Salsa20 Class

Properties   Methods   Events   Config Settings   Errors  

The Salsa20 class can be used to encrypt and decrypt data with the XSalsa20 and Salsa20 algorithm.

Syntax

class ipworksencrypt.Salsa20

Remarks

The class implements XSalsa20 as well as Salsa20. The algorithm property specifies which algorithm to use when encrypting and decryption. In addition the 12 and 8 round variants of Salsa20 are supported.

Data may be encrypted and decrypted in its entirety by calling encrypt and decrypt or chunk by chunk by calling encrypt_block and decrypt_block.

In all operations a key and iv must be used. If iv is not set one is automatically generated. key_password may be set in order to automatically generate both a key and iv when a method is called. The same key_password, or key and iv pair are used on both sides of the operation data can be encrypted and decrypted.

Encrypt Notes

encrypt will encrypt the specified data. The following properties are applicable:

  • iv (required)
  • key (required)

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

Additional Notes

The key property must be set to a 256 bit (32 byte) value. This is the only allowed value for ChaCha20. If key_password is set both key and iv will be automatically generated when encrypt is called.

The iv must be set to a 192 bit (24 byte) value when algorithm is set to XSalsa. The iv must be set to a 64 bit (8 byte) value when algorithm is set to Salsa.

If iv is not set a value will automatically be generated by the class when encrypt is called.

During encryption the on_progress event will fire as data is encrypted.

Encrypt Example

Salsa20 salsa = new Salsa20(); //32 Bytes salsa.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; //24 Bytes salsa.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7, 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; salsa.InputMessage = "hello salsa!"; salsa.Encrypt(); //salsa.OutputMessageB contains the byte[] of the encrypted data. The above code produces the following encrypted bytes. // { 0x06, 0xF4, 0xD9, 0xB4, 0x67, 0x31, 0x1C, 0x1E, 0x8E, 0xD6, 0xB5, 0x6B }

Encrypt Block Notes

encrypt_block will encrypt the input data and return the encrypted block. The encrypted block will always be the same length as the decrypted data. The following properties are applicable:

  • iv (required)
  • key (required)

InputBuffer specifies the input data to encrypt.

EncryptBlock Example

Salsa20 salsa = new Salsa20(); //32 Bytes salsa.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; //24 Bytes salsa.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7, 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; byte[] tempEncryptedBlock; //Encrypt any number of blocks of any size tempEncryptedBlock = salsa.EncryptBlock(part1); tempEncryptedBlock = salsa.EncryptBlock(part2);

Decrypt Notes

decrypt will decrypt the specified data. The following properties are applicable:

  • iv (required)
  • key (required)

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

Additional Notes

The key property must be set to the 256 bit (32 byte) value originally used to encrypt the data. iv must be set to the original IV value used to encrypt the data.

If using a password, key_password must be set to the same key_password used when encrypting the data. This will automatically generate both key and iv when decrypt is called.

During decryption the on_progress event will fire as data is decrypted.

Decrypt Example

Salsa20 salsa = new Salsa20(); //32 Bytes salsa.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; //24 Bytes salsa.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7, 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; salsa.InputMessageB = new byte[] { 0x06, 0xF4, 0xD9, 0xB4, 0x67, 0x31, 0x1C, 0x1E, 0x8E, 0xD6, 0xB5, 0x6B }; salsa.Decrypt(); Console.WriteLine(salsa.OutputMessage); //outputs "hello salsa!"

Decrypt Block Notes

decrypt_block will decrypt the input data and return the decrypted block. The decrypted block will always be the same length as the encrypted data. The following properties are applicable:

  • iv (required)
  • key (required)

InputBuffer specifies the input data to decrypt.

DecryptBlock Example

Salsa20 salsa = new Salsa20(); //32 Bytes salsa.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; //24 Bytes salsa.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7, 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; byte[] tempDecryptedBlock; //Decrypt any number of blocks of any size tempDecryptedBlock = salsa.DecryptBlock(part1); tempDecryptedBlock = salsa.DecryptBlock(part2);

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

algorithmThe Salsa20 algorithm.
input_fileThe file to process.
input_messageThe message to process.
ivThe initialization vector (IV).
keyThe secret key for the symmetric algorithm.
key_passwordA password to generate the Key and IV .
output_fileThe output file when encrypting or decrypting.
output_messageThe output message after processing.
overwriteIndicates whether or not the class should overwrite files.
use_hexWhether input or output is hex encoded.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

configSets or retrieves a configuration setting.
decryptDecrypts the data.
decrypt_blockDecrypts a block and returns the decrypted data.
encryptEncrypts the data.
encrypt_blockEncrypts data and returns the encrypted block.
resetResets the class.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

on_errorFired when information is available about errors during data delivery.
on_progressFired as progress is made.

Config Settings


The following is a list of config settings for the class with short descriptions. Click on the links for further details.

EncryptedDataEncodingThe encoding of the encrypted input or output data.
IncludeIVWhether to prepend the IV to the output data and read the IV from the input data.
KeyPasswordAlgorithmThe hash algorithm used to derive the Key and IV from the KeyPassword property.
KeyPasswordIterationsThe number of iterations performed when using KeyPassword to derive the Key and IV.
KeyPasswordSaltThe salt value used in conjunction with the KeyPassword to derive the Key and IV.
SalsaRoundsThe number of rounds to perform.
BuildInfoInformation about the product's build.
CodePageThe system code page used for Unicode to Multibyte translations.
LicenseInfoInformation about the current license.
MaskSensitiveWhether sensitive data is masked in log messages.
ProcessIdleEventsWhether the class uses its internal event loop to process events when the main thread is idle.
SelectWaitMillisThe length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.
UseInternalSecurityAPIWhether or not to use the system security libraries or an internal implementation.

algorithm Property

The Salsa20 algorithm.

Syntax

def get_algorithm() -> int: ...
def set_algorithm(value: int) -> None: ...

algorithm = property(get_algorithm, set_algorithm)

Default Value

1

Remarks

This property specifies the Salsa implementation to use. Possible values are:

  • 0 (Salsa20)
  • 1 (XSalsa20 - default)

The XSalsa20 algorithm is recommended and generally to be considered more secure. The Salsa20 algorithm is fully supported for implementations that require this. In addition the reduced 12 and 8 round variants of Salsa20 are also supported, please see SalsaRounds for details.

input_file Property

The file to process.

Syntax

def get_input_file() -> str: ...
def set_input_file(value: str) -> None: ...

input_file = property(get_input_file, set_input_file)

Default Value

""

Remarks

This property specifies the file to be processed. Set this property to the full or relative path to the file which will be processed.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

input_message Property

The message to process.

Syntax

def get_input_message() -> bytes: ...
def set_input_message(value: bytes) -> None: ...

input_message = property(get_input_message, set_input_message)

Default Value

""

Remarks

This property specifies the message to be processed.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

iv Property

The initialization vector (IV).

Syntax

def get_iv() -> bytes: ...
def set_iv(value: bytes) -> None: ...

iv = property(get_iv, set_iv)

Default Value

""

Remarks

This property specifies the initialization vector (IV). This is also referred to as the nonce. By default this property is empty and the class will automatically generate a new iv value if key_password or key is set before encrypt or encrypt_block is called.

XSalsa Notes:

When Algorithm is set to XSalsa the length of the IV must be 192 bits in length (24 bytes).

Salsa Notes:

When Algorithm is set to Salsa the length of the IV must be 64 bits in length (8 bytes).

key Property

The secret key for the symmetric algorithm.

Syntax

def get_key() -> bytes: ...
def set_key(value: bytes) -> None: ...

key = property(get_key, set_key)

Default Value

""

Remarks

This secret key is used both for encryption and decryption. The secret key should be known only to the sender and the receiver. This key must be 256 bits in length (32 bytes).

If this property is left empty and key_password is specified, a key value will be generated by the class as necessary.

key_password Property

A password to generate the Key and IV .

Syntax

def get_key_password() -> str: ...
def set_key_password(value: str) -> None: ...

key_password = property(get_key_password, set_key_password)

Default Value

""

Remarks

When this property is set the class will calculate values for key and iv using the PKCS5 password digest algorithm. This provides a simpler alternative to creating and managing key and iv values directly.

output_file Property

The output file when encrypting or decrypting.

Syntax

def get_output_file() -> str: ...
def set_output_file(value: str) -> None: ...

output_file = property(get_output_file, set_output_file)

Default Value

""

Remarks

This property specifies the file to which the output will be written when encrypt or decrypt is called. This may be set to an absolute or relative path.

This property is only applicable to encrypt and decrypt.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

  • output_file
  • output_message: The output data is written to this property if no other destination is specified.

output_message Property

The output message after processing.

Syntax

def get_output_message() -> bytes: ...

output_message = property(get_output_message, None)

Default Value

""

Remarks

This property will be populated with the output from the operation if output_file is not set.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

  • output_file
  • output_message: The output data is written to this property if no other destination is specified.

This property is read-only.

overwrite Property

Indicates whether or not the class should overwrite files.

Syntax

def get_overwrite() -> bool: ...
def set_overwrite(value: bool) -> None: ...

overwrite = property(get_overwrite, set_overwrite)

Default Value

FALSE

Remarks

This property indicates whether or not the class will overwrite output_file. If overwrite is False, an error will be thrown whenever output_file exists before an operation. The default value is False.

use_hex Property

Whether input or output is hex encoded.

Syntax

def get_use_hex() -> bool: ...
def set_use_hex(value: bool) -> None: ...

use_hex = property(get_use_hex, set_use_hex)

Default Value

FALSE

Remarks

This property specifies whether the encrypted data is hex encoded.

If set to True, when encrypt is called the class will perform the encryption as normal and then hex encode the output. output_message or output_file will hold hex encoded data.

If set to True, when decrypt is called the class will expect input_message or input_file to hold hex encoded data. The class will then hex decode the data and perform decryption as normal.

config Method

Sets or retrieves a configuration setting.

Syntax

def config(configuration_string: str) -> str: ...

Remarks

config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

decrypt Method

Decrypts the data.

Syntax

def decrypt() -> None: ...

Remarks

decrypt will decrypt the specified data. The following properties are applicable:

  • iv (required)
  • key (required)

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

Additional Notes

The key property must be set to the 256 bit (32 byte) value originally used to encrypt the data. iv must be set to the original IV value used to encrypt the data.

If using a password, key_password must be set to the same key_password used when encrypting the data. This will automatically generate both key and iv when decrypt is called.

During decryption the on_progress event will fire as data is decrypted.

Decrypt Example

Salsa20 salsa = new Salsa20(); //32 Bytes salsa.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; //24 Bytes salsa.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7, 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; salsa.InputMessageB = new byte[] { 0x06, 0xF4, 0xD9, 0xB4, 0x67, 0x31, 0x1C, 0x1E, 0x8E, 0xD6, 0xB5, 0x6B }; salsa.Decrypt(); Console.WriteLine(salsa.OutputMessage); //outputs "hello salsa!"

decrypt_block Method

Decrypts a block and returns the decrypted data.

Syntax

def decrypt_block(input_buffer: bytes) -> bytes: ...

Remarks

decrypt_block will decrypt the input data and return the decrypted block. The decrypted block will always be the same length as the encrypted data. The following properties are applicable:

  • iv (required)
  • key (required)

InputBuffer specifies the input data to decrypt.

DecryptBlock Example

Salsa20 salsa = new Salsa20(); //32 Bytes salsa.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; //24 Bytes salsa.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7, 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; byte[] tempDecryptedBlock; //Decrypt any number of blocks of any size tempDecryptedBlock = salsa.DecryptBlock(part1); tempDecryptedBlock = salsa.DecryptBlock(part2);

encrypt Method

Encrypts the data.

Syntax

def encrypt() -> None: ...

Remarks

encrypt will encrypt the specified data. The following properties are applicable:

  • iv (required)
  • key (required)

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

Additional Notes

The key property must be set to a 256 bit (32 byte) value. This is the only allowed value for ChaCha20. If key_password is set both key and iv will be automatically generated when encrypt is called.

The iv must be set to a 192 bit (24 byte) value when algorithm is set to XSalsa. The iv must be set to a 64 bit (8 byte) value when algorithm is set to Salsa.

If iv is not set a value will automatically be generated by the class when encrypt is called.

During encryption the on_progress event will fire as data is encrypted.

Encrypt Example

Salsa20 salsa = new Salsa20(); //32 Bytes salsa.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; //24 Bytes salsa.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7, 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; salsa.InputMessage = "hello salsa!"; salsa.Encrypt(); //salsa.OutputMessageB contains the byte[] of the encrypted data. The above code produces the following encrypted bytes. // { 0x06, 0xF4, 0xD9, 0xB4, 0x67, 0x31, 0x1C, 0x1E, 0x8E, 0xD6, 0xB5, 0x6B }

encrypt_block Method

Encrypts data and returns the encrypted block.

Syntax

def encrypt_block(input_buffer: bytes) -> bytes: ...

Remarks

encrypt_block will encrypt the input data and return the encrypted block. The encrypted block will always be the same length as the decrypted data. The following properties are applicable:

  • iv (required)
  • key (required)

InputBuffer specifies the input data to encrypt.

EncryptBlock Example

Salsa20 salsa = new Salsa20(); //32 Bytes salsa.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; //24 Bytes salsa.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7, 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; byte[] tempEncryptedBlock; //Encrypt any number of blocks of any size tempEncryptedBlock = salsa.EncryptBlock(part1); tempEncryptedBlock = salsa.EncryptBlock(part2);

reset Method

Resets the class.

Syntax

def reset() -> None: ...

Remarks

When called, the class will reset all of its properties to their default values.

on_error Event

Fired when information is available about errors during data delivery.

Syntax

class Salsa20ErrorEventParams(object):
  @property
  def error_code() -> int: ...

  @property
  def description() -> str: ...

# In class Salsa20:
@property
def on_error() -> Callable[[Salsa20ErrorEventParams], None]: ...
@on_error.setter
def on_error(event_hook: Callable[[Salsa20ErrorEventParams], None]) -> None: ...

Remarks

The on_error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

on_progress Event

Fired as progress is made.

Syntax

class Salsa20ProgressEventParams(object):
  @property
  def bytes_processed() -> int: ...

  @property
  def percent_processed() -> int: ...

# In class Salsa20:
@property
def on_progress() -> Callable[[Salsa20ProgressEventParams], None]: ...
@on_progress.setter
def on_progress(event_hook: Callable[[Salsa20ProgressEventParams], None]) -> None: ...

Remarks

This event is fired automatically as data is processed by the class.

The PercentProcessed parameter indicates the current status of the operation.

The BytesProcessed parameter holds the total number of bytes processed so far.

Salsa20 Config Settings

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

XSalsa20 Config Settings

EncryptedDataEncoding:   The encoding of the encrypted input or output data.

This configuration setting specifies how the encrypted data is encoded (if at all).

When encrypt is called the class will perform the encryption as normal and then encode the output as specified here. output_message or output_file will hold the encoded data.

When decrypt is called the class will expect input_message or input_file to hold the encoded data as specified here. The class will then decode the data and perform decryption as normal.

Possible values are:

  • 0 (none - default)
  • 1 (Base64)
  • 2 (Hex)
  • 3 (Base64URL)

IncludeIV:   Whether to prepend the IV to the output data and read the IV from the input data.

If this config is true, the IV will be automatically prepended to the output data when calling encrypt. When calling decrypt and this setting is True, the IV is automatically extracted form the ciphertext. The default value is False.

KeyPasswordAlgorithm:   The hash algorithm used to derive the Key and IV from the KeyPassword property.

This configuration setting specifies which hash algorithm will be used when deriving the key and iv from key_password. The default value is "MD5". Possible values are:

  • "SHA1"
  • "MD2"
  • "MD5" (default)
  • "HMAC-SHA1"
  • "HMAC-SHA224"
  • "HMAC-SHA256"
  • "HMAC-SHA384"
  • "HMAC-SHA512"
  • "HMAC-MD5"
  • "HMAC-RIPEMD160"

When using any HMAC algorithm the PBKDF#2 method from RFC 2898 is used. Any other algorithm uses PBKDF#1 from the same RFC.

KeyPasswordIterations:   The number of iterations performed when using KeyPassword to derive the Key and IV.

This configuration setting specifies the number of iterations performed when using key_password to calculate values for key and iv. When using PBKDF#2 the default number of iterations is 10,000. When using PBKDF#1 the default number is 10.

KeyPasswordSalt:   The salt value used in conjunction with the KeyPassword to derive the Key and IV.

This configuration setting specifies the hex encoded salt value to be used along with the key_password when calculating values for key and iv.

SalsaRounds:   The number of rounds to perform.

This setting specifies the number of rounds to perform. The default value is 20. The class also supports 12 and 8 round variants which offer better performance but reduce overall security. This setting is only applicable when algorithm is set to saSALSA20. Possible values are:

  • 20 (default - recommended)
  • 12
  • 8

Base Config Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

CodePage:   The system code page used for Unicode to Multibyte translations.

The default code page is Unicode UTF-8 (65001).

The following is a list of valid code page identifiers:

IdentifierName
037IBM EBCDIC - U.S./Canada
437OEM - United States
500IBM EBCDIC - International
708Arabic - ASMO 708
709Arabic - ASMO 449+, BCON V4
710Arabic - Transparent Arabic
720Arabic - Transparent ASMO
737OEM - Greek (formerly 437G)
775OEM - Baltic
850OEM - Multilingual Latin I
852OEM - Latin II
855OEM - Cyrillic (primarily Russian)
857OEM - Turkish
858OEM - Multilingual Latin I + Euro symbol
860OEM - Portuguese
861OEM - Icelandic
862OEM - Hebrew
863OEM - Canadian-French
864OEM - Arabic
865OEM - Nordic
866OEM - Russian
869OEM - Modern Greek
870IBM EBCDIC - Multilingual/ROECE (Latin-2)
874ANSI/OEM - Thai (same as 28605, ISO 8859-15)
875IBM EBCDIC - Modern Greek
932ANSI/OEM - Japanese, Shift-JIS
936ANSI/OEM - Simplified Chinese (PRC, Singapore)
949ANSI/OEM - Korean (Unified Hangul Code)
950ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC)
1026IBM EBCDIC - Turkish (Latin-5)
1047IBM EBCDIC - Latin 1/Open System
1140IBM EBCDIC - U.S./Canada (037 + Euro symbol)
1141IBM EBCDIC - Germany (20273 + Euro symbol)
1142IBM EBCDIC - Denmark/Norway (20277 + Euro symbol)
1143IBM EBCDIC - Finland/Sweden (20278 + Euro symbol)
1144IBM EBCDIC - Italy (20280 + Euro symbol)
1145IBM EBCDIC - Latin America/Spain (20284 + Euro symbol)
1146IBM EBCDIC - United Kingdom (20285 + Euro symbol)
1147IBM EBCDIC - France (20297 + Euro symbol)
1148IBM EBCDIC - International (500 + Euro symbol)
1149IBM EBCDIC - Icelandic (20871 + Euro symbol)
1200Unicode UCS-2 Little-Endian (BMP of ISO 10646)
1201Unicode UCS-2 Big-Endian
1250ANSI - Central European
1251ANSI - Cyrillic
1252ANSI - Latin I
1253ANSI - Greek
1254ANSI - Turkish
1255ANSI - Hebrew
1256ANSI - Arabic
1257ANSI - Baltic
1258ANSI/OEM - Vietnamese
1361Korean (Johab)
10000MAC - Roman
10001MAC - Japanese
10002MAC - Traditional Chinese (Big5)
10003MAC - Korean
10004MAC - Arabic
10005MAC - Hebrew
10006MAC - Greek I
10007MAC - Cyrillic
10008MAC - Simplified Chinese (GB 2312)
10010MAC - Romania
10017MAC - Ukraine
10021MAC - Thai
10029MAC - Latin II
10079MAC - Icelandic
10081MAC - Turkish
10082MAC - Croatia
12000Unicode UCS-4 Little-Endian
12001Unicode UCS-4 Big-Endian
20000CNS - Taiwan
20001TCA - Taiwan
20002Eten - Taiwan
20003IBM5550 - Taiwan
20004TeleText - Taiwan
20005Wang - Taiwan
20105IA5 IRV International Alphabet No. 5 (7-bit)
20106IA5 German (7-bit)
20107IA5 Swedish (7-bit)
20108IA5 Norwegian (7-bit)
20127US-ASCII (7-bit)
20261T.61
20269ISO 6937 Non-Spacing Accent
20273IBM EBCDIC - Germany
20277IBM EBCDIC - Denmark/Norway
20278IBM EBCDIC - Finland/Sweden
20280IBM EBCDIC - Italy
20284IBM EBCDIC - Latin America/Spain
20285IBM EBCDIC - United Kingdom
20290IBM EBCDIC - Japanese Katakana Extended
20297IBM EBCDIC - France
20420IBM EBCDIC - Arabic
20423IBM EBCDIC - Greek
20424IBM EBCDIC - Hebrew
20833IBM EBCDIC - Korean Extended
20838IBM EBCDIC - Thai
20866Russian - KOI8-R
20871IBM EBCDIC - Icelandic
20880IBM EBCDIC - Cyrillic (Russian)
20905IBM EBCDIC - Turkish
20924IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol)
20932JIS X 0208-1990 & 0121-1990
20936Simplified Chinese (GB2312)
21025IBM EBCDIC - Cyrillic (Serbian, Bulgarian)
21027Extended Alpha Lowercase
21866Ukrainian (KOI8-U)
28591ISO 8859-1 Latin I
28592ISO 8859-2 Central Europe
28593ISO 8859-3 Latin 3
28594ISO 8859-4 Baltic
28595ISO 8859-5 Cyrillic
28596ISO 8859-6 Arabic
28597ISO 8859-7 Greek
28598ISO 8859-8 Hebrew
28599ISO 8859-9 Latin 5
28605ISO 8859-15 Latin 9
29001Europa 3
38598ISO 8859-8 Hebrew
50220ISO 2022 Japanese with no halfwidth Katakana
50221ISO 2022 Japanese with halfwidth Katakana
50222ISO 2022 Japanese JIS X 0201-1989
50225ISO 2022 Korean
50227ISO 2022 Simplified Chinese
50229ISO 2022 Traditional Chinese
50930Japanese (Katakana) Extended
50931US/Canada and Japanese
50933Korean Extended and Korean
50935Simplified Chinese Extended and Simplified Chinese
50936Simplified Chinese
50937US/Canada and Traditional Chinese
50939Japanese (Latin) Extended and Japanese
51932EUC - Japanese
51936EUC - Simplified Chinese
51949EUC - Korean
51950EUC - Traditional Chinese
52936HZ-GB2312 Simplified Chinese
54936Windows XP: GB18030 Simplified Chinese (4 Byte)
57002ISCII Devanagari
57003ISCII Bengali
57004ISCII Tamil
57005ISCII Telugu
57006ISCII Assamese
57007ISCII Oriya
57008ISCII Kannada
57009ISCII Malayalam
57010ISCII Gujarati
57011ISCII Punjabi
65000Unicode UTF-7
65001Unicode UTF-8
The following is a list of valid code page identifiers for Mac OS only:
IdentifierName
1ASCII
2NEXTSTEP
3JapaneseEUC
4UTF8
5ISOLatin1
6Symbol
7NonLossyASCII
8ShiftJIS
9ISOLatin2
10Unicode
11WindowsCP1251
12WindowsCP1252
13WindowsCP1253
14WindowsCP1254
15WindowsCP1250
21ISO2022JP
30MacOSRoman
10UTF16String
0x90000100UTF16BigEndian
0x94000100UTF16LittleEndian
0x8c000100UTF32String
0x98000100UTF32BigEndian
0x9c000100UTF32LittleEndian
65536Proprietary

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g., RuntimeLicense, License File).
  • License Type: The type of license installed (e.g., Royalty Free, Single Server).
  • Last Valid Build: The last valid build number for which the license will work.
MaskSensitive:   Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to True to mask sensitive data. The default is True.

This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

ProcessIdleEvents:   Whether the class uses its internal event loop to process events when the main thread is idle.

If set to False, the class will not fire internal idle events. Set this to False to use the class in a background thread on Mac OS. By default, this setting is True.

SelectWaitMillis:   The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.

If there are no events to process when do_events is called, the class will wait for the amount of time specified here before returning. The default value is 20.

UseInternalSecurityAPI:   Whether or not to use the system security libraries or an internal implementation.

When set to False, the class will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this configuration setting to True tells the class to use the internal implementation instead of using the system security libraries.

On Windows, this setting is set to False by default. On Linux/macOS, this setting is set to True by default.

To use the system security libraries for Linux, OpenSSL support must be enabled. For more information on how to enable OpenSSL, please refer to the OpenSSL Notes section.

Salsa20 Errors

XSalsa20 Errors

101   Unsupported algorithm.
102   No Key specified.
103   No IV specified.
104   Cannot read or write file.
107   Block size is not valid for this algorithm.
108   Key size is not valid for this algorithm.
111   OutputFile already exists and Overwrite is False.
121   The specified key is invalid.
123   IV size is not valid for this algorithm.
304   Cannot write file.
305   Cannot read file.
306   Cannot create file.
2004   Invalid padding. This may be an indication that the key is incorrect.
130   Invalid number of rounds. The number of rounds used when algorithm is set to Salsa must be 8, 12, or 20.