ECC Configuration
The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.ECC Configuration Settings
AppendSecret:
An optional string to append to the secret agreement.This setting specifies an optional string to append to the secret agreement before
hashing it. This is applicable when calling ComputeSecret.
Note: This is not applicable when ComputeSecretKDF is set to 12 (ekdTLS). | |
CNGECDHKey: The CNG ECDH key.This setting may be set to specify the key exported from Microsoft's CNG before calling ComputeSecret. If key data was obtained from Microsoft's CNG API it can be hex encoded and supplied here. The component will use this key when ComputeSecret is called. | |
CNGECDSAKey: The CNG ECDSA key.This setting may be set to specify the key exported from Microsoft's CNG before calling VerifySignature. If key data was obtained from Microsoft's CNG API it can be hex encoded and supplied here. The component will use this key when VerifySignature is called. | |
ConcatAlgorithmId:
Specifies the AlgorithmId subfield of the OtherInfo field.This setting specifies the AlgorithmId subfield of the OtherInfo field as described in the publication "NIST SP 800-56A" section 5.8.1. The value supplied to this setting must be a hex encoded string of the subfield data.
This setting is required when ComputeSecretKDF is set to ekdConcat. This setting is only applicable when calling ComputeSecret. | |
ConcatHashAlgorithm:
The hash algorithm to use when ComputeSecretKDF is Concat.This optionally specifies the hash algorithm to use when ComputeSecretKDF is set to
ekdConcat. Possible values are:
| |
ConcatPartyUInfo:
Specifies the PartyUInfo subfield of the OtherInfo field.This setting specifies the PatyUInfo subfield of the OtherInfo field as described in the publication "NIST SP 800-56A" section 5.8.1. The value supplied to this setting must be a hex encoded string of the subfield data.
This setting is required when ComputeSecretKDF is set to ekdConcat. This setting is only applicable when calling ComputeSecret. | |
ConcatPartyVInfo:
Specifies the PartyVInfo subfield of the OtherInfo field.This setting specifies the PartyVInfo subfield of the OtherInfo field as described in the publication "NIST SP 800-56A" section 5.8.1. The value supplied to this setting must be a hex encoded string of the subfield data.
This setting is required when ComputeSecretKDF is set to ekdConcat. This setting is only applicable when calling ComputeSecret. | |
ConcatSuppPrivInfo:
Specifies the SuppPrivInfo subfield of the OtherInfo field.This setting specifies the SuppPrivInfo subfield of the OtherInfo field as described in the publication "NIST SP 800-56A" section 5.8.1. The value supplied to this setting must be a hex encoded string of the subfield data.
This setting is optional when ComputeSecretKDF is set to ekdConcat. This setting is only applicable when calling ComputeSecret. | |
ConcatSuppPubInfo:
Specifies the SuppPubInfo subfield of the OtherInfo field.This setting specifies the SuppPubInfo subfield of the OtherInfo field as described in the publication "NIST SP 800-56A" section 5.8.1. The value supplied to this setting must be a hex encoded string of the subfield data.
This setting is optional when ComputeSecretKDF is set to ekdConcat. This setting is only applicable when calling ComputeSecret. | |
ECDSASignatureFormat:
The format of the HashSignature when using ECDSA keys.This setting specifies the format of HashSignature when signing with ECDSA keys. The way the HashSignature
parameters are represented can be changed to be interoperable with other implementations. Possible values are:
Note: This setting is only applicable when Algorithm is set to secp256r1, secp384r1, or secp521r1. | |
EdDSAContext:
A hex encoded string holding the bytes of the context when signing or verifying with ed25519ctx.This setting specifies up to 255 bytes of context data as a hex encoded string for during signing and verifying.
This setting is only applicable when Algorithm is set to ed25519 or ed448. When this setting is specified and the Algorithm is ed25519 and HashEdDSA is False the component will automatically use ed25519ctx. If this value is specified before calling Sign, it must also be set prior to calling VerifySignature. | |
EncryptionKeySize:
The encryption key size.This setting specifies the AES encryption key size in bits when EncryptionAlgorithm is set to AES. Possible
values are:
| |
HMACKey:
A key to use when generating a Hash-based Message Authentication Code (HMAC).This key is incorporated into the hashing process to add entropy to the resulting hash code, making the plaintext harder to guess and increasing the message security.
The value supplied here must be hex encoded.
This is only applicable when calling ComputeSecret. | |
HMACKeySize:
Specifies the HMAC key size to be used during encryption.This setting optionally specifies the HMAC key size to be used during encryption and decryption.
If set to 0 (default) the component will automatically select the key size based on the algorithm
specified in HMACAlgorithm.
This setting is only applicable when calling Encrypt or Decrypt. | |
HMACOptionalInfo:
Optional data to be used during encryption and decryption during the HMAC step.This setting optionally specifies data to be used with the specified HMACAlgorithm as part of the encryption and
decryption process. This is additional data known to both parties that is included while performing the HMAC operation.
The value specified in this setting must a hex string. If specified this must be set before calling both Encrypt and Decrypt. | |
KDFOptionalInfo:
Optional data to be used during encryption and decryption during the key derivation step.This setting optionally specifies data to be used with the specified KDF as part of the encryption and
decryption process. This is additional data known to both parties that is included while performing key derivation.
The value specified in this setting must a hex string. If specified this must be set before calling both Encrypt and Decrypt. | |
PrependSecret:
An optional string to prepend to the secret agreement.This setting specifies an optional string to prepend to the secret agreement before
hashing it. This is applicable when calling ComputeSecret.
Note: This is not applicable when ComputeSecretKDF is set to 12 (ekdTLS). | |
StrictKeyValidation:
Whether to validate provided public keys based on private keys.This setting performs additional checks prior to using specified keys to validate the public key corresponds
to the provided private key.
When using keys with the algorithm ed25519, ed448, X25519, or X448 the component will calculate the public key based on the provided private key and compare it to the provided public key to ensure they match. When using keys with the algorithm secp256r1, secp384r1, or secp521r1 the component will perform calculations to verify the public key is a point on the curve. The component will also calculate the public key based on the provided private key and compare it to the provided public key to ensure they match. The default value is False and the component will use the public and private keys as provided without any additional checks. | |
TLSLabel: The TLS PRF label.This setting specifies a string representing the PRF label. This setting is required when ComputeSecretKDF set to 12 (ekdTLS). It is only applicable when calling ComputeSecret. | |
TLSSeed: The TLS PRF Seed.This setting specifies the hex encoded TLS PRF Seed. The seed value must be 64 bytes in length before hex encoding. This setting is required when ComputeSecretKDF set to 12 (ekdTLS). It is only applicable when calling ComputeSecret. |
Base Configuration Settings
BuildInfo: Information about the product's build.When queried, this setting will return a string containing information about the product's build. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CodePage:
The system code page used for Unicode to Multibyte translations.The default code page is Unicode UTF-8 (65001).
The following is a list of valid code page identifiers:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LicenseInfo:
Information about the current license.When queried, this setting will return a string containing information about the license this instance of a component is using. It will return the following information:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
UseInternalSecurityAPI: Tells the component whether or not to use the system security libraries or an internal implementation. By default the component will use the system security libraries to perform cryptographic functions. Setting this to True tells the component to use the internal implementation instead of using the system's security API. |