IPWorks Encrypt 2020 Qt Edition

Questions / Feedback?

ECC Configuration

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

ECC Configuration Settings

AppendSecret:   An optional string to append to the secret agreement.

This setting specifies an optional string to append to the secret agreement before hashing it. This is applicable when calling ComputeSecret.

Note: This is not applicable when ComputeSecretKDF is set to 12 (ekdTLS).

CNGECDHKey:   The CNG ECDH key.

This setting may be set to specify the key exported from Microsoft's CNG before calling ComputeSecret. If key data was obtained from Microsoft's CNG API it can be hex encoded and supplied here. The class will use this key when ComputeSecret is called.

CNGECDSAKey:   The CNG ECDSA key.

This setting may be set to specify the key exported from Microsoft's CNG before calling VerifySignature. If key data was obtained from Microsoft's CNG API it can be hex encoded and supplied here. The class will use this key when VerifySignature is called.

ConcatAlgorithmId:   Specifies the AlgorithmId subfield of the OtherInfo field.

This setting specifies the AlgorithmId subfield of the OtherInfo field as described in the publication "NIST SP 800-56A" section 5.8.1. The value supplied to this setting must be a hex encoded string of the subfield data.

This setting is required when ComputeSecretKDF is set to ekdConcat. This setting is only applicable when calling ComputeSecret.

ConcatHashAlgorithm:   The hash algorithm to use when ComputeSecretKDF is Concat.

This optionally specifies the hash algorithm to use when ComputeSecretKDF is set to ekdConcat. Possible values are:

  • SHA1
  • SHA224
  • SHA256 (default)
  • SHA384
  • SHA512
  • RIPEMD160
ConcatPartyUInfo:   Specifies the PartyUInfo subfield of the OtherInfo field.

This setting specifies the PatyUInfo subfield of the OtherInfo field as described in the publication "NIST SP 800-56A" section 5.8.1. The value supplied to this setting must be a hex encoded string of the subfield data.

This setting is required when ComputeSecretKDF is set to ekdConcat. This setting is only applicable when calling ComputeSecret.

ConcatPartyVInfo:   Specifies the PartyVInfo subfield of the OtherInfo field.

This setting specifies the PartyVInfo subfield of the OtherInfo field as described in the publication "NIST SP 800-56A" section 5.8.1. The value supplied to this setting must be a hex encoded string of the subfield data.

This setting is required when ComputeSecretKDF is set to ekdConcat. This setting is only applicable when calling ComputeSecret.

ConcatSuppPrivInfo:   Specifies the SuppPrivInfo subfield of the OtherInfo field.

This setting specifies the SuppPrivInfo subfield of the OtherInfo field as described in the publication "NIST SP 800-56A" section 5.8.1. The value supplied to this setting must be a hex encoded string of the subfield data.

This setting is optional when ComputeSecretKDF is set to ekdConcat. This setting is only applicable when calling ComputeSecret.

ConcatSuppPubInfo:   Specifies the SuppPubInfo subfield of the OtherInfo field.

This setting specifies the SuppPubInfo subfield of the OtherInfo field as described in the publication "NIST SP 800-56A" section 5.8.1. The value supplied to this setting must be a hex encoded string of the subfield data.

This setting is optional when ComputeSecretKDF is set to ekdConcat. This setting is only applicable when calling ComputeSecret.

ECDSASignatureFormat:   The format of the HashSignature when using ECDSA keys.

This setting specifies the format of HashSignature when signing with ECDSA keys. The way the HashSignature parameters are represented can be changed to be interoperable with other implementations. Possible values are:

  • 0 (Concatenated - default)
  • 1 (ASN)

Note: This setting is only applicable when KeyAlgorithm is set to secp256r1, secp384r1, or secp521r1.

EdDSAContext:   A hex encoded string holding the bytes of the context when signing or verifying with ed25519ctx.

This setting specifies up to 255 bytes of context data as a hex encoded string for during signing and verifying.

This setting is only applicable when KeyAlgorithm is set to ed25519 or ed448. When this setting is specified and the KeyAlgorithm is ed25519 and HashEdDSA is False the class will automatically use ed25519ctx.

If this value is specified before calling Sign, it must also be set prior to calling VerifySignature.

EncryptionKeySize:   The encryption key size.

This setting specifies the AES encryption key size in bits when EncryptionAlgorithm is set to AES. Possible values are:

  • 128
  • 192
  • 256 (default)
This setting is only applicable when calling Encrypt.
HMACKey:   A key to use when generating a Hash-based Message Authentication Code (HMAC).

This key is incorporated into the hashing process to add entropy to the resulting hash code, making the plaintext harder to guess and increasing the message security. The value supplied here must be hex encoded.

This is only applicable when calling ComputeSecret.

HMACKeySize:   Specifies the HMAC key size to be used during encryption.

This setting optionally specifies the HMAC key size to be used during encryption and decryption. If set to 0 (default) the class will automatically select the key size based on the algorithm specified in HMACAlgorithm.

This setting is only applicable when calling Encrypt or Decrypt.

HMACOptionalInfo:   Optional data to be used during encryption and decryption during the HMAC step.

This setting optionally specifies data to be used with the specified HMACAlgorithm as part of the encryption and decryption process. This is additional data known to both parties that is included while performing the HMAC operation.

The value specified in this setting must a hex string.

If specified this must be set before calling both Encrypt and Decrypt.

KDFOptionalInfo:   Optional data to be used during encryption and decryption during the key derivation step.

This setting optionally specifies data to be used with the specified KDF as part of the encryption and decryption process. This is additional data known to both parties that is included while performing key derivation.

The value specified in this setting must a hex string.

If specified this must be set before calling both Encrypt and Decrypt.

PrependSecret:   An optional string to prepend to the secret agreement.

This setting specifies an optional string to prepend to the secret agreement before hashing it. This is applicable when calling ComputeSecret.

Note: This is not applicable when ComputeSecretKDF is set to 12 (ekdTLS).

StrictKeyValidation:   Whether to validate provided public keys based on private keys.

This setting performs additional checks prior to using specified keys to validate the public key corresponds to the provided private key.

When using keys with the algorithm ed25519, ed448, X25519, or X448 the class will calculate the public key based on the provided private key and compare it to the provided public key to ensure they match.

When using keys with the algorithm secp256r1, secp384r1, or secp521r1 the class will perform calculations to verify the public key is a point on the curve. The class will also calculate the public key based on the provided private key and compare it to the provided public key to ensure they match.

The default value is False and the class will use the public and private keys as provided without any additional checks.

TLSLabel:   The TLS PRF label.

This setting specifies a string representing the PRF label. This setting is required when ComputeSecretKDF set to 12 (ekdTLS). It is only applicable when calling ComputeSecret.

TLSSeed:   The TLS PRF Seed.

This setting specifies the hex encoded TLS PRF Seed. The seed value must be 64 bytes in length before hex encoding. This setting is required when ComputeSecretKDF set to 12 (ekdTLS). It is only applicable when calling ComputeSecret.

Base Configuration Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

CodePage:   The system code page used for Unicode to Multibyte translations.

The default code page is Unicode UTF-8 (65001).

The following is a list of valid code page identifiers:

IdentifierName
037IBM EBCDIC - U.S./Canada
437OEM - United States
500IBM EBCDIC - International
708Arabic - ASMO 708
709Arabic - ASMO 449+, BCON V4
710Arabic - Transparent Arabic
720Arabic - Transparent ASMO
737OEM - Greek (formerly 437G)
775OEM - Baltic
850OEM - Multilingual Latin I
852OEM - Latin II
855OEM - Cyrillic (primarily Russian)
857OEM - Turkish
858OEM - Multlingual Latin I + Euro symbol
860OEM - Portuguese
861OEM - Icelandic
862OEM - Hebrew
863OEM - Canadian-French
864OEM - Arabic
865OEM - Nordic
866OEM - Russian
869OEM - Modern Greek
870IBM EBCDIC - Multilingual/ROECE (Latin-2)
874ANSI/OEM - Thai (same as 28605, ISO 8859-15)
875IBM EBCDIC - Modern Greek
932ANSI/OEM - Japanese, Shift-JIS
936ANSI/OEM - Simplified Chinese (PRC, Singapore)
949ANSI/OEM - Korean (Unified Hangeul Code)
950ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC)
1026IBM EBCDIC - Turkish (Latin-5)
1047IBM EBCDIC - Latin 1/Open System
1140IBM EBCDIC - U.S./Canada (037 + Euro symbol)
1141IBM EBCDIC - Germany (20273 + Euro symbol)
1142IBM EBCDIC - Denmark/Norway (20277 + Euro symbol)
1143IBM EBCDIC - Finland/Sweden (20278 + Euro symbol)
1144IBM EBCDIC - Italy (20280 + Euro symbol)
1145IBM EBCDIC - Latin America/Spain (20284 + Euro symbol)
1146IBM EBCDIC - United Kingdom (20285 + Euro symbol)
1147IBM EBCDIC - France (20297 + Euro symbol)
1148IBM EBCDIC - International (500 + Euro symbol)
1149IBM EBCDIC - Icelandic (20871 + Euro symbol)
1200Unicode UCS-2 Little-Endian (BMP of ISO 10646)
1201Unicode UCS-2 Big-Endian
1250ANSI - Central European
1251ANSI - Cyrillic
1252ANSI - Latin I
1253ANSI - Greek
1254ANSI - Turkish
1255ANSI - Hebrew
1256ANSI - Arabic
1257ANSI - Baltic
1258ANSI/OEM - Vietnamese
1361Korean (Johab)
10000MAC - Roman
10001MAC - Japanese
10002MAC - Traditional Chinese (Big5)
10003MAC - Korean
10004MAC - Arabic
10005MAC - Hebrew
10006MAC - Greek I
10007MAC - Cyrillic
10008MAC - Simplified Chinese (GB 2312)
10010MAC - Romania
10017MAC - Ukraine
10021MAC - Thai
10029MAC - Latin II
10079MAC - Icelandic
10081MAC - Turkish
10082MAC - Croatia
12000Unicode UCS-4 Little-Endian
12001Unicode UCS-4 Big-Endian
20000CNS - Taiwan
20001TCA - Taiwan
20002Eten - Taiwan
20003IBM5550 - Taiwan
20004TeleText - Taiwan
20005Wang - Taiwan
20105IA5 IRV International Alphabet No. 5 (7-bit)
20106IA5 German (7-bit)
20107IA5 Swedish (7-bit)
20108IA5 Norwegian (7-bit)
20127US-ASCII (7-bit)
20261T.61
20269ISO 6937 Non-Spacing Accent
20273IBM EBCDIC - Germany
20277IBM EBCDIC - Denmark/Norway
20278IBM EBCDIC - Finland/Sweden
20280IBM EBCDIC - Italy
20284IBM EBCDIC - Latin America/Spain
20285IBM EBCDIC - United Kingdom
20290IBM EBCDIC - Japanese Katakana Extended
20297IBM EBCDIC - France
20420IBM EBCDIC - Arabic
20423IBM EBCDIC - Greek
20424IBM EBCDIC - Hebrew
20833IBM EBCDIC - Korean Extended
20838IBM EBCDIC - Thai
20866Russian - KOI8-R
20871IBM EBCDIC - Icelandic
20880IBM EBCDIC - Cyrillic (Russian)
20905IBM EBCDIC - Turkish
20924IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol)
20932JIS X 0208-1990 & 0121-1990
20936Simplified Chinese (GB2312)
21025IBM EBCDIC - Cyrillic (Serbian, Bulgarian)
21027Extended Alpha Lowercase
21866Ukrainian (KOI8-U)
28591ISO 8859-1 Latin I
28592ISO 8859-2 Central Europe
28593ISO 8859-3 Latin 3
28594ISO 8859-4 Baltic
28595ISO 8859-5 Cyrillic
28596ISO 8859-6 Arabic
28597ISO 8859-7 Greek
28598ISO 8859-8 Hebrew
28599ISO 8859-9 Latin 5
28605ISO 8859-15 Latin 9
29001Europa 3
38598ISO 8859-8 Hebrew
50220ISO 2022 Japanese with no halfwidth Katakana
50221ISO 2022 Japanese with halfwidth Katakana
50222ISO 2022 Japanese JIS X 0201-1989
50225ISO 2022 Korean
50227ISO 2022 Simplified Chinese
50229ISO 2022 Traditional Chinese
50930Japanese (Katakana) Extended
50931US/Canada and Japanese
50933Korean Extended and Korean
50935Simplified Chinese Extended and Simplified Chinese
50936Simplified Chinese
50937US/Canada and Traditional Chinese
50939Japanese (Latin) Extended and Japanese
51932EUC - Japanese
51936EUC - Simplified Chinese
51949EUC - Korean
51950EUC - Traditional Chinese
52936HZ-GB2312 Simplified Chinese
54936Windows XP: GB18030 Simplified Chinese (4 Byte)
57002ISCII Devanagari
57003ISCII Bengali
57004ISCII Tamil
57005ISCII Telugu
57006ISCII Assamese
57007ISCII Oriya
57008ISCII Kannada
57009ISCII Malayalam
57010ISCII Gujarati
57011ISCII Punjabi
65000Unicode UTF-7
65001Unicode UTF-8

The following is a list of valid code page identifiers for Mac OS only:

IdentifierName
1ASCII
2NEXTSTEP
3JapaneseEUC
4UTF8
5ISOLatin1
6Symbol
7NonLossyASCII
8ShiftJIS
9ISOLatin2
10Unicode
11WindowsCP1251
12WindowsCP1252
13WindowsCP1253
14WindowsCP1254
15WindowsCP1250
21ISO2022JP
30MacOSRoman
10UTF16String
0x90000100UTF16BigEndian
0x94000100UTF16LittleEndian
0x8c000100UTF32String
0x98000100UTF32BigEndian
0x9c000100UTF32LittleEndian
65536Proprietary

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g. RuntimeLicense, License File).
  • License Type: The type of license installed (e.g. Royalty Free, Single Server).
UseInternalSecurityAPI:   Tells the class whether or not to use the system security libraries or an internal implementation.

By default the class will use the system security libraries to perform cryptographic functions. Setting this to True tells the class to use the internal implementation instead of using the system's security API.

Copyright (c) 2022 /n software inc. - All rights reserved.
IPWorks Encrypt 2020 Qt Edition - Version 20.0 [Build 8155]