IPWorks Encrypt 2020 .NET Edition

Questions / Feedback?

AES Configuration

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

AES Configuration Settings

AdditionalAuthData:   Additional authentication data (AAD) used in GCM mode.

This setting optionally specifies additional authentication data. The data specified must be hex encoded. This is only applicable when CipherMode is set to 6 (cmGCM). This may be set prior to calling Encrypt or Decrypt. Note that AAD data is authenticated but not encrypted, so it is not included in OutputMessage

AuthTag:   The authentication tag used in GCM mode.

This setting is only applicable when CipherMode is set to 6 (cmGCM). This is populated with a hex encoded value after calling Encrypt. It must be specified with a hex encoded value before calling Decrypt.

AuthTagLength:   The authentication tag length used in GCM mode.

This setting is only applicable when CipherMode is set to 6 (cmGCM). This may be set before calling Encrypt. It may also be set before calling Decrypt, but is not required. The default value is 128. Valid values are

  • 0*
  • 96
  • 104
  • 112
  • 120
  • 128 (default)
* May be set to 0 when calling Decrypt only. In this case no value needs to be passed to AuthTag. Be aware that this is a security risk as the ciphertext will not be authenticated. If it was tampered with there would be no indication. NIST Special Publication 800-38D forbids implementations from validating or generating messages without an authentication tag, but this functionality can be useful in certain real-world scenarios.
BlockSize:   The block size, in bits, of the cryptographic operation.

The block size is a basic data unit in the operation of encrypt or decrypt. Messages longer than the block size are seen as successive blocks. If the message is shorter than the block size, the message will be padded with extra bits to reach the block size according to PaddingMode. Different symmetric algorithm has different valid block sizes.

The following algorithms have a fixed block size: AES, CAST, DES, IDEA, RC2, TripleDES, Blowfish, and Twofish.

CloseInputStreamAfterProcessing:   Determines whether or not the input stream is closed after processing.

Determines whether or not the input stream set by SetInputStream is closed after processing is complete. The default value is True.

CloseOutputStreamAfterProcessing:   Determines whether or not the output stream is closed after processing.

Determines whether or not the output stream set by SetOutputStream is closed after processing is complete. The default value is True.

IncludeAuthTag:   Whether to append the authentication tag to the cipher text in GCM mode.

This setting controls whether AuthTag is appended to the cipher text. This may be useful in cases where the other party knows to look for the authentication tag at the end of the data. The default value is False.

IncludeIV:   Whether to prepend the IV to the output data and read the IV from the input data.

If this config is true, the IV will be automatically prepended to the output data when calling Encrypt. When calling Decrypt and this setting is True, the IV is automatically extracted form the ciphertext. The default value is False.

KeyPasswordAlgorithm:   The hash algorithm used to derive the Key and IV from the KeyPassword property.

This configuration setting specifies which hash algorithm will be used when deriving the Key and IV from KeyPassword. The default value is "MD5". Possible values are:

  • "SHA1"
  • "MD2"
  • "MD5" (default)
  • "HMAC-SHA1"
  • "HMAC-SHA224"
  • "HMAC-SHA256"
  • "HMAC-SHA384"
  • "HMAC-SHA512"
  • "HMAC-MD5"
  • "HMAC-RIPEMD160"

When using any HMAC algorithm the PBKDF#2 method from RFC 2898 is used. Any other algorithm uses PBKDF#1 from the same RFC.

KeyPasswordIterations:   The number of iterations performed when using KeyPassword to derive the Key and IV.

This configuration setting specifies the number of iterations performed when using KeyPassword to calculate values for Key and IV. When using PBKDF#2 the default number of iterations is 10,000. When using PBKDF#1 the default number is 10.

KeyPasswordSalt:   The salt value used in conjunction with the KeyPassword to derive the Key and IV.

This configuration setting specifies the hex encoded salt value to be used along with the KeyPassword when calculating values for Key and IV.

KeySize:   The size, in bits, of secret key for the symmetric algorithm.

The legal key sizes vary depending on the algorithm. The KeySize and BlockSize configuration settings may be set to specify the key and block size (in bits).

This setting is only applicable when KeyPassword is specified.

Note that when using the EzCrypt component, KeySize should be set after setting the Algorithm property.

UsePlatformAES:   Whether to use the platform AES implementation.

This setting controls whether the component uses it's own AES implementation or the current platform's implementation. Using the platform implementation is only supported on Windows.

XTSDataUnitLength:   The length of the XTS data unit.

When CipherMode is acmXTS, set this to the length of the XTS data unit in bytes. The default value is 512.

XTSInitialTweak:   The initial XTS tweak value.

Set this to the initial tweak value when CipherMode is acmXTS. This can be set to either a decimal or hexadecimal number representing the value. The default value is 0. Here are two examples: 

aes.Config("XTSInitialTweak=6700"); // Decimal
aes.Config("XTSInitialTweak=C1DD77FDGA"); // Hexadecimal

Base Configuration Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

GUIAvailable:   Tells the component whether or not a message loop is available for processing events.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The component will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the component does not attempt to process external events.

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a component is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g. RuntimeLicense, License File).
  • License Type: The type of license installed (e.g. Royalty Free, Single Server).
UseInternalSecurityAPI:   Tells the component whether or not to use the system security libraries or an internal implementation.

By default the component will use the system security libraries to perform cryptographic functions. When set to False calls to unmanaged code will be made. In certain environments this is not desirable. To use a completely managed security implementation set this setting to True. Setting this to True tells the component to use the internal implementation instead of using the system's security API.

Note: This setting is static. The value set is applicable to all components used in the application.

When this value is set the product's system DLL is no longer required as a reference, as all unmanaged code is stored in that file.

Copyright (c) 2022 /n software inc. - All rights reserved.
IPWorks Encrypt 2020 .NET Edition - Version 20.0 [Build 8286]