RSA Control

Properties   Methods   Events   Config Settings   Errors  

Implements RSA public-key cryptography to encrypt/decrypt and sign/verify messages.

Syntax

RSA

Remarks

The RSA control implements RSA public-key cryptography to encrypt/decrypt messages and sign/verify hash signatures.

To begin you must either specify an existing key or create a new key. Existing private keys may be specified by setting Key. To create a new key call CreateKey. Alternatively an existing certificate may be specified by setting Certificate

Signing

To sign data first set Key or Certificate. Specify the input data using InputFile or InputMessage. Next call Sign. The control will populate HashValue and HashSignature. After calling Sign the public key must be sent to the recipient along with HashSignature.

Encrypting

To encrypt data set RecipientKey or RecipientCert. Specify the input data using InputFile or InputMessage. Next call Encrypt. The control will populate OutputMessage, or write to the file specified by OutputFile.

Signature Verification

To verify a signature specify the input data using InputFile or InputMessage. Set SignerKey or SignerCert. Next set HashSignature and call VerifySignature. The VerifySignature method will return True if the signature was successfully verified.

Decrypting

To decrypt data first set Key or Certificate. Specify the input data using InputFile or InputMessage. Next call Decrypt. The control will populate OutputMessage, or write to the file specified by OutputFile.

Input and Output Properties

The control will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• InputFile
• InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• OutputFile
• OutputMessage: The output data is written to this property if no other destination is specified.

RSA Keys

A RSA key is made up of a number of individual parameters.

The public key consists of the following parameters:

• KeyModulus
• KeyExponent

The control also includes the KeyPublicKey property which holds the PEM formatted public key for ease of use. This is helpful if you are in control of both sides of the encryption/signing and decryption/signature verification process. When sending the public key to a recipient note that not all implementations will support using the PEM formatted value in KeyPublicKey in which case the individual parameters must be sent.

The private key may be represented in one of two ways. Both are mathematically equivalent. Private key format 1:

• KeyModulus
• KeyP
• KeyQ
• KeyDP
• KeyDQ

Private key format 2 is simpler but has decreased performance when decrypting and signing. This format is:

• KeyModulus
• KeyD

The control also include the KeyPrivateKey property which holds the PEM formatted private key for ease of use. This is helpful for storing the private key more easily.

Property List

---

The following is the full list of the properties of the control with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the control with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the control with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the control with short descriptions. Click on the links for further details.

CertEffectiveDate Property (RSA Control)

The date on which this certificate becomes valid.

Syntax

rsacontrol.CertEffectiveDate

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

CertExpirationDate Property (RSA Control)

The date on which the certificate expires.

Syntax

rsacontrol.CertExpirationDate

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

CertExtendedKeyUsage Property (RSA Control)

A comma-delimited list of extended key usage identifiers.

Syntax

rsacontrol.CertExtendedKeyUsage

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

CertFingerprint Property (RSA Control)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

rsacontrol.CertFingerprint

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

CertFingerprintSHA1 Property (RSA Control)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

rsacontrol.CertFingerprintSHA1

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

CertFingerprintSHA256 Property (RSA Control)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

rsacontrol.CertFingerprintSHA256

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

CertIssuer Property (RSA Control)

The issuer of the certificate.

Syntax

rsacontrol.CertIssuer

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

CertPrivateKey Property (RSA Control)

The private key of the certificate (if available).

Syntax

rsacontrol.CertPrivateKey

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The CertPrivateKey may be available but not exportable. In this case, CertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

CertPrivateKeyAvailable Property (RSA Control)

Whether a PrivateKey is available for the selected certificate.

Syntax

rsacontrol.CertPrivateKeyAvailable

Default Value

False

Remarks

Whether a CertPrivateKey is available for the selected certificate. If CertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

CertPrivateKeyContainer Property (RSA Control)

The name of the PrivateKey container for the certificate (if available).

Syntax

rsacontrol.CertPrivateKeyContainer

Default Value

""

Remarks

The name of the CertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

CertPublicKey Property (RSA Control)

The public key of the certificate.

Syntax

rsacontrol.CertPublicKey

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

CertPublicKeyAlgorithm Property (RSA Control)

The textual description of the certificate's public key algorithm.

Syntax

rsacontrol.CertPublicKeyAlgorithm

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

CertPublicKeyLength Property (RSA Control)

The length of the certificate's public key (in bits).

Syntax

rsacontrol.CertPublicKeyLength

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

CertSerialNumber Property (RSA Control)

The serial number of the certificate encoded as a string.

Syntax

rsacontrol.CertSerialNumber

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

CertSignatureAlgorithm Property (RSA Control)

The text description of the certificate's signature algorithm.

Syntax

rsacontrol.CertSignatureAlgorithm

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

CertStore Property (RSA Control)

The name of the certificate store for the client certificate.

Syntax

rsacontrol.CertStore[=string]

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The CertStoreType property denotes the type of the certificate store specified by CertStore. If the store is password-protected, specify the password in CertStorePassword.

CertStore is used in conjunction with the CertSubject property to specify client certificates. If CertStore has a value, and CertSubject or CertEncoded is set, a search for a certificate is initiated. Please see the CertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

To read or write binary data to the property, a Variant (Byte Array) version is provided in .CertStoreB.

Data Type

Binary String

CertStorePassword Property (RSA Control)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

rsacontrol.CertStorePassword[=string]

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

CertStoreType Property (RSA Control)

The type of certificate store for this certificate.

Syntax

rsacontrol.CertStoreType[=integer]

Possible Values

cstUser(0), 
cstMachine(1), 
cstPFXFile(2), 
cstPFXBlob(3), 
cstJKSFile(4), 
cstJKSBlob(5), 
cstPEMKeyFile(6), 
cstPEMKeyBlob(7), 
cstPublicKeyFile(8), 
cstPublicKeyBlob(9), 
cstSSHPublicKeyBlob(10), 
cstP7BFile(11), 
cstP7BBlob(12), 
cstSSHPublicKeyFile(13), 
cstPPKFile(14), 
cstPPKBlob(15), 
cstXMLFile(16), 
cstXMLBlob(17), 
cstJWKFile(18), 
cstJWKBlob(19), 
cstSecurityKey(20), 
cstBCFKSFile(21), 
cstBCFKSBlob(22), 
cstPKCS11(23), 
cstAuto(99)

Default Value

0

Remarks

The type of certificate store for this certificate.

The control supports both public and private keys in a variety of formats. When the cstAuto value is used, the control will automatically determine the type. This property can take one of the following values:

Data Type

Integer

CertSubjectAltNames Property (RSA Control)

Comma-separated lists of alternative subject names for the certificate.

Syntax

rsacontrol.CertSubjectAltNames

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

CertThumbprintMD5 Property (RSA Control)

The MD5 hash of the certificate.

Syntax

rsacontrol.CertThumbprintMD5

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

CertThumbprintSHA1 Property (RSA Control)

The SHA-1 hash of the certificate.

Syntax

rsacontrol.CertThumbprintSHA1

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

CertThumbprintSHA256 Property (RSA Control)

The SHA-256 hash of the certificate.

Syntax

rsacontrol.CertThumbprintSHA256

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

CertUsage Property (RSA Control)

The text description of UsageFlags .

Syntax

rsacontrol.CertUsage

Default Value

""

Remarks

The text description of CertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

CertUsageFlags Property (RSA Control)

The flags that show intended use for the certificate.

Syntax

rsacontrol.CertUsageFlags

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of CertUsageFlags is a combination of the following flags:

Please see the CertUsage property for a text representation of CertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

CertVersion Property (RSA Control)

The certificate's version number.

Syntax

rsacontrol.CertVersion

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

CertSubject Property (RSA Control)

The subject of the certificate used for client authentication.

Syntax

rsacontrol.CertSubject[=string]

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

CertEncoded Property (RSA Control)

The certificate (PEM/Base64 encoded).

Syntax

rsacontrol.CertEncoded[=string]

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The CertStore and CertSubject properties also may be used to specify a certificate.

When CertEncoded is set, a search is initiated in the current CertStore for the private key of the certificate. If the key is found, CertSubject is updated to reflect the full subject of the selected certificate; otherwise, CertSubject is set to an empty string.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .CertEncodedB.

This property is not available at design time.

Data Type

Binary String

HashAlgorithm Property (RSA Control)

The hash algorithm used for signing and signature verification.

Syntax

rsacontrol.HashAlgorithm[=integer]

Possible Values

rhaSHA1(0), 
rhaSHA224(1), 
rhaSHA256(2), 
rhaSHA384(3), 
rhaSHA512(4), 
rhaRIPEMD160(5), 
rhaMD2(6), 
rhaMD5(7), 
rhaMD5SHA1(8)

Default Value

2

Remarks

This property specifies the hash algorithm used for signing and signature verification. Possible values are:

Data Type

Integer

HashSignature Property (RSA Control)

The hash signature.

Syntax

rsacontrol.HashSignature[=string]

Default Value

""

Remarks

This property holds the computed hash signature. This is populated after calling Sign. This must be set before calling VerifySignature.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .HashSignatureB.

Data Type

Binary String

HashValue Property (RSA Control)

The hash value of the data.

Syntax

rsacontrol.HashValue[=string]

Default Value

""

Remarks

This property holds the computed hash value for the specified data. This is populated when calling Sign or VerifySignature when an input file is specified by setting InputFile or InputMessage.

If you know the hash value prior to using the control you may specify the pre-computed hash value here.

Hash Notes

The control will determine whether or not to recompute the hash based on the properties that are set. If a file is specified by InputFile or InputMessage, the hash will be recomputed when calling Sign or VerifySignature. If the HashValue property is set, the control will only sign the hash or verify the hash signature. Setting InputFile or InputMessage clears the HashValue property. Setting the HashValue property clears the input file selection.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .HashValueB.

Data Type

Binary String

InputFile Property (RSA Control)

The file to process.

Syntax

rsacontrol.InputFile[=string]

Default Value

""

Remarks

This property specifies the file to be processed. Set this property to the full or relative path to the file which will be processed.

Input and Output Properties

The control will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• InputFile
• InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• OutputFile
• OutputMessage: The output data is written to this property if no other destination is specified.

Data Type

String

InputMessage Property (RSA Control)

The message to process.

Syntax

rsacontrol.InputMessage[=string]

Default Value

""

Remarks

This property specifies the message to be processed.

Input and Output Properties

The control will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• InputFile
• InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• OutputFile
• OutputMessage: The output data is written to this property if no other destination is specified.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .InputMessageB.

Data Type

Binary String

KeyD Property (RSA Control)

Represents the D parameter for the RSA algorithm.

Syntax

rsacontrol.KeyD[=string]

Default Value

""

Remarks

Represents the D parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .KeyDB.

Data Type

Binary String

KeyDP Property (RSA Control)

Represents the DP parameter for the RSA algorithm.

Syntax

rsacontrol.KeyDP[=string]

Default Value

""

Remarks

Represents the DP parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .KeyDPB.

Data Type

Binary String

KeyDQ Property (RSA Control)

Represents the DQ parameter for the RSA algorithm.

Syntax

rsacontrol.KeyDQ[=string]

Default Value

""

Remarks

Represents the DQ parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .KeyDQB.

Data Type

Binary String

KeyExponent Property (RSA Control)

Represents the Exponent parameter for the RSA algorithm.

Syntax

rsacontrol.KeyExponent[=string]

Default Value

""

Remarks

Represents the Exponent parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .KeyExponentB.

Data Type

Binary String

KeyInverseQ Property (RSA Control)

Represents the InverseQ parameter for the RSA algorithm.

Syntax

rsacontrol.KeyInverseQ[=string]

Default Value

""

Remarks

Represents the InverseQ parameter for the RSA algorithm. This parameter is optional and is automatically calculated as necessary.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .KeyInverseQB.

Data Type

Binary String

KeyModulus Property (RSA Control)

Represents the Modulus parameter for the RSA algorithm.

Syntax

rsacontrol.KeyModulus[=string]

Default Value

""

Remarks

Represents the Modulus parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .KeyModulusB.

Data Type

Binary String

KeyP Property (RSA Control)

Represents the P parameter for the RSA algorithm.

Syntax

rsacontrol.KeyP[=string]

Default Value

""

Remarks

Represents the P parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .KeyPB.

Data Type

Binary String

KeyPrivateKey Property (RSA Control)

This property is a PEM formatted private key.

Syntax

rsacontrol.KeyPrivateKey[=string]

Default Value

""

Remarks

This property is a PEM formatted private key. The purpose of this property is to allow easier management of the private key parameters by using only a single value.

Data Type

String

KeyPublicKey Property (RSA Control)

This property is a PEM formatted public key.

Syntax

rsacontrol.KeyPublicKey[=string]

Default Value

""

Remarks

This property is a PEM formatted public key. The purpose of this property is to allow easier management of the public key parameters by using only a single value.

Data Type

String

KeyQ Property (RSA Control)

Represents the Q parameter for the RSA algorithm.

Syntax

rsacontrol.KeyQ[=string]

Default Value

""

Remarks

Represents the Q parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .KeyQB.

Data Type

Binary String

OutputFile Property (RSA Control)

The output file when encrypting or decrypting.

Syntax

rsacontrol.OutputFile[=string]

Default Value

""

Remarks

This property specifies the file to which the output will be written when Encrypt or Decrypt is called. This may be set to an absolute or relative path.

This property is only applicable to Encrypt and Decrypt.

Input and Output Properties

The control will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• InputFile
• InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• OutputFile
• OutputMessage: The output data is written to this property if no other destination is specified.

Data Type

String

OutputMessage Property (RSA Control)

The output message after processing.

Syntax

rsacontrol.OutputMessage

Default Value

""

Remarks

This property will be populated with the output from the operation if OutputFile is not set.

Input and Output Properties

The control will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• InputFile
• InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• OutputFile
• OutputMessage: The output data is written to this property if no other destination is specified.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .OutputMessageB.

This property is read-only and not available at design time.

Data Type

Binary String

Overwrite Property (RSA Control)

Indicates whether or not the control should overwrite files.

Syntax

rsacontrol.Overwrite[=boolean]

Default Value

False

Remarks

This property indicates whether or not the control will overwrite OutputFile. If Overwrite is False, an error will be thrown whenever OutputFile exists before an operation. The default value is False.

Data Type

Boolean

RecipientCertEffectiveDate Property (RSA Control)

The date on which this certificate becomes valid.

Syntax

rsacontrol.RecipientCertEffectiveDate

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

RecipientCertExpirationDate Property (RSA Control)

The date on which the certificate expires.

Syntax

rsacontrol.RecipientCertExpirationDate

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

RecipientCertExtendedKeyUsage Property (RSA Control)

A comma-delimited list of extended key usage identifiers.

Syntax

rsacontrol.RecipientCertExtendedKeyUsage

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

RecipientCertFingerprint Property (RSA Control)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

rsacontrol.RecipientCertFingerprint

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

RecipientCertFingerprintSHA1 Property (RSA Control)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

rsacontrol.RecipientCertFingerprintSHA1

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

RecipientCertFingerprintSHA256 Property (RSA Control)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

rsacontrol.RecipientCertFingerprintSHA256

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

RecipientCertIssuer Property (RSA Control)

The issuer of the certificate.

Syntax

rsacontrol.RecipientCertIssuer

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

RecipientCertPrivateKey Property (RSA Control)

The private key of the certificate (if available).

Syntax

rsacontrol.RecipientCertPrivateKey

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The RecipientCertPrivateKey may be available but not exportable. In this case, RecipientCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

RecipientCertPrivateKeyAvailable Property (RSA Control)

Whether a PrivateKey is available for the selected certificate.

Syntax

rsacontrol.RecipientCertPrivateKeyAvailable

Default Value

False

Remarks

Whether a RecipientCertPrivateKey is available for the selected certificate. If RecipientCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

RecipientCertPrivateKeyContainer Property (RSA Control)

The name of the PrivateKey container for the certificate (if available).

Syntax

rsacontrol.RecipientCertPrivateKeyContainer

Default Value

""

Remarks

The name of the RecipientCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

RecipientCertPublicKey Property (RSA Control)

The public key of the certificate.

Syntax

rsacontrol.RecipientCertPublicKey

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

RecipientCertPublicKeyAlgorithm Property (RSA Control)

The textual description of the certificate's public key algorithm.

Syntax

rsacontrol.RecipientCertPublicKeyAlgorithm

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

RecipientCertPublicKeyLength Property (RSA Control)

The length of the certificate's public key (in bits).

Syntax

rsacontrol.RecipientCertPublicKeyLength

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

RecipientCertSerialNumber Property (RSA Control)

The serial number of the certificate encoded as a string.

Syntax

rsacontrol.RecipientCertSerialNumber

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

RecipientCertSignatureAlgorithm Property (RSA Control)

The text description of the certificate's signature algorithm.

Syntax

rsacontrol.RecipientCertSignatureAlgorithm

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

RecipientCertStore Property (RSA Control)

The name of the certificate store for the client certificate.

Syntax

rsacontrol.RecipientCertStore[=string]

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The RecipientCertStoreType property denotes the type of the certificate store specified by RecipientCertStore. If the store is password-protected, specify the password in RecipientCertStorePassword.

RecipientCertStore is used in conjunction with the RecipientCertSubject property to specify client certificates. If RecipientCertStore has a value, and RecipientCertSubject or RecipientCertEncoded is set, a search for a certificate is initiated. Please see the RecipientCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

To read or write binary data to the property, a Variant (Byte Array) version is provided in .RecipientCertStoreB.

Data Type

Binary String

RecipientCertStorePassword Property (RSA Control)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

rsacontrol.RecipientCertStorePassword[=string]

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

RecipientCertStoreType Property (RSA Control)

The type of certificate store for this certificate.

Syntax

rsacontrol.RecipientCertStoreType[=integer]

Possible Values

cstUser(0), 
cstMachine(1), 
cstPFXFile(2), 
cstPFXBlob(3), 
cstJKSFile(4), 
cstJKSBlob(5), 
cstPEMKeyFile(6), 
cstPEMKeyBlob(7), 
cstPublicKeyFile(8), 
cstPublicKeyBlob(9), 
cstSSHPublicKeyBlob(10), 
cstP7BFile(11), 
cstP7BBlob(12), 
cstSSHPublicKeyFile(13), 
cstPPKFile(14), 
cstPPKBlob(15), 
cstXMLFile(16), 
cstXMLBlob(17), 
cstJWKFile(18), 
cstJWKBlob(19), 
cstSecurityKey(20), 
cstBCFKSFile(21), 
cstBCFKSBlob(22), 
cstPKCS11(23), 
cstAuto(99)

Default Value

0

Remarks

The type of certificate store for this certificate.

The control supports both public and private keys in a variety of formats. When the cstAuto value is used, the control will automatically determine the type. This property can take one of the following values:

Data Type

Integer

RecipientCertSubjectAltNames Property (RSA Control)

Comma-separated lists of alternative subject names for the certificate.

Syntax

rsacontrol.RecipientCertSubjectAltNames

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

RecipientCertThumbprintMD5 Property (RSA Control)

The MD5 hash of the certificate.

Syntax

rsacontrol.RecipientCertThumbprintMD5

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

RecipientCertThumbprintSHA1 Property (RSA Control)

The SHA-1 hash of the certificate.

Syntax

rsacontrol.RecipientCertThumbprintSHA1

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

RecipientCertThumbprintSHA256 Property (RSA Control)

The SHA-256 hash of the certificate.

Syntax

rsacontrol.RecipientCertThumbprintSHA256

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

RecipientCertUsage Property (RSA Control)

The text description of UsageFlags .

Syntax

rsacontrol.RecipientCertUsage

Default Value

""

Remarks

The text description of RecipientCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

RecipientCertUsageFlags Property (RSA Control)

The flags that show intended use for the certificate.

Syntax

rsacontrol.RecipientCertUsageFlags

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of RecipientCertUsageFlags is a combination of the following flags:

Please see the RecipientCertUsage property for a text representation of RecipientCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

RecipientCertVersion Property (RSA Control)

The certificate's version number.

Syntax

rsacontrol.RecipientCertVersion

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

RecipientCertSubject Property (RSA Control)

The subject of the certificate used for client authentication.

Syntax

rsacontrol.RecipientCertSubject[=string]

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

RecipientCertEncoded Property (RSA Control)

The certificate (PEM/Base64 encoded).

Syntax

rsacontrol.RecipientCertEncoded[=string]

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The RecipientCertStore and RecipientCertSubject properties also may be used to specify a certificate.

When RecipientCertEncoded is set, a search is initiated in the current RecipientCertStore for the private key of the certificate. If the key is found, RecipientCertSubject is updated to reflect the full subject of the selected certificate; otherwise, RecipientCertSubject is set to an empty string.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .RecipientCertEncodedB.

This property is not available at design time.

Data Type

Binary String

RecipientKeyExponent Property (RSA Control)

Represents the Exponent parameter for the RSA algorithm.

Syntax

rsacontrol.RecipientKeyExponent[=string]

Default Value

""

Remarks

Represents the Exponent parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .RecipientKeyExponentB.

Data Type

Binary String

RecipientKeyModulus Property (RSA Control)

Represents the Modulus parameter for the RSA algorithm.

Syntax

rsacontrol.RecipientKeyModulus[=string]

Default Value

""

Remarks

Represents the Modulus parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .RecipientKeyModulusB.

Data Type

Binary String

RecipientKeyPublicKey Property (RSA Control)

This property is a PEM formatted public key.

Syntax

rsacontrol.RecipientKeyPublicKey[=string]

Default Value

""

Remarks

This property is a PEM formatted public key. The purpose of this property is to allow easier management of the public key parameters by using only a single value.

Data Type

String

SignerCertEffectiveDate Property (RSA Control)

The date on which this certificate becomes valid.

Syntax

rsacontrol.SignerCertEffectiveDate

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SignerCertExpirationDate Property (RSA Control)

The date on which the certificate expires.

Syntax

rsacontrol.SignerCertExpirationDate

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SignerCertExtendedKeyUsage Property (RSA Control)

A comma-delimited list of extended key usage identifiers.

Syntax

rsacontrol.SignerCertExtendedKeyUsage

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SignerCertFingerprint Property (RSA Control)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

rsacontrol.SignerCertFingerprint

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SignerCertFingerprintSHA1 Property (RSA Control)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

rsacontrol.SignerCertFingerprintSHA1

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SignerCertFingerprintSHA256 Property (RSA Control)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

rsacontrol.SignerCertFingerprintSHA256

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SignerCertIssuer Property (RSA Control)

The issuer of the certificate.

Syntax

rsacontrol.SignerCertIssuer

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SignerCertPrivateKey Property (RSA Control)

The private key of the certificate (if available).

Syntax

rsacontrol.SignerCertPrivateKey

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SignerCertPrivateKey may be available but not exportable. In this case, SignerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SignerCertPrivateKeyAvailable Property (RSA Control)

Whether a PrivateKey is available for the selected certificate.

Syntax

rsacontrol.SignerCertPrivateKeyAvailable

Default Value

False

Remarks

Whether a SignerCertPrivateKey is available for the selected certificate. If SignerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SignerCertPrivateKeyContainer Property (RSA Control)

The name of the PrivateKey container for the certificate (if available).

Syntax

rsacontrol.SignerCertPrivateKeyContainer

Default Value

""

Remarks

The name of the SignerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SignerCertPublicKey Property (RSA Control)

The public key of the certificate.

Syntax

rsacontrol.SignerCertPublicKey

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SignerCertPublicKeyAlgorithm Property (RSA Control)

The textual description of the certificate's public key algorithm.

Syntax

rsacontrol.SignerCertPublicKeyAlgorithm

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SignerCertPublicKeyLength Property (RSA Control)

The length of the certificate's public key (in bits).

Syntax

rsacontrol.SignerCertPublicKeyLength

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SignerCertSerialNumber Property (RSA Control)

The serial number of the certificate encoded as a string.

Syntax

rsacontrol.SignerCertSerialNumber

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SignerCertSignatureAlgorithm Property (RSA Control)

The text description of the certificate's signature algorithm.

Syntax

rsacontrol.SignerCertSignatureAlgorithm

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SignerCertStore Property (RSA Control)

The name of the certificate store for the client certificate.

Syntax

rsacontrol.SignerCertStore[=string]

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The SignerCertStoreType property denotes the type of the certificate store specified by SignerCertStore. If the store is password-protected, specify the password in SignerCertStorePassword.

SignerCertStore is used in conjunction with the SignerCertSubject property to specify client certificates. If SignerCertStore has a value, and SignerCertSubject or SignerCertEncoded is set, a search for a certificate is initiated. Please see the SignerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SignerCertStoreB.

Data Type

Binary String

SignerCertStorePassword Property (RSA Control)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

rsacontrol.SignerCertStorePassword[=string]

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SignerCertStoreType Property (RSA Control)

The type of certificate store for this certificate.

Syntax

rsacontrol.SignerCertStoreType[=integer]

Possible Values

cstUser(0), 
cstMachine(1), 
cstPFXFile(2), 
cstPFXBlob(3), 
cstJKSFile(4), 
cstJKSBlob(5), 
cstPEMKeyFile(6), 
cstPEMKeyBlob(7), 
cstPublicKeyFile(8), 
cstPublicKeyBlob(9), 
cstSSHPublicKeyBlob(10), 
cstP7BFile(11), 
cstP7BBlob(12), 
cstSSHPublicKeyFile(13), 
cstPPKFile(14), 
cstPPKBlob(15), 
cstXMLFile(16), 
cstXMLBlob(17), 
cstJWKFile(18), 
cstJWKBlob(19), 
cstSecurityKey(20), 
cstBCFKSFile(21), 
cstBCFKSBlob(22), 
cstPKCS11(23), 
cstAuto(99)

Default Value

0

Remarks

The type of certificate store for this certificate.

The control supports both public and private keys in a variety of formats. When the cstAuto value is used, the control will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SignerCertSubjectAltNames Property (RSA Control)

Comma-separated lists of alternative subject names for the certificate.

Syntax

rsacontrol.SignerCertSubjectAltNames

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SignerCertThumbprintMD5 Property (RSA Control)

The MD5 hash of the certificate.

Syntax

rsacontrol.SignerCertThumbprintMD5

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SignerCertThumbprintSHA1 Property (RSA Control)

The SHA-1 hash of the certificate.

Syntax

rsacontrol.SignerCertThumbprintSHA1

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SignerCertThumbprintSHA256 Property (RSA Control)

The SHA-256 hash of the certificate.

Syntax

rsacontrol.SignerCertThumbprintSHA256

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SignerCertUsage Property (RSA Control)

The text description of UsageFlags .

Syntax

rsacontrol.SignerCertUsage

Default Value

""

Remarks

The text description of SignerCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SignerCertUsageFlags Property (RSA Control)

The flags that show intended use for the certificate.

Syntax

rsacontrol.SignerCertUsageFlags

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SignerCertUsageFlags is a combination of the following flags:

Please see the SignerCertUsage property for a text representation of SignerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SignerCertVersion Property (RSA Control)

The certificate's version number.

Syntax

rsacontrol.SignerCertVersion

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SignerCertSubject Property (RSA Control)

The subject of the certificate used for client authentication.

Syntax

rsacontrol.SignerCertSubject[=string]

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SignerCertEncoded Property (RSA Control)

The certificate (PEM/Base64 encoded).

Syntax

rsacontrol.SignerCertEncoded[=string]

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SignerCertStore and SignerCertSubject properties also may be used to specify a certificate.

When SignerCertEncoded is set, a search is initiated in the current SignerCertStore for the private key of the certificate. If the key is found, SignerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SignerCertSubject is set to an empty string.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SignerCertEncodedB.

This property is not available at design time.

Data Type

Binary String

SignerKeyExponent Property (RSA Control)

Represents the Exponent parameter for the RSA algorithm.

Syntax

rsacontrol.SignerKeyExponent[=string]

Default Value

""

Remarks

Represents the Exponent parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SignerKeyExponentB.

Data Type

Binary String

SignerKeyModulus Property (RSA Control)

Represents the Modulus parameter for the RSA algorithm.

Syntax

rsacontrol.SignerKeyModulus[=string]

Default Value

""

Remarks

Represents the Modulus parameter for the RSA algorithm.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SignerKeyModulusB.

Data Type

Binary String

SignerKeyPublicKey Property (RSA Control)

This property is a PEM formatted public key.

Syntax

rsacontrol.SignerKeyPublicKey[=string]

Default Value

""

Remarks

This property is a PEM formatted public key. The purpose of this property is to allow easier management of the public key parameters by using only a single value.

Data Type

String

UseHex Property (RSA Control)

Whether input or output is hex encoded.

Syntax

rsacontrol.UseHex[=boolean]

Default Value

False

Remarks

This property specifies whether the encrypted data, HashValue, and HashSignature are hex encoded.

If set to True, when Encrypt is called the control will perform the encryption as normal and then hex encode the output. OutputMessage or OutputFile will hold hex encoded data.

If set to True, when Decrypt is called the control will expect InputMessage or InputFile to hold hex encoded data. The control will then hex decode the data and perform decryption as normal.

If set to True, when Sign is called the control will compute the hash for the specified file and populate HashValue with the hex encoded hash value. It will then create the hash signature and populate HashSignature with the hex encoded hash signature value. If HashValue is specified directly, it must be a hex encoded value.

If set to True, when VerifySignature is called the control will compute the hash value for the specified file and populate HashValue with the hex encoded hash value. It will then hex decode HashSignature and verify the signature. HashSignature must hold a hex encoded value. If HashValue is specified directly, it must be a hex encoded value.

Data Type

Boolean

UseOAEP Property (RSA Control)

Whether to use Optimal Asymmetric Encryption Padding (OAEP).

Syntax

rsacontrol.UseOAEP[=boolean]

Default Value

False

Remarks

Whether to use Optimal Asymmetric Encryption Padding (OAEP). By default this value is False and the control will use PKCS1.

Note: When set to True the HashAlgorithm is also applicable when calling Encrypt and Decrypt.

Data Type

Boolean

UsePSS Property (RSA Control)

Whether to use RSA-PSS during signing and verification.

Syntax

rsacontrol.UsePSS[=boolean]

Default Value

False

Remarks

This property specifies whether RSA-PSS will be used when signing and verifying messages. The default value is False.

Data Type

Boolean

Config Method (RSA Control)

Sets or retrieves a configuration setting.

Syntax

rsacontrol.Config ConfigurationString

Remarks

Config is a generic method available in every control. It is used to set and retrieve configuration settings for the control.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the control, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreateKey Method (RSA Control)

Creates a new key.

Syntax

rsacontrol.CreateKey 

Remarks

This method creates a new public and private key.

When calling CreateKey the Key property is populated with a new private and public key.

RSA Keys

A RSA key is made up of a number of individual parameters.

The public key consists of the following parameters:

• KeyModulus
• KeyExponent

The control also includes the KeyPublicKey property which holds the PEM formatted public key for ease of use. This is helpful if you are in control of both sides of the encryption/signing and decryption/signature verification process. When sending the public key to a recipient note that not all implementations will support using the PEM formatted value in KeyPublicKey in which case the individual parameters must be sent.

The private key may be represented in one of two ways. Both are mathematically equivalent. Private key format 1:

• KeyModulus
• KeyP
• KeyQ
• KeyDP
• KeyDQ

Private key format 2 is simpler but has decreased performance when decrypting and signing. This format is:

• KeyModulus
• KeyD

The control also include the KeyPrivateKey property which holds the PEM formatted private key for ease of use. This is helpful for storing the private key more easily.

Decrypt Method (RSA Control)

Decrypts the input data using the specified private key.

Syntax

rsacontrol.Decrypt 

Remarks

This method decrypts the input data using the private key specified in Key. Alternatively, a certificate may be specified by setting Certificate.

Input and Output Properties

The control will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• InputFile
• InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• OutputFile
• OutputMessage: The output data is written to this property if no other destination is specified.

Key Size and the Maximum Length of Data

RSA has an upper limit to the amount of data that can be encrypted or decrypted, also known as message length. This can typically be calculated as the size of the key minus the size of the RSA header and padding.

When not using OAEP, the following formula and table can be referenced. (RSA Key Bytes) - (Header Bytes) = Length of data, where Header Bytes is always 11.

When using OAEP, the following formula and table can be referenced. (RSA Key Bytes) - (2 * Hash Length Bytes) - 2 = Length of data. The table below assumes SHA-256 for the hash, so Hash Length Bytes is 32.

Encrypt Method (RSA Control)

Encrypts the input data using the recipient's public key.

Syntax

rsacontrol.Encrypt 

Remarks

This method encrypts the input data using the public key specified in RecipientKey. Alternatively, a certificate may be specified by setting RecipientCert.

Input and Output Properties

The control will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• InputFile
• InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• OutputFile
• OutputMessage: The output data is written to this property if no other destination is specified.

Key Size and the Maximum Length of Data

RSA has an upper limit to the amount of data that can be encrypted or decrypted, also known as message length. This can typically be calculated as the size of the key minus the size of the RSA header and padding.

When not using OAEP, the following formula and table can be referenced. (RSA Key Bytes) - (Header Bytes) = Length of data, where Header Bytes is always 11.

When using OAEP, the following formula and table can be referenced. (RSA Key Bytes) - (2 * Hash Length Bytes) - 2 = Length of data. The table below assumes SHA-256 for the hash, so Hash Length Bytes is 32.

Reset Method (RSA Control)

Resets the control.

Syntax

rsacontrol.Reset 

Remarks

When called, the control will reset all of its properties to their default values.

Sign Method (RSA Control)

Creates a hash signature.

Syntax

rsacontrol.Sign 

Remarks

This method will create a hash signature.

Before calling this method specify the input file by setting InputFile or InputMessage.

A key is required to create the hash signature. You may create a new key by calling CreateKey, or specify an existing key pair in Key. Alternatively, a certificate may be specified by setting Certificate. When this method is called the control will compute the hash for the specified file and populate HashValue. It will then create the hash signature using the specified Key and populate HashSignature.

To create the hash signature without first computing the hash simply specify HashValue before calling this method.

The Progress event will fire with updates for the hash computation progress only. The hash signature creation process is quick and does not require progress updates.

VerifySignature Method (RSA Control)

Verifies the signature for the specified data.

Syntax

rsacontrol.VerifySignature 

Remarks

This method will verify a hash signature.

Before calling this method specify the input file by setting InputFile or InputMessage.

A public key and the hash signature are required to perform the signature verification. Specify the public key in SignerKey. Alternatively, a certificate may be specified by setting SignerCert. Specify the hash signature in HashSignature.

When this method is called the control will compute the hash for the specified file and populate HashValue. It will verify the signature using the specified SignerKey and HashSignature.

To verify the hash signature without first computing the hash simply specify HashValue before calling this method.

The Progress event will fire with updates for the hash computation progress only. The hash signature verification process is quick and does not require progress updates.

Error Event (RSA Control)

Fired when information is available about errors during data delivery.

Syntax

Sub rsacontrol_Error(ErrorCode As Integer, Description As String)

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the control fails with an error.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Progress Event (RSA Control)

Fired as progress is made.

Syntax

Sub rsacontrol_Progress(BytesProcessed As Long64, PercentProcessed As Integer)

Remarks

This event is fired automatically as data is processed by the control.

The PercentProcessed parameter indicates the current status of the operation.

The BytesProcessed parameter holds the total number of bytes processed so far.

Config Settings (RSA Control)

The control accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the control, access to these internal properties is provided through the Config method.

RSA Config Settings

Base Config Settings

Trappable Errors (RSA Control)

RSA Errors