marker indicating what page of keys to return next.

Syntax

__property String KeyMarker = { read=FKeyMarker, write=FSetKeyMarker };

Default Value

""

Remarks

This property will be populated when ListKeys is called if the results are paged and there are more pages. To list all keys, continue to call ListKeys until this property returns empty string.

Refer to ListKeys for more information.

This property is not available at design time.

Data Type

String

KeyRing Property (GoogleKMS Component)

Selects a key ring for the component to interact with.

Syntax

__property String KeyRing = { read=FKeyRing, write=FSetKeyRing };

Default Value

""

Remarks

This property specifies the key ring, by name, that the component should interact with.

This property is not available at design time.

Data Type

String

KeyRingMarker Property (GoogleKMS Component)

A marker indicating what page of key rings to return next.

Syntax

__property String KeyRingMarker = { read=FKeyRingMarker, write=FSetKeyRingMarker };

Default Value

""

Remarks

This property will be populated when ListKeyRings is called if the results are paged and there are more pages. To list all key rings, continue to call ListKeyRings until this property returns empty string.

Refer to ListKeyRings for more information.

This property is not available at design time.

Data Type

String

KeyRingCount Property (GoogleKMS Component)

The number of records in the KeyRing arrays.

Syntax

__property int KeyRingCount = { read=FKeyRingCount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• KeyRingCreationDate
• KeyRingName

The array indices start at 0 and end at KeyRingCount - 1.

This property is read-only and not available at design time.

Data Type

Integer

KeyRingCreationDate Property (GoogleKMS Component)

The key ring's creation date.

Syntax

__property String KeyRingCreationDate[int KeyRingIndex] = { read=FKeyRingCreationDate };

Default Value

""

Remarks

The key ring's creation date.

This property reflects the key ring's creation date, formatted as an RFC 3339 UTC timestamp.

The KeyRingIndex parameter specifies the index of the item in the array. The size of the array is controlled by the KeyRingCount property.

This property is read-only and not available at design time.

Data Type

String

KeyRingName Property (GoogleKMS Component)

The name of the key ring.

Syntax

__property String KeyRingName[int KeyRingIndex] = { read=FKeyRingName };

Default Value

""

Remarks

The name of the key ring.

This property reflects the name of the key ring.

The KeyRingIndex parameter specifies the index of the item in the array. The size of the array is controlled by the KeyRingCount property.

This property is read-only and not available at design time.

Data Type

String

KeyCount Property (GoogleKMS Component)

The number of records in the Key arrays.

Syntax

__property int KeyCount = { read=FKeyCount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• KeyCreationDate
• KeyName
• KeyNextRotateDate
• KeyPrimaryVersion
• KeyPurpose
• KeyRingCreationDate
• KeyRingName
• KeyRotationPeriod
• KeyTemplateAlgorithm
• KeyTemplateProtectionLevel

The array indices start at 0 and end at KeyCount - 1.

This property is read-only and not available at design time.

Data Type

Integer

KeyCreationDate Property (GoogleKMS Component)

The key's creation date.

Syntax

__property String KeyCreationDate[int KeyIndex] = { read=FKeyCreationDate };

Default Value

""

Remarks

The key's creation date.

This property reflects the key's creation date, formatted as an RFC 3339 UTC timestamp.

The KeyIndex parameter specifies the index of the item in the array. The size of the array is controlled by the KeyCount property.

This property is read-only and not available at design time.

Data Type

String

KeyName Property (GoogleKMS Component)

The name of the key.

Syntax

__property String KeyName[int KeyIndex] = { read=FKeyName };

Default Value

""

Remarks

The name of the key.

This property reflects the name of the key.

The KeyIndex parameter specifies the index of the item in the array. The size of the array is controlled by the KeyCount property.

This property is read-only and not available at design time.

Data Type

String

KeyNextRotateDate Property (GoogleKMS Component)

The key's next rotation date.

Syntax

__property String KeyNextRotateDate[int KeyIndex] = { read=FKeyNextRotateDate };

Default Value

""

Remarks

The key's next rotation date.

This property reflects the key's next rotation date, formatted as an RFC 3339 UTC timestamp, or empty string if automatic rotation is not enabled.

Note that automatic rotation is only supported for symmetric keys.

The KeyIndex parameter specifies the index of the item in the array. The size of the array is controlled by the KeyCount property.

This property is read-only and not available at design time.

Data Type

String

KeyPrimaryVersion Property (GoogleKMS Component)

The Id of the key's primary version.

Syntax

__property String KeyPrimaryVersion[int KeyIndex] = { read=FKeyPrimaryVersion };

Default Value

""

Remarks

The Id of the key's primary version.

For symmetric keys, this property reflects the Id of the key's primary version. For asymmetric keys, this property is always empty, since asymmetric keys cannot have a primary version.

The KeyIndex parameter specifies the index of the item in the array. The size of the array is controlled by the KeyCount property.

This property is read-only and not available at design time.

Data Type

String

KeyPurpose Property (GoogleKMS Component)

The key's purpose.

Syntax

__property TckGoogleKMSKeyPurposes KeyPurpose[int KeyIndex] = { read=FKeyPurpose };

enum TckGoogleKMSKeyPurposes {
  gkpUnspecified=0,
  gkpEncryptDecrypt=1,
  gkpAsymmetricSign=2,
  gkpAsymmetricDecrypt=3
};

Default Value

gkpUnspecified

Remarks

The key's purpose.

This property reflects the key's purpose. Possible values are:

• gkpUnspecified (0)
• gkpEncryptDecrypt (1) (indicates the key is symmetric)
• gkpAsymmetricSign (2)
• gkpAsymmetricDecrypt (3)

The KeyIndex parameter specifies the index of the item in the array. The size of the array is controlled by the KeyCount property.

This property is read-only and not available at design time.

Data Type

Integer

KeyRotationPeriod Property (GoogleKMS Component)

The key's rotation period.

Syntax

__property String KeyRotationPeriod[int KeyIndex] = { read=FKeyRotationPeriod };

Default Value

""

Remarks

The key's rotation period.

This property reflects the key's rotation period, formatted as a number of seconds with up to nine fractional digits with a trailing s (e.g., 3.5984s); or empty string if automatic rotation is not enabled.

Note that automatic rotation is only supported for symmetric keys.

The KeyIndex parameter specifies the index of the item in the array. The size of the array is controlled by the KeyCount property.

This property is read-only and not available at design time.

Data Type

String

KeyTemplateAlgorithm Property (GoogleKMS Component)

The algorithm to use when new versions of the key are created.

Syntax

__property String KeyTemplateAlgorithm[int KeyIndex] = { read=FKeyTemplateAlgorithm };

Default Value

""

Remarks

The algorithm to use when new versions of the key are created.

This property reflects the algorithm to use when new versions of the key are created by CreateVersion.

The KeyIndex parameter specifies the index of the item in the array. The size of the array is controlled by the KeyCount property.

This property is read-only and not available at design time.

Data Type

String

KeyTemplateProtectionLevel Property (GoogleKMS Component)

The protection level to use when new versions of the key are created.

Syntax

__property String KeyTemplateProtectionLevel[int KeyIndex] = { read=FKeyTemplateProtectionLevel };

Default Value

""

Remarks

The protection level to use when new versions of the key are created.

This property reflects the protection level to use when new versions of the key are created by CreateVersion. Possible values are:

• SOFTWARE
• HSM
• EXTERNAL

The KeyIndex parameter specifies the index of the item in the array. The size of the array is controlled by the KeyCount property.

This property is read-only and not available at design time.

Data Type

String

LabelCount Property (GoogleKMS Component)

The number of records in the Label arrays.

Syntax

__property int LabelCount = { read=FLabelCount, write=FSetLabelCount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• LabelName
• LabelValue

The array indices start at 0 and end at LabelCount - 1.

This property is not available at design time.

Data Type

Integer

LabelName Property (GoogleKMS Component)

The name of the label.

Syntax

__property String LabelName[int LabelIndex] = { read=FLabelName, write=FSetLabelName };

Default Value

""

Remarks

The name of the label.

This property specifies the name of the label.

The LabelIndex parameter specifies the index of the item in the array. The size of the array is controlled by the LabelCount property.

This property is not available at design time.

Data Type

String

LabelValue Property (GoogleKMS Component)

The value of the label.

Syntax

__property String LabelValue[int LabelIndex] = { read=FLabelValue, write=FSetLabelValue };

Default Value

""

Remarks

The value of the label.

This property specifies the value of the label.

The LabelIndex parameter specifies the index of the item in the array. The size of the array is controlled by the LabelCount property.

This property is not available at design time.

Data Type

String

LocalHost Property (GoogleKMS Component)

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

__property String LocalHost = { read=FLocalHost, write=FSetLocalHost };

Default Value

""

Remarks

This property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the IP address of an interface will make the component initiate connections (or accept in the case of server components) only through that interface. It is recommended to provide an IP address rather than a hostname when setting this property to ensure the desired interface is used.

If the component is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

Note: LocalHost is not persistent. You must always set it in code, and never in the property window.

Data Type

String

Location Property (GoogleKMS Component)

The Google Cloud location to make requests against.

Syntax

__property String Location = { read=FLocation, write=FSetLocation };

Default Value

"us"

Remarks

This property specifies the Google Cloud location that the component should make requests against.

Regional Locations:

A regional location's data centers exist in a specific geographical place.

Dual-Regional Locations:

A dual-regional location's data centers exist in two specific geographical places (plus a third region included for data replication and durability).

Multi-Regional Locations:

A multi-regional location's data centers are spread across a geographical area; it is not possible to predict or control exactly which data centers are selected or where they are located.

The component will always convert this property's value to lowercase. If this property is cleared, the component will reset it to the default value.

This property is not available at design time.

Data Type

String

OAuthAccessToken Property (GoogleKMS Component)

The access token returned by the authorization server.

Syntax

__property String OAuthAccessToken = { read=FOAuthAccessToken, write=FSetOAuthAccessToken };

Default Value

""

Remarks

The access token returned by the authorization server. This is set when the component makes a request to the token server.

This property is not available at design time.

Data Type

String

OAuthAuthorizationCode Property (GoogleKMS Component)

The authorization code that is exchanged for an access token.

Syntax

__property String OAuthAuthorizationCode = { read=FOAuthAuthorizationCode, write=FSetOAuthAuthorizationCode };

Default Value

""

Remarks

The authorization code that is exchanged for an access token. This is required to be set when the OAuthClientProfile property is set to the Web profile. Otherwise, this field is for information purposes only.

This property is not available at design time.

Data Type

String

OAuthAuthorizationScope Property (GoogleKMS Component)

The scope request or response parameter used during authorization.

Syntax

__property String OAuthAuthorizationScope = { read=FOAuthAuthorizationScope, write=FSetOAuthAuthorizationScope };

Default Value

""

Remarks

The scope request or response parameter used during authorization.

This property is not available at design time.

Data Type

String

OAuthClientId Property (GoogleKMS Component)

The id of the client assigned when registering the application.

Syntax

__property String OAuthClientId = { read=FOAuthClientId, write=FSetOAuthClientId };

Default Value

""

Remarks

The id of the client assigned when registering the application.

This property is not available at design time.

Data Type

String

OAuthClientProfile Property (GoogleKMS Component)

The type of client that is requesting authorization.

Syntax

__property TckGoogleKMSOAuthClientProfiles OAuthClientProfile = { read=FOAuthClientProfile, write=FSetOAuthClientProfile };

enum TckGoogleKMSOAuthClientProfiles {
  cocpApplication=0,
  cocpWeb=1
};

Default Value

cocpApplication

Remarks

The type of client that is requesting authorization. See the introduction section for more information. Possible values are:

This property is not available at design time.

Data Type

Integer

OAuthClientSecret Property (GoogleKMS Component)

The secret value for the client assigned when registering the application.

Syntax

__property String OAuthClientSecret = { read=FOAuthClientSecret, write=FSetOAuthClientSecret };

Default Value

""

Remarks

The secret value for the client assigned when registering the application.

This property is not available at design time.

Data Type

String

OAuthGrantType Property (GoogleKMS Component)

The OAuth grant type used to acquire an OAuth access token.

Syntax

__property TckGoogleKMSOAuthGrantTypes OAuthGrantType = { read=FOAuthGrantType, write=FSetOAuthGrantType };

enum TckGoogleKMSOAuthGrantTypes {
  cogtAuthorizationCode=0,
  cogtImplicit=1,
  cogtPassword=2,
  cogtClientCredentials=3
};

Default Value

cogtAuthorizationCode

Remarks

The OAuth grant type used to acquire an OAuth access token. See the introduction section for more information. Possible values are:

This property is not available at design time.

Data Type

Integer

OAuthRefreshToken Property (GoogleKMS Component)

Specifies the refresh token received from or sent to the authorization server.

Syntax

__property String OAuthRefreshToken = { read=FOAuthRefreshToken, write=FSetOAuthRefreshToken };

Default Value

""

Remarks

Specifies the refresh token received from or sent to the authorization server. This property is set automatically if a refresh token is retrieved from the token server. If the OAuthAutomaticRefresh configuration setting is set to true, and the OAuthGrantType property is set to a grant that can use refresh tokens.

This property is not available at design time.

Data Type

String

OAuthRequestRefreshToken Property (GoogleKMS Component)

Specifies whether the component will request a refresh token during authorization.

Syntax

__property bool OAuthRequestRefreshToken = { read=FOAuthRequestRefreshToken, write=FSetOAuthRequestRefreshToken };

Default Value

true

Remarks

Specifies whether the component will request a refresh token during authorization. By default, this value is True.

When True, the component will automatically add the necessary scopes or parameters to obtain a refresh token. When False, this property will have no effect. If the necessary scopes or parameters are specified manually, a refresh token can still be obtained.

Note: This property is only applicable when the OAuthGrantType property is set to cogtAuthorizationCode.

This property is not available at design time.

Data Type

Boolean

OAuthReturnURL Property (GoogleKMS Component)

The URL where the user (browser) returns after authenticating.

Syntax

__property String OAuthReturnURL = { read=FOAuthReturnURL, write=FSetOAuthReturnURL };

Default Value

""

Remarks

The URL where the user (browser) returns after authenticating. This property is mapped to the redirect_uri parameter when making a request to the authorization server. Typically, this is automatically set by the component when using the embedded web server. If the OAuthWebServerPort or OAuthWebServerHost configuration settings is set, then this property should be set to match. If using the Web client profile, this should be set to the place where the authorization code will be parsed out of the response after the user finishes authorizing.

This property is not available at design time.

Data Type

String

OAuthServerAuthURL Property (GoogleKMS Component)

The URL of the authorization server.

Syntax

__property String OAuthServerAuthURL = { read=FOAuthServerAuthURL, write=FSetOAuthServerAuthURL };

Default Value

""

Remarks

The URL of the authorization server.

This property is not available at design time.

Data Type

String

OAuthServerTokenURL Property (GoogleKMS Component)

The URL of the token server used to obtain the access token.

Syntax

__property String OAuthServerTokenURL = { read=FOAuthServerTokenURL, write=FSetOAuthServerTokenURL };

Default Value

""

Remarks

The URL of the token server used to obtain the access token.

This property is not available at design time.

Data Type

String

OAuthWebAuthURL Property (GoogleKMS Component)

The URL to which the user should be re-directed for authorization.

Syntax

__property String OAuthWebAuthURL = { read=FOAuthWebAuthURL };

Default Value

""

Remarks

The URL to which the user should be re-directed for authorization. This field is used to get the URL that the user should be redirected to when using the Web client profile. See introduction section for more information.

This property is read-only and not available at design time.

Data Type

String

OtherHeaders Property (GoogleKMS Component)

Other headers as determined by the user (optional).

Syntax

__property String OtherHeaders = { read=FOtherHeaders, write=FSetOtherHeaders };

Default Value

""

Remarks

This property can be set to a string of headers to be appended to the HTTP request headers created from other properties like ContentType and From.

The headers must follow the format Header: Value as described in the HTTP specifications. Header lines should be separated by CRLF ("\r\n") .

Use this property with caution. If this property contains invalid headers, HTTP requests may fail.

This property is useful for extending the functionality of the component beyond what is provided.

This property is not available at design time.

Data Type

String

OutputData Property (GoogleKMS Component)

The output data.

Syntax

__property String OutputData = { read=FOutputData, write=FSetOutputData };
__property DynamicArray<Byte> OutputDataB = { read=FOutputDataB, write=FSetOutputDataB };

Default Value

""

Remarks

This property is populated with the data that was output from a successful cryptographic operation.

Note: For the Verify operation, this property functions as a secondary input property instead (along with InputData); refer to the Verify method for more information.

Input Sources & Output Destinations

The component automatically determines the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

1. The InputFile property
2. The InputData property

The first valid input source found is used. The order in which the output properties are considered is as follows:

1. The OutputFile property
2. The OutputData property

This property is not available at design time.

Data Type

Byte Array

OutputFile Property (GoogleKMS Component)

The file to which output data should be written.

Syntax

__property String OutputFile = { read=FOutputFile, write=FSetOutputFile };

Default Value

""

Remarks

This property specifies the file to which data output from a successful cryptographic operation should be written.

Note: For the Verify operation, the specified file functions as a secondary input file instead (along with InputFile); refer to the Verify method for more information.

Input Sources & Output Destinations

The component automatically determines the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

1. The InputFile property
2. The InputData property

The first valid input source found is used. The order in which the output properties are considered is as follows:

1. The OutputFile property
2. The OutputData property

Data Type

String

Overwrite Property (GoogleKMS Component)

Whether the output file should be overwritten if necessary.

Syntax

__property bool Overwrite = { read=FOverwrite, write=FSetOverwrite };

Default Value

false

Remarks

This property controls whether the specified OutputFile should be overwritten if it already exists.

Data Type

Boolean

ParsedHeaderCount Property (GoogleKMS Component)

The number of records in the ParsedHeader arrays.

Syntax

__property int ParsedHeaderCount = { read=FParsedHeaderCount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• ParsedHeaderField
• ParsedHeaderValue

The array indices start at 0 and end at ParsedHeaderCount - 1.

This property is read-only and not available at design time.

Data Type

Integer

ParsedHeaderField Property (GoogleKMS Component)

This property contains the name of the HTTP header (this is the same case as it is delivered).

Syntax

__property String ParsedHeaderField[int ParsedHeaderIndex] = { read=FParsedHeaderField };

Default Value

""

Remarks

This property contains the name of the HTTP Header (this is the same case as it is delivered).

The ParsedHeaderIndex parameter specifies the index of the item in the array. The size of the array is controlled by the ParsedHeaderCount property.

This property is read-only and not available at design time.

Data Type

String

ParsedHeaderValue Property (GoogleKMS Component)

This property contains the header contents.

Syntax

__property String ParsedHeaderValue[int ParsedHeaderIndex] = { read=FParsedHeaderValue };

Default Value

""

Remarks

This property contains the Header contents.

The ParsedHeaderIndex parameter specifies the index of the item in the array. The size of the array is controlled by the ParsedHeaderCount property.

This property is read-only and not available at design time.

Data Type

String

ProxyAuthScheme Property (GoogleKMS Component)

The type of authorization to perform when connecting to the proxy.

Syntax

__property TckGoogleKMSProxyAuthSchemes ProxyAuthScheme = { read=FProxyAuthScheme, write=FSetProxyAuthScheme };

enum TckGoogleKMSProxyAuthSchemes {
  authBasic=0,
  authDigest=1,
  authProprietary=2,
  authNone=3,
  authNtlm=4,
  authNegotiate=5
};

Default Value

authBasic

Remarks

The type of authorization to perform when connecting to the proxy. This is used only when the ProxyUser and ProxyPassword properties are set.

ProxyAuthScheme should be set to authNone (3) when no authentication is expected.

By default, ProxyAuthScheme is authBasic (0), and if the ProxyUser and ProxyPassword properties are set, the component will attempt basic authentication.

If ProxyAuthScheme is set to authDigest (1), digest authentication will be attempted instead.

If ProxyAuthScheme is set to authProprietary (2), then the authorization token will not be generated by the component. Look at the configuration file for the component being used to find more information about manually setting this token.

If ProxyAuthScheme is set to authNtlm (4), NTLM authentication will be used.

For security reasons, setting this property will clear the values of ProxyUser and ProxyPassword.

Data Type

Integer

ProxyAutoDetect Property (GoogleKMS Component)

Whether to automatically detect and use proxy system settings, if available.

Syntax

__property bool ProxyAutoDetect = { read=FProxyAutoDetect, write=FSetProxyAutoDetect };

Default Value

False

Remarks

Whether to automatically detect and use proxy system settings, if available. The default value is false.

Data Type

Boolean

ProxyPassword Property (GoogleKMS Component)

A password if authentication is to be used for the proxy.

Syntax

__property String ProxyPassword = { read=FProxyPassword, write=FSetProxyPassword };

Default Value

""

Remarks

A password if authentication is to be used for the proxy.

If ProxyAuthScheme is set to Basic Authentication, the ProxyUser and ProxyPassword properties are Base64 encoded and the proxy authentication token will be generated in the form Basic [encoded-user-password].

If ProxyAuthScheme is set to Digest Authentication, the ProxyUser and ProxyPassword properties are used to respond to the Digest Authentication challenge from the server.

If ProxyAuthScheme is set to NTLM Authentication, the ProxyUser and ProxyPassword properties are used to authenticate through NTLM negotiation.

Data Type

String

ProxyPort Property (GoogleKMS Component)

The Transmission Control Protocol (TCP) port for the proxy Server (default 80).

Syntax

__property int ProxyPort = { read=FProxyPort, write=FSetProxyPort };

Default Value

80

Remarks

The Transmission Control Protocol (TCP) port for the proxy ProxyServer (default 80). See the description of the ProxyServer property for details.

Data Type

Integer

ProxyServer Property (GoogleKMS Component)

If a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.

Syntax

__property String ProxyServer = { read=FProxyServer, write=FSetProxyServer };

Default Value

""

Remarks

If a proxy ProxyServer is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.

If the ProxyServer property is set to a domain name, a DNS request is initiated. Upon successful termination of the request, the ProxyServer property is set to the corresponding address. If the search is not successful, an error is returned.

Data Type

String

ProxySSL Property (GoogleKMS Component)

When to use a Secure Sockets Layer (SSL) for the connection to the proxy.

Syntax

__property TckGoogleKMSProxySSLs ProxySSL = { read=FProxySSL, write=FSetProxySSL };

enum TckGoogleKMSProxySSLs {
  psAutomatic=0,
  psAlways=1,
  psNever=2,
  psTunnel=3
};

Default Value

psAutomatic

Remarks

When to use a Secure Sockets Layer (SSL) for the connection to the proxy. The applicable values are as follows:

Data Type

Integer

ProxyUser Property (GoogleKMS Component)

A username if authentication is to be used for the proxy.

Syntax

__property String ProxyUser = { read=FProxyUser, write=FSetProxyUser };

Default Value

""

Remarks

A username if authentication is to be used for the proxy.

If ProxyAuthScheme is set to Basic Authentication, the ProxyUser and ProxyPassword properties are Base64 encoded and the proxy authentication token will be generated in the form Basic [encoded-user-password].

If ProxyAuthScheme is set to Digest Authentication, the ProxyUser and ProxyPassword properties are used to respond to the Digest Authentication challenge from the server.

If ProxyAuthScheme is set to NTLM Authentication, the ProxyUser and ProxyPassword properties are used to authenticate through NTLM negotiation.

Data Type

String

PublicKey Property (GoogleKMS Component)

The public key of an asymmetric key pair.

Syntax

__property String PublicKey = { read=FPublicKey };

Default Value

""

Remarks

This property reflects the public key of an asymmetric key pair stored on the server, in PEM format; it is populated anytime the GetPublicKey method is called successfully.

This property is read-only and not available at design time.

Data Type

String

PublicKeyAlgorithm Property (GoogleKMS Component)

The algorithm of an asymmetric key pair.

Syntax

__property String PublicKeyAlgorithm = { read=FPublicKeyAlgorithm };

Default Value

""

Remarks

This property reflects the algorithm of an asymmetric key pair stored on the server; it is populated anytime the GetPublicKey method is called successfully. Possible values are:

• RSA_SIGN_PSS_2048_SHA256: RSASSA-PSS 2048 bit key with a SHA256 digest
• RSA_SIGN_PSS_3072_SHA256: RSASSA-PSS 3072 bit key with a SHA256 digest
• RSA_SIGN_PSS_4096_SHA256: RSASSA-PSS 4096 bit key with a SHA256 digest
• RSA_SIGN_PSS_4096_SHA512: RSASSA-PSS 4096 bit key with a SHA512 digest
• RSA_SIGN_PKCS1_2048_SHA256: RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_3072_SHA256: RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_4096_SHA256: RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_4096_SHA512: RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest
• RSA_DECRYPT_OAEP_2048_SHA256: RSAES-OAEP 2048 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_3072_SHA256: RSAES-OAEP 3072 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_4096_SHA256: RSAES-OAEP 4096 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_4096_SHA512: RSAES-OAEP 4096 bit key with a SHA512 digest
• EC_SIGN_P256_SHA256: ECDSA on the NIST P-256 curve with a SHA256 digest
• EC_SIGN_P384_SHA384: ECDSA on the NIST P-384 curve with a SHA384 digest

Refer to Google's CryptoKeyVersionAlgorithm documentation page for more information.

This property is read-only and not available at design time.

Data Type

String

QueryParamCount Property (GoogleKMS Component)

The number of records in the QueryParam arrays.

Syntax

__property int QueryParamCount = { read=FQueryParamCount, write=FSetQueryParamCount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• QueryParamName
• QueryParamValue

The array indices start at 0 and end at QueryParamCount - 1.

This property is not available at design time.

Data Type

Integer

QueryParamName Property (GoogleKMS Component)

The name of the query parameter.

Syntax

__property String QueryParamName[int QueryParamIndex] = { read=FQueryParamName, write=FSetQueryParamName };

Default Value

""

Remarks

The name of the query parameter.

This property specifies the name of the query parameter.

The QueryParamIndex parameter specifies the index of the item in the array. The size of the array is controlled by the QueryParamCount property.

This property is not available at design time.

Data Type

String

QueryParamValue Property (GoogleKMS Component)

The value of the query parameter.

Syntax

__property String QueryParamValue[int QueryParamIndex] = { read=FQueryParamValue, write=FSetQueryParamValue };

Default Value

""

Remarks

The value of the query parameter.

This property specifies the value of the query parameter. The component will automatically URL-encode this value when sending the request.

The QueryParamIndex parameter specifies the index of the item in the array. The size of the array is controlled by the QueryParamCount property.

This property is not available at design time.

Data Type

String

SSLAcceptServerCertEffectiveDate Property (GoogleKMS Component)

The date on which this certificate becomes valid.

Syntax

__property String SSLAcceptServerCertEffectiveDate = { read=FSSLAcceptServerCertEffectiveDate };

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExpirationDate Property (GoogleKMS Component)

The date on which the certificate expires.

Syntax

__property String SSLAcceptServerCertExpirationDate = { read=FSSLAcceptServerCertExpirationDate };

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExtendedKeyUsage Property (GoogleKMS Component)

A comma-delimited list of extended key usage identifiers.

Syntax

__property String SSLAcceptServerCertExtendedKeyUsage = { read=FSSLAcceptServerCertExtendedKeyUsage };

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprint Property (GoogleKMS Component)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

__property String SSLAcceptServerCertFingerprint = { read=FSSLAcceptServerCertFingerprint };

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA1 Property (GoogleKMS Component)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

__property String SSLAcceptServerCertFingerprintSHA1 = { read=FSSLAcceptServerCertFingerprintSHA1 };

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA256 Property (GoogleKMS Component)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

__property String SSLAcceptServerCertFingerprintSHA256 = { read=FSSLAcceptServerCertFingerprintSHA256 };

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLAcceptServerCertIssuer Property (GoogleKMS Component)

The issuer of the certificate.

Syntax

__property String SSLAcceptServerCertIssuer = { read=FSSLAcceptServerCertIssuer };

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKey Property (GoogleKMS Component)

The private key of the certificate (if available).

Syntax

__property String SSLAcceptServerCertPrivateKey = { read=FSSLAcceptServerCertPrivateKey };

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLAcceptServerCertPrivateKey may be available but not exportable. In this case, SSLAcceptServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKeyAvailable Property (GoogleKMS Component)

Whether a PrivateKey is available for the selected certificate.

Syntax

__property bool SSLAcceptServerCertPrivateKeyAvailable = { read=FSSLAcceptServerCertPrivateKeyAvailable };

Default Value

false

Remarks

Whether a SSLAcceptServerCertPrivateKey is available for the selected certificate. If SSLAcceptServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLAcceptServerCertPrivateKeyContainer Property (GoogleKMS Component)

The name of the PrivateKey container for the certificate (if available).

Syntax

__property String SSLAcceptServerCertPrivateKeyContainer = { read=FSSLAcceptServerCertPrivateKeyContainer };

Default Value

""

Remarks

The name of the SSLAcceptServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKey Property (GoogleKMS Component)

The public key of the certificate.

Syntax

__property String SSLAcceptServerCertPublicKey = { read=FSSLAcceptServerCertPublicKey };

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyAlgorithm Property (GoogleKMS Component)

The textual description of the certificate's public key algorithm.

Syntax

__property String SSLAcceptServerCertPublicKeyAlgorithm = { read=FSSLAcceptServerCertPublicKeyAlgorithm };

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyLength Property (GoogleKMS Component)

The length of the certificate's public key (in bits).

Syntax

__property int SSLAcceptServerCertPublicKeyLength = { read=FSSLAcceptServerCertPublicKeyLength };

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertSerialNumber Property (GoogleKMS Component)

The serial number of the certificate encoded as a string.

Syntax

__property String SSLAcceptServerCertSerialNumber = { read=FSSLAcceptServerCertSerialNumber };

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLAcceptServerCertSignatureAlgorithm Property (GoogleKMS Component)

The text description of the certificate's signature algorithm.

Syntax

__property String SSLAcceptServerCertSignatureAlgorithm = { read=FSSLAcceptServerCertSignatureAlgorithm };

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertStore Property (GoogleKMS Component)

The name of the certificate store for the client certificate.

Syntax

__property String SSLAcceptServerCertStore = { read=FSSLAcceptServerCertStore, write=FSetSSLAcceptServerCertStore };
__property DynamicArray<Byte> SSLAcceptServerCertStoreB = { read=FSSLAcceptServerCertStoreB, write=FSetSSLAcceptServerCertStoreB };

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The SSLAcceptServerCertStoreType property denotes the type of the certificate store specified by SSLAcceptServerCertStore. If the store is password-protected, specify the password in SSLAcceptServerCertStorePassword.

SSLAcceptServerCertStore is used in conjunction with the SSLAcceptServerCertSubject property to specify client certificates. If SSLAcceptServerCertStore has a value, and SSLAcceptServerCertSubject or SSLAcceptServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLAcceptServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

Data Type

Byte Array

SSLAcceptServerCertStorePassword Property (GoogleKMS Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

__property String SSLAcceptServerCertStorePassword = { read=FSSLAcceptServerCertStorePassword, write=FSetSSLAcceptServerCertStorePassword };

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLAcceptServerCertStoreType Property (GoogleKMS Component)

The type of certificate store for this certificate.

Syntax

__property TckGoogleKMSSSLAcceptServerCertStoreTypes SSLAcceptServerCertStoreType = { read=FSSLAcceptServerCertStoreType, write=FSetSSLAcceptServerCertStoreType };

enum TckGoogleKMSSSLAcceptServerCertStoreTypes {
  cstUser=0,
  cstMachine=1,
  cstPFXFile=2,
  cstPFXBlob=3,
  cstJKSFile=4,
  cstJKSBlob=5,
  cstPEMKeyFile=6,
  cstPEMKeyBlob=7,
  cstPublicKeyFile=8,
  cstPublicKeyBlob=9,
  cstSSHPublicKeyBlob=10,
  cstP7BFile=11,
  cstP7BBlob=12,
  cstSSHPublicKeyFile=13,
  cstPPKFile=14,
  cstPPKBlob=15,
  cstXMLFile=16,
  cstXMLBlob=17,
  cstJWKFile=18,
  cstJWKBlob=19,
  cstSecurityKey=20,
  cstBCFKSFile=21,
  cstBCFKSBlob=22,
  cstPKCS11=23,
  cstAuto=99
};

Default Value

cstUser

Remarks

The type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLAcceptServerCertSubjectAltNames Property (GoogleKMS Component)

Comma-separated lists of alternative subject names for the certificate.

Syntax

__property String SSLAcceptServerCertSubjectAltNames = { read=FSSLAcceptServerCertSubjectAltNames };

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintMD5 Property (GoogleKMS Component)

The MD5 hash of the certificate.

Syntax

__property String SSLAcceptServerCertThumbprintMD5 = { read=FSSLAcceptServerCertThumbprintMD5 };

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA1 Property (GoogleKMS Component)

The SHA-1 hash of the certificate.

Syntax

__property String SSLAcceptServerCertThumbprintSHA1 = { read=FSSLAcceptServerCertThumbprintSHA1 };

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA256 Property (GoogleKMS Component)

The SHA-256 hash of the certificate.

Syntax

__property String SSLAcceptServerCertThumbprintSHA256 = { read=FSSLAcceptServerCertThumbprintSHA256 };

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsage Property (GoogleKMS Component)

The text description of UsageFlags .

Syntax

__property String SSLAcceptServerCertUsage = { read=FSSLAcceptServerCertUsage };

Default Value

""

Remarks

The text description of SSLAcceptServerCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsageFlags Property (GoogleKMS Component)

The flags that show intended use for the certificate.

Syntax

__property int SSLAcceptServerCertUsageFlags = { read=FSSLAcceptServerCertUsageFlags };

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLAcceptServerCertUsageFlags is a combination of the following flags:

Please see the SSLAcceptServerCertUsage property for a text representation of SSLAcceptServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertVersion Property (GoogleKMS Component)

The certificate's version number.

Syntax

__property String SSLAcceptServerCertVersion = { read=FSSLAcceptServerCertVersion };

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLAcceptServerCertSubject Property (GoogleKMS Component)

The subject of the certificate used for client authentication.

Syntax

__property String SSLAcceptServerCertSubject = { read=FSSLAcceptServerCertSubject, write=FSetSSLAcceptServerCertSubject };

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLAcceptServerCertEncoded Property (GoogleKMS Component)

The certificate (PEM/Base64 encoded).

Syntax

__property String SSLAcceptServerCertEncoded = { read=FSSLAcceptServerCertEncoded, write=FSetSSLAcceptServerCertEncoded };
__property DynamicArray<Byte> SSLAcceptServerCertEncodedB = { read=FSSLAcceptServerCertEncodedB, write=FSetSSLAcceptServerCertEncodedB };

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLAcceptServerCertStore and SSLAcceptServerCertSubject properties also may be used to specify a certificate.

When SSLAcceptServerCertEncoded is set, a search is initiated in the current SSLAcceptServerCertStore for the private key of the certificate. If the key is found, SSLAcceptServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLAcceptServerCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Byte Array

SSLCertEffectiveDate Property (GoogleKMS Component)

The date on which this certificate becomes valid.

Syntax

__property String SSLCertEffectiveDate = { read=FSSLCertEffectiveDate };

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLCertExpirationDate Property (GoogleKMS Component)

The date on which the certificate expires.

Syntax

__property String SSLCertExpirationDate = { read=FSSLCertExpirationDate };

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLCertExtendedKeyUsage Property (GoogleKMS Component)

A comma-delimited list of extended key usage identifiers.

Syntax

__property String SSLCertExtendedKeyUsage = { read=FSSLCertExtendedKeyUsage };

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLCertFingerprint Property (GoogleKMS Component)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

__property String SSLCertFingerprint = { read=FSSLCertFingerprint };

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLCertFingerprintSHA1 Property (GoogleKMS Component)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

__property String SSLCertFingerprintSHA1 = { read=FSSLCertFingerprintSHA1 };

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLCertFingerprintSHA256 Property (GoogleKMS Component)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

__property String SSLCertFingerprintSHA256 = { read=FSSLCertFingerprintSHA256 };

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLCertIssuer Property (GoogleKMS Component)

The issuer of the certificate.

Syntax

__property String SSLCertIssuer = { read=FSSLCertIssuer };

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLCertPrivateKey Property (GoogleKMS Component)

The private key of the certificate (if available).

Syntax

__property String SSLCertPrivateKey = { read=FSSLCertPrivateKey };

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLCertPrivateKey may be available but not exportable. In this case, SSLCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLCertPrivateKeyAvailable Property (GoogleKMS Component)

Whether a PrivateKey is available for the selected certificate.

Syntax

__property bool SSLCertPrivateKeyAvailable = { read=FSSLCertPrivateKeyAvailable };

Default Value

false

Remarks

Whether a SSLCertPrivateKey is available for the selected certificate. If SSLCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLCertPrivateKeyContainer Property (GoogleKMS Component)

The name of the PrivateKey container for the certificate (if available).

Syntax

__property String SSLCertPrivateKeyContainer = { read=FSSLCertPrivateKeyContainer };

Default Value

""

Remarks

The name of the SSLCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLCertPublicKey Property (GoogleKMS Component)

The public key of the certificate.

Syntax

__property String SSLCertPublicKey = { read=FSSLCertPublicKey };

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLCertPublicKeyAlgorithm Property (GoogleKMS Component)

The textual description of the certificate's public key algorithm.

Syntax

__property String SSLCertPublicKeyAlgorithm = { read=FSSLCertPublicKeyAlgorithm };

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertPublicKeyLength Property (GoogleKMS Component)

The length of the certificate's public key (in bits).

Syntax

__property int SSLCertPublicKeyLength = { read=FSSLCertPublicKeyLength };

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLCertSerialNumber Property (GoogleKMS Component)

The serial number of the certificate encoded as a string.

Syntax

__property String SSLCertSerialNumber = { read=FSSLCertSerialNumber };

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLCertSignatureAlgorithm Property (GoogleKMS Component)

The text description of the certificate's signature algorithm.

Syntax

__property String SSLCertSignatureAlgorithm = { read=FSSLCertSignatureAlgorithm };

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertStore Property (GoogleKMS Component)

The name of the certificate store for the client certificate.

Syntax

__property String SSLCertStore = { read=FSSLCertStore, write=FSetSSLCertStore };
__property DynamicArray<Byte> SSLCertStoreB = { read=FSSLCertStoreB, write=FSetSSLCertStoreB };

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The SSLCertStoreType property denotes the type of the certificate store specified by SSLCertStore. If the store is password-protected, specify the password in SSLCertStorePassword.

SSLCertStore is used in conjunction with the SSLCertSubject property to specify client certificates. If SSLCertStore has a value, and SSLCertSubject or SSLCertEncoded is set, a search for a certificate is initiated. Please see the SSLCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

Data Type

Byte Array

SSLCertStorePassword Property (GoogleKMS Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

__property String SSLCertStorePassword = { read=FSSLCertStorePassword, write=FSetSSLCertStorePassword };

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLCertStoreType Property (GoogleKMS Component)

The type of certificate store for this certificate.

Syntax

__property TckGoogleKMSSSLCertStoreTypes SSLCertStoreType = { read=FSSLCertStoreType, write=FSetSSLCertStoreType };

enum TckGoogleKMSSSLCertStoreTypes {
  cstUser=0,
  cstMachine=1,
  cstPFXFile=2,
  cstPFXBlob=3,
  cstJKSFile=4,
  cstJKSBlob=5,
  cstPEMKeyFile=6,
  cstPEMKeyBlob=7,
  cstPublicKeyFile=8,
  cstPublicKeyBlob=9,
  cstSSHPublicKeyBlob=10,
  cstP7BFile=11,
  cstP7BBlob=12,
  cstSSHPublicKeyFile=13,
  cstPPKFile=14,
  cstPPKBlob=15,
  cstXMLFile=16,
  cstXMLBlob=17,
  cstJWKFile=18,
  cstJWKBlob=19,
  cstSecurityKey=20,
  cstBCFKSFile=21,
  cstBCFKSBlob=22,
  cstPKCS11=23,
  cstAuto=99
};

Default Value

cstUser

Remarks

The type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLCertSubjectAltNames Property (GoogleKMS Component)

Comma-separated lists of alternative subject names for the certificate.

Syntax

__property String SSLCertSubjectAltNames = { read=FSSLCertSubjectAltNames };

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLCertThumbprintMD5 Property (GoogleKMS Component)

The MD5 hash of the certificate.

Syntax

__property String SSLCertThumbprintMD5 = { read=FSSLCertThumbprintMD5 };

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA1 Property (GoogleKMS Component)

The SHA-1 hash of the certificate.

Syntax

__property String SSLCertThumbprintSHA1 = { read=FSSLCertThumbprintSHA1 };

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA256 Property (GoogleKMS Component)

The SHA-256 hash of the certificate.

Syntax

__property String SSLCertThumbprintSHA256 = { read=FSSLCertThumbprintSHA256 };

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertUsage Property (GoogleKMS Component)

The text description of UsageFlags .

Syntax

__property String SSLCertUsage = { read=FSSLCertUsage };

Default Value

""

Remarks

The text description of SSLCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLCertUsageFlags Property (GoogleKMS Component)

The flags that show intended use for the certificate.

Syntax

__property int SSLCertUsageFlags = { read=FSSLCertUsageFlags };

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLCertUsageFlags is a combination of the following flags:

Please see the SSLCertUsage property for a text representation of SSLCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLCertVersion Property (GoogleKMS Component)

The certificate's version number.

Syntax

__property String SSLCertVersion = { read=FSSLCertVersion };

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLCertSubject Property (GoogleKMS Component)

The subject of the certificate used for client authentication.

Syntax

__property String SSLCertSubject = { read=FSSLCertSubject, write=FSetSSLCertSubject };

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLCertEncoded Property (GoogleKMS Component)

The certificate (PEM/Base64 encoded).

Syntax

__property String SSLCertEncoded = { read=FSSLCertEncoded, write=FSetSSLCertEncoded };
__property DynamicArray<Byte> SSLCertEncodedB = { read=FSSLCertEncodedB, write=FSetSSLCertEncodedB };

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLCertStore and SSLCertSubject properties also may be used to specify a certificate.

When SSLCertEncoded is set, a search is initiated in the current SSLCertStore for the private key of the certificate. If the key is found, SSLCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Byte Array

SSLProvider Property (GoogleKMS Component)

The Secure Sockets Layer/Transport Layer Security (SSL/TLS) implementation to use.

Syntax

__property TckGoogleKMSSSLProviders SSLProvider = { read=FSSLProvider, write=FSetSSLProvider };

enum TckGoogleKMSSSLProviders {
  sslpAutomatic=0,
  sslpPlatform=1,
  sslpInternal=2
};

Default Value

sslpAutomatic

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic), the component will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are as follows:

In most cases using the default value (Automatic) is recommended. The component will select a provider depending on the current platform.

When Automatic is selected, the platform implementation is used by default. When TLS 1.3 is enabled via SSLEnabledProtocols, the internal implementation is used.

Data Type

Integer

SSLServerCertEffectiveDate Property (GoogleKMS Component)

The date on which this certificate becomes valid.

Syntax

__property String SSLServerCertEffectiveDate = { read=FSSLServerCertEffectiveDate };

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLServerCertExpirationDate Property (GoogleKMS Component)

The date on which the certificate expires.

Syntax

__property String SSLServerCertExpirationDate = { read=FSSLServerCertExpirationDate };

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLServerCertExtendedKeyUsage Property (GoogleKMS Component)

A comma-delimited list of extended key usage identifiers.

Syntax

__property String SSLServerCertExtendedKeyUsage = { read=FSSLServerCertExtendedKeyUsage };

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLServerCertFingerprint Property (GoogleKMS Component)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

__property String SSLServerCertFingerprint = { read=FSSLServerCertFingerprint };

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLServerCertFingerprintSHA1 Property (GoogleKMS Component)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

__property String SSLServerCertFingerprintSHA1 = { read=FSSLServerCertFingerprintSHA1 };

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLServerCertFingerprintSHA256 Property (GoogleKMS Component)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

__property String SSLServerCertFingerprintSHA256 = { read=FSSLServerCertFingerprintSHA256 };

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLServerCertIssuer Property (GoogleKMS Component)

The issuer of the certificate.

Syntax

__property String SSLServerCertIssuer = { read=FSSLServerCertIssuer };

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLServerCertPrivateKey Property (GoogleKMS Component)

The private key of the certificate (if available).

Syntax

__property String SSLServerCertPrivateKey = { read=FSSLServerCertPrivateKey };

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLServerCertPrivateKey may be available but not exportable. In this case, SSLServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLServerCertPrivateKeyAvailable Property (GoogleKMS Component)

Whether a PrivateKey is available for the selected certificate.

Syntax

__property bool SSLServerCertPrivateKeyAvailable = { read=FSSLServerCertPrivateKeyAvailable };

Default Value

false

Remarks

Whether a SSLServerCertPrivateKey is available for the selected certificate. If SSLServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLServerCertPrivateKeyContainer Property (GoogleKMS Component)

The name of the PrivateKey container for the certificate (if available).

Syntax

__property String SSLServerCertPrivateKeyContainer = { read=FSSLServerCertPrivateKeyContainer };

Default Value

""

Remarks

The name of the SSLServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLServerCertPublicKey Property (GoogleKMS Component)

The public key of the certificate.

Syntax

__property String SSLServerCertPublicKey = { read=FSSLServerCertPublicKey };

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLServerCertPublicKeyAlgorithm Property (GoogleKMS Component)

The textual description of the certificate's public key algorithm.

Syntax

__property String SSLServerCertPublicKeyAlgorithm = { read=FSSLServerCertPublicKeyAlgorithm };

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLServerCertPublicKeyLength Property (GoogleKMS Component)

The length of the certificate's public key (in bits).

Syntax

__property int SSLServerCertPublicKeyLength = { read=FSSLServerCertPublicKeyLength };

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLServerCertSerialNumber Property (GoogleKMS Component)

The serial number of the certificate encoded as a string.

Syntax

__property String SSLServerCertSerialNumber = { read=FSSLServerCertSerialNumber };

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLServerCertSignatureAlgorithm Property (GoogleKMS Component)

The text description of the certificate's signature algorithm.

Syntax

__property String SSLServerCertSignatureAlgorithm = { read=FSSLServerCertSignatureAlgorithm };

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLServerCertStore Property (GoogleKMS Component)

The name of the certificate store for the client certificate.

Syntax

__property String SSLServerCertStore = { read=FSSLServerCertStore };
__property DynamicArray<Byte> SSLServerCertStoreB = { read=FSSLServerCertStoreB };

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The SSLServerCertStoreType property denotes the type of the certificate store specified by SSLServerCertStore. If the store is password-protected, specify the password in SSLServerCertStorePassword.

SSLServerCertStore is used in conjunction with the SSLServerCertSubject property to specify client certificates. If SSLServerCertStore has a value, and SSLServerCertSubject or SSLServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

This property is read-only.

Data Type

Byte Array

SSLServerCertStorePassword Property (GoogleKMS Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

__property String SSLServerCertStorePassword = { read=FSSLServerCertStorePassword };

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is read-only.

Data Type

String

SSLServerCertStoreType Property (GoogleKMS Component)

The type of certificate store for this certificate.

Syntax

__property TckGoogleKMSSSLServerCertStoreTypes SSLServerCertStoreType = { read=FSSLServerCertStoreType };

enum TckGoogleKMSSSLServerCertStoreTypes {
  cstUser=0,
  cstMachine=1,
  cstPFXFile=2,
  cstPFXBlob=3,
  cstJKSFile=4,
  cstJKSBlob=5,
  cstPEMKeyFile=6,
  cstPEMKeyBlob=7,
  cstPublicKeyFile=8,
  cstPublicKeyBlob=9,
  cstSSHPublicKeyBlob=10,
  cstP7BFile=11,
  cstP7BBlob=12,
  cstSSHPublicKeyFile=13,
  cstPPKFile=14,
  cstPPKBlob=15,
  cstXMLFile=16,
  cstXMLBlob=17,
  cstJWKFile=18,
  cstJWKBlob=19,
  cstSecurityKey=20,
  cstBCFKSFile=21,
  cstBCFKSBlob=22,
  cstPKCS11=23,
  cstAuto=99
};

Default Value

cstUser

Remarks

The type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

This property is read-only.

Data Type

Integer

SSLServerCertSubjectAltNames Property (GoogleKMS Component)

Comma-separated lists of alternative subject names for the certificate.

Syntax

__property String SSLServerCertSubjectAltNames = { read=FSSLServerCertSubjectAltNames };

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLServerCertThumbprintMD5 Property (GoogleKMS Component)

The MD5 hash of the certificate.

Syntax

__property String SSLServerCertThumbprintMD5 = { read=FSSLServerCertThumbprintMD5 };

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertThumbprintSHA1 Property (GoogleKMS Component)

The SHA-1 hash of the certificate.

Syntax

__property String SSLServerCertThumbprintSHA1 = { read=FSSLServerCertThumbprintSHA1 };

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertThumbprintSHA256 Property (GoogleKMS Component)

The SHA-256 hash of the certificate.

Syntax

__property String SSLServerCertThumbprintSHA256 = { read=FSSLServerCertThumbprintSHA256 };

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertUsage Property (GoogleKMS Component)

The text description of UsageFlags .

Syntax

__property String SSLServerCertUsage = { read=FSSLServerCertUsage };

Default Value

""

Remarks

The text description of SSLServerCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLServerCertUsageFlags Property (GoogleKMS Component)

The flags that show intended use for the certificate.

Syntax

__property int SSLServerCertUsageFlags = { read=FSSLServerCertUsageFlags };

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLServerCertUsageFlags is a combination of the following flags:

Please see the SSLServerCertUsage property for a text representation of SSLServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLServerCertVersion Property (GoogleKMS Component)

The certificate's version number.

Syntax

__property String SSLServerCertVersion = { read=FSSLServerCertVersion };

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLServerCertSubject Property (GoogleKMS Component)

The subject of the certificate used for client authentication.

Syntax

__property String SSLServerCertSubject = { read=FSSLServerCertSubject };

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

This property is read-only.

Data Type

String

SSLServerCertEncoded Property (GoogleKMS Component)

The certificate (PEM/Base64 encoded).

Syntax

__property String SSLServerCertEncoded = { read=FSSLServerCertEncoded };
__property DynamicArray<Byte> SSLServerCertEncodedB = { read=FSSLServerCertEncodedB };

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLServerCertStore and SSLServerCertSubject properties also may be used to specify a certificate.

When SSLServerCertEncoded is set, a search is initiated in the current SSLServerCertStore for the private key of the certificate. If the key is found, SSLServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLServerCertSubject is set to an empty string.

This property is read-only and not available at design time.

Data Type

Byte Array

Timeout Property (GoogleKMS Component)

The timeout for the component.

Syntax

__property int Timeout = { read=FTimeout, write=FSetTimeout };

Default Value

60

Remarks

If the Timeout property is set to 0, all operations will run uninterrupted until successful completion or an error condition is encountered.

If Timeout is set to a positive value, the component will wait for the operation to complete before returning control.

The component will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not freeze and remains responsive.

If Timeout expires, and the operation is not yet complete, the component raises an exception.

Note: By default, all timeouts are inactivity timeouts, that is, the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

The default value for the Timeout property is 60 seconds.

Data Type

Integer

VersionMarker Property (GoogleKMS Component)

A marker indicating what page of key versions to return next.

Syntax

__property String VersionMarker = { read=FVersionMarker, write=FSetVersionMarker };

Default Value

""

Remarks

This property will be populated when ListVersions is called if the results are paged and there are more pages. To list all key versions, continue to call ListVersions until this property returns empty string.

Refer to ListVersions for more information.

This property is not available at design time.

Data Type

String

VersionCount Property (GoogleKMS Component)

The number of records in the Version arrays.

Syntax

__property int VersionCount = { read=FVersionCount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• VersionAlgorithm
• VersionCreationDate
• VersionDestructionDate
• VersionGenerationDate
• VersionName
• VersionProtectionLevel
• VersionState
• VersionVersionId

The array indices start at 0 and end at VersionCount - 1.

This property is read-only and not available at design time.

Data Type

Integer

VersionAlgorithm Property (GoogleKMS Component)

The key version's algorithm.

Syntax

__property String VersionAlgorithm[int VersionIndex] = { read=FVersionAlgorithm };

Default Value

""

Remarks

The key version's algorithm.

This property reflects the key version's algorithm. For symmetric keys, this property will always be GOOGLE_SYMMETRIC_ENCRYPTION. For asymmetric keys, this value describes both the key type and the algorithm that must be used during cryptographic operations, and possible values are:

• RSA_SIGN_PSS_2048_SHA256: RSASSA-PSS 2048 bit key with a SHA256 digest
• RSA_SIGN_PSS_3072_SHA256: RSASSA-PSS 3072 bit key with a SHA256 digest
• RSA_SIGN_PSS_4096_SHA256: RSASSA-PSS 4096 bit key with a SHA256 digest
• RSA_SIGN_PSS_4096_SHA512: RSASSA-PSS 4096 bit key with a SHA512 digest
• RSA_SIGN_PKCS1_2048_SHA256: RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_3072_SHA256: RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_4096_SHA256: RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_4096_SHA512: RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest
• RSA_DECRYPT_OAEP_2048_SHA256: RSAES-OAEP 2048 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_3072_SHA256: RSAES-OAEP 3072 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_4096_SHA256: RSAES-OAEP 4096 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_4096_SHA512: RSAES-OAEP 4096 bit key with a SHA512 digest
• EC_SIGN_P256_SHA256: ECDSA on the NIST P-256 curve with a SHA256 digest
• EC_SIGN_P384_SHA384: ECDSA on the NIST P-384 curve with a SHA384 digest

Refer to Google's CryptoKeyVersionAlgorithm documentation page for more information.

The VersionIndex parameter specifies the index of the item in the array. The size of the array is controlled by the VersionCount property.

This property is read-only and not available at design time.

Data Type

String

VersionCreationDate Property (GoogleKMS Component)

The key version's creation date.

Syntax

__property String VersionCreationDate[int VersionIndex] = { read=FVersionCreationDate };

Default Value

""

Remarks

The key version's creation date.

This property reflects the key version's creation date, formatted as an RFC 3339 UTC timestamp.

The VersionIndex parameter specifies the index of the item in the array. The size of the array is controlled by the VersionCount property.

This property is read-only and not available at design time.

Data Type

String

VersionDestructionDate Property (GoogleKMS Component)

The key version's destruction date.

Syntax

__property String VersionDestructionDate[int VersionIndex] = { read=FVersionDestructionDate };

Default Value

""

Remarks

The key version's destruction date.

This property reflects the date at which the key version's cryptographic material was (or will be) destroyed, formatted as an RFC 3339 UTC timestamp; or empty string if the key version's cryptographic material has not been, and is not scheduled to be, destroyed.

The VersionIndex parameter specifies the index of the item in the array. The size of the array is controlled by the VersionCount property.

This property is read-only and not available at design time.

Data Type

String

VersionGenerationDate Property (GoogleKMS Component)

The generation date of the key version's cryptographic material.

Syntax

__property String VersionGenerationDate[int VersionIndex] = { read=FVersionGenerationDate };

Default Value

""

Remarks

The generation date of the key version's cryptographic material.

This property reflects the generation date of the key version's cryptographic material, formatted as an RFC 3339 UTC timestamp.

The VersionIndex parameter specifies the index of the item in the array. The size of the array is controlled by the VersionCount property.

This property is read-only and not available at design time.

Data Type

String

VersionName Property (GoogleKMS Component)

The name of the key.

Syntax

__property String VersionName[int VersionIndex] = { read=FVersionName };

Default Value

""

Remarks

The name of the key.

This property reflects the name of the key that the key version is associated with.

The VersionIndex parameter specifies the index of the item in the array. The size of the array is controlled by the VersionCount property.

This property is read-only and not available at design time.

Data Type

String

VersionProtectionLevel Property (GoogleKMS Component)

The key version's protection level.

Syntax

__property String VersionProtectionLevel[int VersionIndex] = { read=FVersionProtectionLevel };

Default Value

""

Remarks

The key version's protection level.

This property reflects the key version's protection level. Possible values are:

• SOFTWARE
• HSM
• EXTERNAL

The VersionIndex parameter specifies the index of the item in the array. The size of the array is controlled by the VersionCount property.

This property is read-only and not available at design time.

Data Type

String

VersionState Property (GoogleKMS Component)

The key version's state.

Syntax

__property String VersionState[int VersionIndex] = { read=FVersionState };

Default Value

""

Remarks

The key version's state.

This property reflects the key version's state. Possible values are:

• PENDING_GENERATION: The version is still being generated, and cannot be used yet. Once generation has finished, it will become ENABLED.
• ENABLED: The version is enabled and available for use.
• DISABLED: The version is disabled; it cannot be used unless it is enabled again. It may be destroyed.
• DESTROY_SCHEDULED: The version's cryptographic material is scheduled for destruction, and will be destroyed at the time reflected by VersionDestructionDate unless CancelDestruction before then.
• DESTROYED: The version's cryptographic material has been destroyed, and the version is no longer usable. This state is permanent once entered.
• PENDING_IMPORT*: Cryptographic material has not finished importing, and the version cannot be used yet. Once the import has finished, it will become ENABLED.
• IMPORT_FAILED*: The version was not imported successfully; it cannot be used, and any imported cryptographic material has been discarded.

The VersionIndex parameter specifies the index of the item in the array. The size of the array is controlled by the VersionCount property.

This property is read-only and not available at design time.

Data Type

String

VersionVersionId Property (GoogleKMS Component)

The Id of the key version.

Syntax

__property String VersionVersionId[int VersionIndex] = { read=FVersionVersionId };

Default Value

""

Remarks

The Id of the key version.

This property reflects the Id of the key version.

The VersionIndex parameter specifies the index of the item in the array. The size of the array is controlled by the VersionCount property.

This property is read-only and not available at design time.

Data Type

String

AddLabel Method (GoogleKMS Component)

Adds an item to the Labels properties.

Syntax

void __fastcall AddLabel(String Name, String Value);

Remarks

This method adds an item to the Labels properties. Name specifies the name of the item, and Value specifies the value of the item.

A resource may have up to 64 labels. Label names and values must consist solely of lowercase letters, numbers, underscores, and hyphens; and may be up to 63 characters in length. Label names must also be unique and begin with a lowercase letter.

AddQueryParam Method (GoogleKMS Component)

Adds a query parameter to the QueryParams properties.

Syntax

void __fastcall AddQueryParam(String Name, String Value);

Remarks

This method is used to add a query parameter to the QueryParams properties. Name specifies the name of the parameter, and Value specifies the value of the parameter.

All specified Values will be URL encoded by the component automatically. Consult the service documentation for details on the available parameters.

Authorize Method (GoogleKMS Component)

Get the authorization string required to access the protected resource.

Syntax

void __fastcall Authorize();

Remarks

This method is used to get an access token that is required to access the protected resource. The method will act differently based on what is set in the OAuthClientProfile property and the OAuthGrantType property. This method is not to be used in conjunction with the Authorization property. It should instead be used when setting the OAuth property.

For more information, see the introduction section.

CancelDestruction Method (GoogleKMS Component)

Cancels the destruction of a key version's cryptographic material.

Syntax

void __fastcall CancelDestruction(String KeyName, String VersionId);

Remarks

This method cancels the destruction of the cryptographic material for the key version specified by KeyName and VersionId. If successful, the key version's VersionState changes to DISABLED.

Config Method (GoogleKMS Component)

Sets or retrieves a configuration setting.

Syntax

String __fastcall Config(String ConfigurationString);

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreateKey Method (GoogleKMS Component)

Creates a new key.

Syntax

void __fastcall CreateKey(String KeyName, int Purpose, String Algorithm, bool UseHSM);

Remarks

This method creates a new key with the specified KeyName in the currently-selected KeyRing. A key version is automatically created when this occurs (and for symmetric keys, it automatically becomes the primary version).

The value passed for KeyName must consist solely of alphanumeric characters, underscores, and hyphens; and may be up to 63 characters in length.

The Purpose parameter specifies what the key's purpose should be. Possible values are:

• 1: A symmetric key used for encryption and decryption.
• 2: An asymmetric key used for signing and verification.
• 3: An asymmetric key used for encryption and decryption.

For symmetric keys, the only valid value for Algorithm is GOOGLE_SYMMETRIC_ENCRYPTION (which is assumed if empty string is passed). For asymmetric keys, the algorithm specifies the key type, repeats the purpose (either SIGN or DECRYPT), and dictates the algorithm that will be used for the relevant cryptographic operations; and valid values are:

• RSA_SIGN_PSS_2048_SHA256: RSASSA-PSS 2048 bit key with a SHA256 digest
• RSA_SIGN_PSS_3072_SHA256: RSASSA-PSS 3072 bit key with a SHA256 digest
• RSA_SIGN_PSS_4096_SHA256: RSASSA-PSS 4096 bit key with a SHA256 digest
• RSA_SIGN_PSS_4096_SHA512: RSASSA-PSS 4096 bit key with a SHA512 digest
• RSA_SIGN_PKCS1_2048_SHA256: RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_3072_SHA256: RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_4096_SHA256: RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_4096_SHA512: RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest
• RSA_DECRYPT_OAEP_2048_SHA256: RSAES-OAEP 2048 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_3072_SHA256: RSAES-OAEP 3072 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_4096_SHA256: RSAES-OAEP 4096 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_4096_SHA512: RSAES-OAEP 4096 bit key with a SHA512 digest
• EC_SIGN_P256_SHA256: ECDSA on the NIST P-256 curve with a SHA256 digest
• EC_SIGN_P384_SHA384: ECDSA on the NIST P-384 curve with a SHA384 digest

Refer to Google's CryptoKeyVersionAlgorithm documentation page for more information.

The UseHSM parameter specifies whether the key's protection level should be SOFTWARE (false) or HSM (true).

Note that the values passed for Algorithm and UseHSM will be stored on the server as template values, and used again anytime a new key version is created with CreateVersion. The template algorithm can be changed at any time using UpdateKey; the template protection level cannot be changed.

If there are any items in the Labels properties, they will be applied to the newly-created key. Keys may have up to 64 labels.

For symmetric keys, the RotationPeriod and NextRotateDate configuration settings can also be used to enable automatic rotation, refer to their documentation for more information.

CreateKeyRing Method (GoogleKMS Component)

Creates a new key ring.

Syntax

void __fastcall CreateKeyRing();

Remarks

This method creates a new key ring using the name specified by the KeyRing property.

CreateVersion Method (GoogleKMS Component)

Creates a new key version.

Syntax

String __fastcall CreateVersion(String KeyName);

Remarks

This method creates a new version of the key specified by KeyName and returns the Id of the version. Note that, for symmetric keys, the new version will not become the primary version; SetPrimaryVersion can be used to update the primary version if desired.

The key's current KeyTemplateAlgorithm and KeyTemplateProtectionLevel are used to create the key version. To change the key's template algorithm prior to creating a new version, use the UpdateKey method.

Decrypt Method (GoogleKMS Component)

Decrypts data using a key.

Syntax

void __fastcall Decrypt(String KeyName, String VersionId);

Remarks

This method decrypts data using the key specified by KeyName and (for asymmetric keys) VersionId.

The data to decrypt is taken from the the specified InputFile or the InputData property. The decrypted data is output to the the specified OutputFile or the OutputData property.

For symmetric keys, VersionId must be empty; the server automatically detects which version of the symmetric key to use for decryption.

For asymmetric keys, VersionId must be specified.

DestroyVersion Method (GoogleKMS Component)

Schedules the specified key version's cryptographic material for destruction.

Syntax

void __fastcall DestroyVersion(String KeyName, String VersionId);

Remarks

This method schedules the destruction of the cryptographic material for the key version specified by KeyName and VersionId. The key version itself is not deleted, just its cryptographic material.

If this method is successful, the key version's VersionState changes to DESTROY_SCHEDULED, and the its cryptographic material will be destroyed after 24 hours. During this waiting period, the destruction can be canceled using the CancelDestruction method.

Important: Destroying a key version's cryptographic material makes the key version permanently unusable. If a key version must not be used by may be needed again in the future, disable using SetVersionEnabled instead.

DoEvents Method (GoogleKMS Component)

This method processes events from the internal message queue.

Syntax

void __fastcall DoEvents();

Remarks

When DoEvents is called, the component processes any available events. If no events are available, it waits for a preset period of time, and then returns.

Encrypt Method (GoogleKMS Component)

Encrypts data using a key.

Syntax

void __fastcall Encrypt(String KeyName, String VersionId);

Remarks

This method encrypts data using the key specified by KeyName and (for asymmetric keys) VersionId.

The data to encrypt is taken from the the specified InputFile or the InputData property. The encrypted data is output to the the specified OutputFile or the OutputData property.

For symmetric keys, VersionId must be empty; the server always uses the primary version of the symmetric key. (Unless the ForceSymmetricEncryption configuration setting is enabled, in which case VersionId can be used to specify a non-primary version.)

For asymmetric keys, VersionId must be specified. Note, however, that Google does not support server-side asymmetric encryption (only decryption), so this method will instead call GetPublicKey internally and then use the public key to encrypt the input data locally. This functionality is offered as a convenience.

GetKeyInfo Method (GoogleKMS Component)

Gets information about a key.

Syntax

void __fastcall GetKeyInfo(String KeyName);

Remarks

This method gets information about the key specified by KeyName.

When the information is returned, the component clears the Keys properties and repopulates it properties. The KeyList and LabelList events are also fired.

GetKeyRingInfo Method (GoogleKMS Component)

Gets information about a key ring.

Syntax

void __fastcall GetKeyRingInfo();

Remarks

This method gets information about the currently-selected KeyRing.

When the information is returned, the component clears the KeyRings properties and repopulates them with a single item that contains the key ring's information. The KeyRingList event is also fired.

GetPublicKey Method (GoogleKMS Component)

Retrieves the public key of an asymmetric key pair.

Syntax

void __fastcall GetPublicKey(String KeyName, String VersionId);

Remarks

This method retrieves the public key of the asymmetric key pair version specified by KeyName and VersionId. The algorithm of the key pair version is also retrieved. If successful, this method populates the PublicKey and PublicKeyAlgorithm properties.

GetVersionInfo Method (GoogleKMS Component)

Gets information about a key version.

Syntax

void __fastcall GetVersionInfo(String KeyName, String VersionId);

Remarks

This method gets information about the key version specified by KeyName and VersionId.

When the information is returned, the component clears the Versions properties and repopulates them with a single item that contains the key version's information. The VersionList event is also fired.

ListKeyRings Method (GoogleKMS Component)

Lists the key rings in the currently-selected location.

Syntax

void __fastcall ListKeyRings();

Remarks

This method lists the key rings in the currently-selected Location.

Calling this method will fire the KeyRingList event once for each key ring, and will also populate the KeyRings properties.

If there are still more key rings available to list when this method returns, the KeyRingMarker property will be populated. Continue to call this method until KeyRingMarker is empty to accumulate all pages of results in the KeyRings properties.

The MaxKeyRings configuration setting can be used to control the maximum number of results to return at once.

ListKeys Method (GoogleKMS Component)

Lists the keys in the currently-selected key ring.

Syntax

void __fastcall ListKeys();

Remarks

This method lists the keys in the currently-selected KeyRing.

Calling this method will fire the KeyList event once for each key, and will also populate the Keys properties.

If there are still more keys available to list when this method returns, the KeyMarker property will be populated. Continue to call this method until KeyMarker is empty to accumulate all pages of results in the Keys properties.

The MaxKeys configuration setting can be used to control the maximum number of results to return at once.

ListVersions Method (GoogleKMS Component)

Lists the key versions for the specified key.

Syntax

void __fastcall ListVersions(String KeyName);

Remarks

This method lists the key versions for the key specified by KeyName.

Calling this method will fire the VersionList event once for each key version, and will also populate the Versions properties.

If there are still more key versions available to list when this method returns, the VersionMarker property will be populated. Continue to call this method until VersionMarker is empty to accumulate all pages of results in the Versions properties.

The MaxVersions configuration setting can be used to control the maximum number of results to return at once.

Reset Method (GoogleKMS Component)

Resets the component to its initial state.

Syntax

void __fastcall Reset();

Remarks

This method resets the component to its initial state.

SendCustomRequest Method (GoogleKMS Component)

Sends a custom request to the server.

Syntax

void __fastcall SendCustomRequest(String HttpMethod, String KeyName, String VersionId, String Action);

Remarks

This method can be used to send arbitrary requests to the server.

Valid values for HttpMethod are:

• GET (default if empty)
• HEAD
• POST
• PUT
• PATCH
• DELETE

KeyName and VersionId are optional. The former must be specified if the latter is specified; both are ignored if KeyRing is empty. Action is also optional.

When this method is called, the component does the following:

1. Builds a request URL, including query parameters, like https://cloudkms.googleapis.com/v1/projects/{GoogleProjectId}/locations/{Location}[/keyRings/{KeyRing}[/cryptoKeys/{KeyName}[/cryptoKeyVersions/{VersionId}]]][{Action}] using:
   • The GoogleProjectId, Location, and (if non-empty) KeyRing properties.
   • The KeyName, VersionId, and Action parameters.
   • All query parameters from QueryParams.
2. Adds an Authorization header with the value specified by Authorization.
3. Adds any request headers from OtherHeaders.
4. Adds any request body supplied via the specified InputFile or InputData.
5. Sends the request to the server.
6. Stores the response headers in the ParsedHeaders properties; and the response body in the specified OutputFile or OutputData.

If the response body is JSON data, the XPath, XText, and other X* configuration settings can then be used to navigate and extract information from it.

SetPrimaryVersion Method (GoogleKMS Component)

Sets the primary version of a symmetric key.

Syntax

void __fastcall SetPrimaryVersion(String KeyName, String VersionId);

Remarks

This method sets the primary version of the symmetric key specified by KeyName to the version identified by VersionId.

A symmetric key's primary version is the one used by the server when Encrypt is called. It can be changed at any time. Asymmetric keys cannot have primary versions.

SetVersionEnabled Method (GoogleKMS Component)

Enables or disables a key version.

Syntax

void __fastcall SetVersionEnabled(String KeyName, String VersionId, bool Enabled);

Remarks

This method enables or disables the key version specified by KeyName and VersionId.

Sign Method (GoogleKMS Component)

Signs a message using a key.

Syntax

void __fastcall Sign(String KeyName, String VersionId, String Algorithm, bool IsDigest);

Remarks

This method signs a message using the asymmetric key version specified by KeyName and VersionId.

The message data to sign is taken from the the specified InputFile or the InputData property. The signature data is output to the the specified OutputFile or the OutputData property.

The Algorithm parameter specifies the hash algorithm used to generate a message digest; this must be the same algorithm that appears in the key version's VersionAlgorithm string. The value passed must contain one of the following strings (passing the key version's complete algorithm string is acceptable):

• SHA256
• SHA384
• SHA512

The IsDigest parameter specifies whether the message data is the original message (false) or a message digest (true). When supplying a message digest, keep in mind that the same digest will need to be provided in order to Verify the signature later.

If IsDigest is false, the component will automatically compute an appropriate message digest before the request is made. In such cases, the computed digest is made available via the MessageDigest configuration setting.

UpdateKey Method (GoogleKMS Component)

Updates a key.

Syntax

void __fastcall UpdateKey(String KeyName, String TemplateAlgorithm, bool UpdateLabels);

Remarks

This method updates the key specified by KeyName.

The TemplateAlgorithm parameter specifies the algorithm value that the server should use when creating new versions of the key (i.e., when CreateVersion is called). If TemplateAlgorithm is empty, the existing template value remains unchanged; otherwise, TemplateAlgorithm must be one of the following:

• RSA_SIGN_PSS_2048_SHA256: RSASSA-PSS 2048 bit key with a SHA256 digest
• RSA_SIGN_PSS_3072_SHA256: RSASSA-PSS 3072 bit key with a SHA256 digest
• RSA_SIGN_PSS_4096_SHA256: RSASSA-PSS 4096 bit key with a SHA256 digest
• RSA_SIGN_PSS_4096_SHA512: RSASSA-PSS 4096 bit key with a SHA512 digest
• RSA_SIGN_PKCS1_2048_SHA256: RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_3072_SHA256: RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_4096_SHA256: RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_4096_SHA512: RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest
• RSA_DECRYPT_OAEP_2048_SHA256: RSAES-OAEP 2048 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_3072_SHA256: RSAES-OAEP 3072 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_4096_SHA256: RSAES-OAEP 4096 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_4096_SHA512: RSAES-OAEP 4096 bit key with a SHA512 digest
• EC_SIGN_P256_SHA256: ECDSA on the NIST P-256 curve with a SHA256 digest
• EC_SIGN_P384_SHA384: ECDSA on the NIST P-384 curve with a SHA384 digest

Refer to Google's CryptoKeyVersionAlgorithm documentation page for more information.

The UpdateLabels parameter determines whether the component replaces the key's current labels with the items in the Labels properties (which may be empty). Keys may have up to 64 labels.

The RotationPeriod and NextRotateDate configuration settings may also be used to send additional values, refer to their documentation for more information.

Verify Method (GoogleKMS Component)

Verifies a digital signature using a key.

Syntax

bool __fastcall Verify(String KeyName, String VersionId, bool IsDigest);

Remarks

This method verifies a digital signature using the asymmetric key version specified by KeyName and VersionId. If the signature is successfully verified, this method return true, otherwise it returns false.

The message data is taken from the the specified InputFile or the InputData property. The digital signature data is taken from the specified OutputFile or the OutputData property.

The IsDigest parameter specifies whether the message data is the original message (false) or a message digest (true). When a message digest is supplied, keep in mind that it must be the exact same digest that was used at signing time, regardless of whether it has been recomputed.

Google does not support server-side signature verification, so this method will call GetPublicKey internally and then use the public key to verify the digital signature locally. This functionality is offered as a convenience.

EndTransfer Event (GoogleKMS Component)

This event fires when a document finishes transferring.

Syntax

typedef struct {
  int Direction;
} TckGoogleKMSEndTransferEventParams;
typedef void __fastcall (__closure *TckGoogleKMSEndTransferEvent)(System::TObject* Sender, TckGoogleKMSEndTransferEventParams *e);
__property TckGoogleKMSEndTransferEvent OnEndTransfer = { read=FOnEndTransfer, write=FOnEndTransfer };

Remarks

The EndTransfer event is fired when the document text finishes transferring from the server to the local host.

The Direction parameter shows whether the client (0) or the server (1) is sending the data.

Error Event (GoogleKMS Component)

Fired when information is available about errors during data delivery.

Syntax

typedef struct {
  int ErrorCode;
  String Description;
} TckGoogleKMSErrorEventParams;
typedef void __fastcall (__closure *TckGoogleKMSErrorEvent)(System::TObject* Sender, TckGoogleKMSErrorEventParams *e);
__property TckGoogleKMSErrorEvent OnError = { read=FOnError, write=FOnError };

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component raises an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Header Event (GoogleKMS Component)

Fired every time a header line comes in.

Syntax

typedef struct {
  String Field;
  String Value;
} TckGoogleKMSHeaderEventParams;
typedef void __fastcall (__closure *TckGoogleKMSHeaderEvent)(System::TObject* Sender, TckGoogleKMSHeaderEventParams *e);
__property TckGoogleKMSHeaderEvent OnHeader = { read=FOnHeader, write=FOnHeader };

Remarks

The Field parameter contains the name of the HTTP header (which is the same as it is delivered). The Value parameter contains the header contents.

If the header line being retrieved is a continuation header line, then the Field parameter contains "" (empty string).

KeyList Event (GoogleKMS Component)

Fires once for each key when listing keys.

Syntax

typedef struct {
  String Name;
  int Purpose;
  String CreationDate;
  String PrimaryVersion;
} TckGoogleKMSKeyListEventParams;
typedef void __fastcall (__closure *TckGoogleKMSKeyListEvent)(System::TObject* Sender, TckGoogleKMSKeyListEventParams *e);
__property TckGoogleKMSKeyListEvent OnKeyList = { read=FOnKeyList, write=FOnKeyList };

Remarks

This event fires once for each key returned when ListKeys or GetKeyInfo is called.

Name reflects the name of the key.

Purpose reflects the key's purpose. Possible values are:

• 0: Unspecified.
• 1: A symmetric key used for encryption and decryption.
• 2: An asymmetric key used for signing and verification.
• 3: An asymmetric key used for encryption and decryption.

CreationDate reflects the key's creation date, formatted as an RFC 3339 UTC timestamp.

PrimaryVersion reflects the Id of the key's primary version if it is symmetric. For asymmetric keys, it is always empty, since asymmetric keys cannot have a primary version.

KeyRingList Event (GoogleKMS Component)

Fires once for each key ring when listing key rings.

Syntax

typedef struct {
  String Name;
  String CreationDate;
} TckGoogleKMSKeyRingListEventParams;
typedef void __fastcall (__closure *TckGoogleKMSKeyRingListEvent)(System::TObject* Sender, TckGoogleKMSKeyRingListEventParams *e);
__property TckGoogleKMSKeyRingListEvent OnKeyRingList = { read=FOnKeyRingList, write=FOnKeyRingList };

Remarks

This event fires once for each key ring returned when ListKeyRings or GetKeyRingInfo is called.

Name reflects the name of the key ring.

CreationDate reflects the key ring's creation date, formatted as an RFC 3339 UTC timestamp.

LabelList Event (GoogleKMS Component)

Fires once for each label returned when a key's information is retrieved.

Syntax

typedef struct {
  String KeyName;
  String Name;
  String Value;
} TckGoogleKMSLabelListEventParams;
typedef void __fastcall (__closure *TckGoogleKMSLabelListEvent)(System::TObject* Sender, TckGoogleKMSLabelListEventParams *e);
__property TckGoogleKMSLabelListEvent OnLabelList = { read=FOnLabelList, write=FOnLabelList };

Remarks

This event fires once for each label returned when GetKeyInfo is called.

KeyName reflects the name of the key.

Name reflects the name of the label.

Value reflects the value of the label.

Log Event (GoogleKMS Component)

Fired once for each log message.

Syntax

typedef struct {
  int LogLevel;
  String Message;
  String LogType;
} TckGoogleKMSLogEventParams;
typedef void __fastcall (__closure *TckGoogleKMSLogEvent)(System::TObject* Sender, TckGoogleKMSLogEventParams *e);
__property TckGoogleKMSLogEvent OnLog = { read=FOnLog, write=FOnLog };

Remarks

This event is fired once for each log message generated by the component. The verbosity is controlled by the LogLevel setting.

LogLevel indicates the level of message. Possible values are as follows:

The value 1 (Info) logs basic information, including the URL, HTTP version, and status details.

The value 2 (Verbose) logs additional information about the request and response.

The value 3 (Debug) logs the headers and body for both the request and response, as well as additional debug information (if any).

Message is the log entry.

LogType identifies the type of log entry. Possible values are as follows:

• "Info"
• "RequestHeaders"
• "ResponseHeaders"
• "RequestBody"
• "ResponseBody"
• "ProxyRequest"
• "ProxyResponse"
• "FirewallRequest"
• "FirewallResponse"

SSLServerAuthentication Event (GoogleKMS Component)

Fired after the server presents its certificate to the client.

Syntax

typedef struct {
  String CertEncoded;
  DynamicArray<Byte> CertEncodedB;
  String CertSubject;
  String CertIssuer;
  String Status;
  bool Accept;
} TckGoogleKMSSSLServerAuthenticationEventParams;
typedef void __fastcall (__closure *TckGoogleKMSSSLServerAuthenticationEvent)(System::TObject* Sender, TckGoogleKMSSSLServerAuthenticationEventParams *e);
__property TckGoogleKMSSSLServerAuthenticationEvent OnSSLServerAuthentication = { read=FOnSSLServerAuthentication, write=FOnSSLServerAuthentication };

Remarks

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (GoogleKMS Component)

Fired when secure connection progress messages are available.

Syntax

typedef struct {
  String Message;
} TckGoogleKMSSSLStatusEventParams;
typedef void __fastcall (__closure *TckGoogleKMSSSLStatusEvent)(System::TObject* Sender, TckGoogleKMSSSLStatusEventParams *e);
__property TckGoogleKMSSSLStatusEvent OnSSLStatus = { read=FOnSSLStatus, write=FOnSSLStatus };

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

StartTransfer Event (GoogleKMS Component)

This event fires when a document starts transferring (after the headers).

Syntax

typedef struct {
  int Direction;
} TckGoogleKMSStartTransferEventParams;
typedef void __fastcall (__closure *TckGoogleKMSStartTransferEvent)(System::TObject* Sender, TckGoogleKMSStartTransferEventParams *e);
__property TckGoogleKMSStartTransferEvent OnStartTransfer = { read=FOnStartTransfer, write=FOnStartTransfer };

Remarks

The StartTransfer event is fired when the document text starts transferring from the server to the local host.

The Direction parameter shows whether the client (0) or the server (1) is sending the data.

Transfer Event (GoogleKMS Component)

Fired while a document transfers (delivers document).

Syntax

typedef struct {
  int Direction;
  __int64 BytesTransferred;
  int PercentDone;
  String Text;
  DynamicArray<Byte> TextB;
} TckGoogleKMSTransferEventParams;
typedef void __fastcall (__closure *TckGoogleKMSTransferEvent)(System::TObject* Sender, TckGoogleKMSTransferEventParams *e);
__property TckGoogleKMSTransferEvent OnTransfer = { read=FOnTransfer, write=FOnTransfer };

Remarks

The Text parameter contains the portion of the document text being received. It is empty if data are being posted to the server.

The BytesTransferred parameter contains the number of bytes transferred in this Direction since the beginning of the document text (excluding HTTP response headers).

The Direction parameter shows whether the client (0) or the server (1) is sending the data.

The PercentDone parameter shows the progress of the transfer in the corresponding direction. If PercentDone can not be calculated the value will be -1.

Note: Events are not re-entrant. Performing time-consuming operations within this event will prevent it from firing again in a timely manner and may affect overall performance.

VersionList Event (GoogleKMS Component)

Fires once for each key version when listing key versions.

Syntax

typedef struct {
  String Name;
  String VersionId;
  String State;
  String Algorithm;
  String ProtectionLevel;
  String CreationDate;
  String DestructionDate;
} TckGoogleKMSVersionListEventParams;
typedef void __fastcall (__closure *TckGoogleKMSVersionListEvent)(System::TObject* Sender, TckGoogleKMSVersionListEventParams *e);
__property TckGoogleKMSVersionListEvent OnVersionList = { read=FOnVersionList, write=FOnVersionList };

Remarks

This event fires once for each key version returned when ListVersions or GetVersionInfo is called.

Name reflects the name of the key.

VersionId reflects the Id of the key version.

State reflects the state of the key version. Possible values are:

• PENDING_GENERATION: The version is still being generated, and cannot be used yet. Once generation has finished, it will become ENABLED.
• ENABLED: The version is enabled and available for use.
• DISABLED: The version is disabled; it cannot be used unless it is enabled again. It may be destroyed.
• DESTROY_SCHEDULED: The version's cryptographic material is scheduled for destruction, and will be destroyed at the time reflected by unless CancelDestruction before then.
• DESTROYED: The version's cryptographic material has been destroyed, and the version is no longer usable. This state is permanent once entered.
• PENDING_IMPORT*: Cryptographic material has not finished importing, and the version cannot be used yet. Once the import has finished, it will become ENABLED.
• IMPORT_FAILED*: The version was not imported successfully; it cannot be used, and any imported cryptographic material has been discarded.

Algorithm reflects the key version's algorithm. For symmetric keys, this will always be GOOGLE_SYMMETRIC_ENCRYPTION. For asymmetric keys, this value describes both the key type and the algorithm that must be used during cryptographic operations, and possible values are:

• RSA_SIGN_PSS_2048_SHA256: RSASSA-PSS 2048 bit key with a SHA256 digest
• RSA_SIGN_PSS_3072_SHA256: RSASSA-PSS 3072 bit key with a SHA256 digest
• RSA_SIGN_PSS_4096_SHA256: RSASSA-PSS 4096 bit key with a SHA256 digest
• RSA_SIGN_PSS_4096_SHA512: RSASSA-PSS 4096 bit key with a SHA512 digest
• RSA_SIGN_PKCS1_2048_SHA256: RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_3072_SHA256: RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_4096_SHA256: RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest
• RSA_SIGN_PKCS1_4096_SHA512: RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest
• RSA_DECRYPT_OAEP_2048_SHA256: RSAES-OAEP 2048 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_3072_SHA256: RSAES-OAEP 3072 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_4096_SHA256: RSAES-OAEP 4096 bit key with a SHA256 digest
• RSA_DECRYPT_OAEP_4096_SHA512: RSAES-OAEP 4096 bit key with a SHA512 digest
• EC_SIGN_P256_SHA256: ECDSA on the NIST P-256 curve with a SHA256 digest
• EC_SIGN_P384_SHA384: ECDSA on the NIST P-384 curve with a SHA384 digest

Refer to Google's CryptoKeyVersionAlgorithm documentation page for more information.

ProtectionLevel reflects the key version's protection level. Possible values are:

• SOFTWARE
• HSM
• EXTERNAL

CreationDate reflects the key version's creation date, formatted as an RFC 3339 UTC timestamp.

DestructionDate reflects the date at which the key version's cryptographic material was (or will be) destroyed, formatted as an RFC 3339 UTC timestamp; or empty string if the key version's cryptographic material has not been, and is not scheduled to be, destroyed.

Config Settings (GoogleKMS Component)

GoogleKMS Config Settings

<firstlevel>
  <one>value</one>
  <two>
    <item>first</item>
    <item>second</item>
  </two>
  <three>value three</three>
</firstlevel>

{
  "firstlevel": {
    "one": "value",
    "two": ["first", "second"],
    "three": "value three"
  }
}

OAuth Config Settings

HTTP Config Settings

TCPClient Config Settings

SSL Config Settings

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert ...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert ...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert ...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert ...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----