AESFile Component

Properties Methods Events Config Settings Errors

The AESFile component implements the AESF file format and uses the XTS-AES standard with 256-bit encryption.

Syntax

nsoftware.IPWorksEncrypt.AESFile

Remarks

The AESFile component provides robust encryption capabilities to securely store and retrieve data using XTS-AES 256-bit encryption. This component implements the AESF file format, enabling developers to encrypt arbitrary data and serialize it in a standardized manner.

The first step in using the component is to set Password property. Specify the input data using InputFile or InputMessage. Next, call Encrypt and the component will encrypt the input data and populate OutputMessage, or write to the file specified by OutputFile with the result.

To change the password of existing file encrypted in AESF format, or to encrypt a file under a different password call ChangePassword. To decrypt data, first set Password property. Specify the input data using InputFile or InputMessage. Next, call Decrypt and the component will compute the plaintext and populate OutputMessage or write to OutputFile with the result.

AES File Format

The AES file format used by AES Drive is documented below in detail. All algorithms used by AES Drive are standards and publicly documented.

Each encrypted file consists of a header and the encrypted contents. The header is 144 bytes in length and contains the AES file format version, a checksum of the header bytes, and the encrypted file-specific key and padding length. The original file data is encrypted using XTS-AES with file-specific keys that are derived from a master key for the drive.

4 bytes [0-3] AESF. This is a file signature value which indicates the file is formatted according to this specification.

1 byte [4] 0x01. This is the file format version. This documentation defines the format for version 1.

2 bytes [5-6] Build number of the application used to create the file. These two bytes represent a 16-bit integer holding the build number of AES Drive that created the file. This field is informational only. Byte 5 holds the high-order bits and byte 6 holds the low-order bits. To decode these bytes into the build number the following code may be used: int buildNumber = headerBytes[5] << 8 | headerBytes[6];

5 bytes [7-11] 0x00. Reserved for future use.

4 bytes [12-15]

CRC32 checksum. The CRC32 checksum is calculated by first replacing these 4 bytes with 0x00 then computing the checksum over the 144 byte header. The resulting numeric value is converted into 4 bytes using the operation:

byte[] CRC32Bytes = new byte[4]; for (int i = 0; i < 4; i++) CRC32Bytes[i] = (byte)((CRC32Bytes >> (24 - 8 * i)) & 0xff);

16 bytes [16-31] Global salt value. The global salt value is a random value created when the drive is created and used when encrypting newly created files within the drive. It is used when deriving the key to decrypt the encrypted header portion. See the section below for details about the encrypted header portion.

16 bytes [32-47] File-specific salt value. The file-specific salt value is a random value created when the file is created. It is used when deriving the key to decrypt the encrypted header portion. See the section below for details about the encrypted header portion.

80 bytes [48-127]

AES-GCM encrypted header portion. The steps to derive the key to decrypt the encrypted header portion are as follows:

First use PBKDF2 with the following settings:
- HMACSHA512 algorithm
- 50,000 iterations
- Salt is the 16 byte global salt value read from the header
- Password is the original encryption password
- Derived key length of 32 bytes
Combine the 16 byte file-specific salt with the 32 byte derived key to obtain a byte array of length 48. The first 16 bytes are the file-specific salt read from the file header. The last 32 bytes are the value derived from the PBKDF process above.
Compute the SHA512 hash over the 48 byte value from the above step.
The first 32 bytes of the hashed bytes are the AES-GCM key. The next 12 bytes are the AES-GCM IV. The remaining 20 bytes are unused.

The derived Key and IV are used together with the AES-GCM Auth Tag which are the last 16 bytes of the 144 byte header to AES-GCM decrypt the 80 byte encrypted header portion. The decrypted header portion contains:


2 bytes	Padding length. The padding length is represented in Big Endian and may be converted from bytes to an integer using the following operation: `PaddingLen = (decryptedHeaderBytes[0] << 8) + decryptedHeaderBytes[1];`
14 bytes	`0x00`. Reserved. These bytes are all defined as 0x00.
64 bytes	File-specific XTS-AES 256 encryption keys.

16 bytes [128-143] AES-GCM auth tag. This auth tag is used when decrypting the previous 80 byte encrypted header portion.

nn bytes The XTS-AES 256 encrypted file content. The data unit size is 512 bytes. The first 32 bytes of the file-specific encryption key from the decrypted header is the first key. The last 32 bytes of the file-specific encryption key from the decrypted header is the second key.

512 bytes

The last 512 bytes of the encrypted file contain encrypted padding bytes and additional unencrypted random bytes.

When encrypting, the last plaintext block of data may be padded with random bytes as needed to reach 512 bytes in length (the data unit size). The padding length is encrypted and stored in the encrypted header portion. Once the data is encrypted additional random bytes are appended to the end of the encrypted file so that the padding bytes plus additional random bytes together are 512 bytes in length.

For instance if the padding is 100 bytes in length, then 412 additional bytes will be appended to the encrypted data to reach a total of 512 bytes. This scheme allows applications to easily determine the length of the decrypted file without having to first decrypt the encrypted header portion to obtain the padding length. The decrypted file length can be computed like so: long decryptedFileLength = encryptedFileLength - 144 - 512. //Subtract 144 for the header length //Subtract 512 for the combination of padding bytes and additional random bytes

When decrypting, the padding length is determined from the encrypted header. The number of additional random bytes is 512 minus the padding length. The additional random bytes are discarded before using XTS-AES to decrypt the file content. After decrypting the file content, the padding bytes in the decrypted content are discarded.

// structure of the end of the encrypted file [512 bytes] | -------------------------------------------------- | | encrypted_content | encrypted_padding_bytes | additional_random_bytes

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.


GlobalSalt	The additional random data to compute encryption keys.
InputFile	The file to process.
InputMessage	The message to process.
OutputFile	The output file when encrypting or decrypting.
OutputMessage	The output message after processing.
Overwrite	Indicates whether or not the component should overwrite files.
Password	The password to be used to calculate encryption and decryption keys.
Salt	The additional random data included in the file header.
Version	The AESF file format version number.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.


ChangePassword	Changes the password for the specified file.
Config	Sets or retrieves a configuration setting.
Decrypt	Decrypts the data.
Encrypt	Encrypts the data.
Reset	Resets the component.
SetInputStream	Sets the stream from which the component will read data to encrypt or decrypt.
SetOutputStream	Sets the stream to which the component will write encrypted or decrypted data.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.


Error	Fired when information is available about errors during data delivery.
Log	Fires with log information during processing.
Progress	Fired as progress is made.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.


BuildNumber	The build number of the encrypted data.
CloseInputStreamAfterProcessing	Determines whether or not the input stream is closed after processing.
CloseOutputStreamAfterProcessing	Determines whether or not the output stream is closed after processing.
LogLevel	Specifies the level of detail that is logged.
WriteToProgressEvent	Whether to write output data so it is accessible from inside the progress event.
BuildInfo	Information about the product's build.
GUIAvailable	Whether or not a message loop is available for processing events.
LicenseInfo	Information about the current license.
MaskSensitiveData	Whether sensitive data is masked in log messages.
UseFIPSCompliantAPI	Tells the component whether or not to use FIPS certified APIs.
UseInternalSecurityAPI	Whether or not to use the system security libraries or an internal implementation.

GlobalSalt Property (AESFile Component)

The additional random data to compute encryption keys.

public string GlobalSalt { get; set; }
public byte[] GlobalSaltB { get; set; }

Public Property GlobalSalt As String
Public Property GlobalSaltB As Byte()

Default Value

Remarks

This is an optional property and will be populated when Decrypt is called. When this property is set, it will provide additional randomness to encryption. The length of the salt must be 16 bytes.

The global salt will be used during generation of a key and IV. It can optionally be set before calling the Encrypt method. It is recommended to use a unique and randomly generated value. If it is not set, then the component will generate a value automatically.

InputFile Property (AESFile Component)

The file to process.

Syntax

C#
VB.NET

public string InputFile { get; set; }

Public Property InputFile As String

Default Value

Remarks

This property specifies the file to be processed. Set this property to the full or relative path to the file which will be processed.

Input and Output Properties

The component will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

InputMessage Property (AESFile Component)

The message to process.

Syntax

C#
VB.NET

public string InputMessage { get; set; }
public byte[] InputMessageB { get; set; }

Public Property InputMessage As String
Public Property InputMessageB As Byte()

Default Value

Remarks

This property specifies the message to be processed.

Input and Output Properties

The component will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

OutputFile Property (AESFile Component)

The output file when encrypting or decrypting.

Syntax

C#
VB.NET

public string OutputFile { get; set; }

Public Property OutputFile As String

Default Value

Remarks

This property specifies the file to which the output will be written when Encrypt or Decrypt is called. This may be set to an absolute or relative path.

This property is only applicable to Encrypt and Decrypt.

Input and Output Properties

The component will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

OutputMessage Property (AESFile Component)

The output message after processing.

Syntax

C#
VB.NET

public string OutputMessage { get; }
public byte[] OutputMessageB { get; }

Public ReadOnly Property OutputMessage As String
Public ReadOnly Property OutputMessageB As Byte()

Default Value

Remarks

This property will be populated with the output from the operation if OutputFile and SetOutputStream are not set.

Input and Output Properties

The component will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

This property is read-only and not available at design time.

Overwrite Property (AESFile Component)

Indicates whether or not the component should overwrite files.

Syntax

C#
VB.NET

public bool Overwrite { get; set; }

Public Property Overwrite As Boolean

Default Value

False

Remarks

This property indicates whether or not the component will overwrite OutputFile. If Overwrite is False, an error will be thrown whenever OutputFile exists before an operation. The default value is False.

Password Property (AESFile Component)

The password to be used to calculate encryption and decryption keys.

Syntax

C#
VB.NET

public string Password { get; set; }

Public Property Password As String

Default Value

Remarks

When this property is set the component will use PBKDF2 to derive an XTS master key. This must be set before calling Encrypt or Decrypt.

While there are no strict format or length requirements, it is recommended to use complex passwords. Once set, the password is transformed and never held in plaintext in memory.

Salt Property (AESFile Component)

The additional random data included in the file header.

Syntax

C#
VB.NET

public string Salt { get; set; }
public byte[] SaltB { get; set; }

Public Property Salt As String
Public Property SaltB As Byte()

Default Value

Remarks

This property is optional and will be populated when Decrypt is called. When this property is set it will provide additional randomness to encryption at the file level. The length of the salt must be 16 bytes.

The salt will be used within each file as input to encryption. It can optionally be set before calling the Encrypt method. It is recommended to use a unique and randomly generated value. If it is not set, then the component will generate a value automatically.

Version Property (AESFile Component)

The AESF file format version number.

Syntax

C#
VB.NET

public int Version { get; set; }

Public Property Version As Integer

Default Value

Remarks

This property will be populated when Decrypt is called. Possible values are:


1 (v1 - Default)

ChangePassword Method (AESFile Component)

Changes the password for the specified file.

Syntax

C#
VB.NET

public void ChangePassword(string path, string oldPassword, string newPassword);

Async Version
public async Task ChangePassword(string path, string oldPassword, string newPassword);
public async Task ChangePassword(string path, string oldPassword, string newPassword, CancellationToken cancellationToken);

Public Sub ChangePassword(ByVal Path As String, ByVal OldPassword As String, ByVal NewPassword As String)

Async Version
Public Sub ChangePassword(ByVal Path As String, ByVal OldPassword As String, ByVal NewPassword As String) As Task
Public Sub ChangePassword(ByVal Path As String, ByVal OldPassword As String, ByVal NewPassword As String, cancellationToken As CancellationToken) As Task

Remarks

ChangePassword is optional and allows you to update the password used to encrypt an AESF file. This securely changes the password, ensuring that the file remains protected with the new password.

Config Method (AESFile Component)

Sets or retrieves a configuration setting.

Syntax

C#
VB.NET

public string Config(string configurationString);

Async Version
public async Task<string> Config(string configurationString);
public async Task<string> Config(string configurationString, CancellationToken cancellationToken);

Public Function Config(ByVal ConfigurationString As String) As String

Async Version
Public Function Config(ByVal ConfigurationString As String) As Task(Of String)
Public Function Config(ByVal ConfigurationString As String, cancellationToken As CancellationToken) As Task(Of String)

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Decrypt Method (AESFile Component)

Decrypts the data.

Syntax

C#
VB.NET

public void Decrypt();

Async Version
public async Task Decrypt();
public async Task Decrypt(CancellationToken cancellationToken);

Public Sub Decrypt()

Async Version
Public Sub Decrypt() As Task
Public Sub Decrypt(cancellationToken As CancellationToken) As Task

Remarks

This method will decrypt the specified data. The Password property is required.

Input and Output Properties

The component will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

Encrypt Method (AESFile Component)

Encrypts the data.

Syntax

C#
VB.NET

public void Encrypt();

Async Version
public async Task Encrypt();
public async Task Encrypt(CancellationToken cancellationToken);

Public Sub Encrypt()

Async Version
Public Sub Encrypt() As Task
Public Sub Encrypt(cancellationToken As CancellationToken) As Task

Remarks

This method will encrypt the specified data. The following properties are applicable:

Password (required)
GlobalSalt
Version

Input and Output Properties

The component will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

Reset Method (AESFile Component)

Resets the component.

Syntax

C#
VB.NET

public void Reset();

Async Version
public async Task Reset();
public async Task Reset(CancellationToken cancellationToken);

Public Sub Reset()

Async Version
Public Sub Reset() As Task
Public Sub Reset(cancellationToken As CancellationToken) As Task

Remarks

When called, the component will reset all of its properties to their default values.

SetInputStream Method (AESFile Component)

Sets the stream from which the component will read data to encrypt or decrypt.

Syntax

C#
VB.NET

public void SetInputStream(System.IO.Stream inputStream);

Async Version
public async Task SetInputStream(System.IO.Stream inputStream);
public async Task SetInputStream(System.IO.Stream inputStream, CancellationToken cancellationToken);

Public Sub SetInputStream(ByVal InputStream As System.IO.Stream)

Async Version
Public Sub SetInputStream(ByVal InputStream As System.IO.Stream) As Task
Public Sub SetInputStream(ByVal InputStream As System.IO.Stream, cancellationToken As CancellationToken) As Task

Remarks

This method sets the stream from which the component will read data to encrypt or decrypt.

Input and Output Properties

The component will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

SetOutputStream Method (AESFile Component)

Sets the stream to which the component will write encrypted or decrypted data.

Syntax

C#
VB.NET

public void SetOutputStream(System.IO.Stream outputStream);

Async Version
public async Task SetOutputStream(System.IO.Stream outputStream);
public async Task SetOutputStream(System.IO.Stream outputStream, CancellationToken cancellationToken);

Public Sub SetOutputStream(ByVal OutputStream As System.IO.Stream)

Async Version
Public Sub SetOutputStream(ByVal OutputStream As System.IO.Stream) As Task
Public Sub SetOutputStream(ByVal OutputStream As System.IO.Stream, cancellationToken As CancellationToken) As Task

Remarks

This method sets the stream to which the component will write encrypted or decrypted data.

Input and Output Properties

The component will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

SetInputStream
InputFile
InputMessage

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

SetOutputStream
OutputFile
OutputMessage: The output data is written to this property if no other destination is specified.

When using streams, you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.

Error Event (AESFile Component)

Fired when information is available about errors during data delivery.

Syntax

C#
VB.NET

public event OnErrorHandler OnError;

public delegate void OnErrorHandler(object sender, AESFileErrorEventArgs e);

public class AESFileErrorEventArgs : EventArgs {
  public int ErrorCode { get; }
  public string Description { get; }
}

Public Event OnError As OnErrorHandler

Public Delegate Sub OnErrorHandler(sender As Object, e As AESFileErrorEventArgs)

Public Class AESFileErrorEventArgs Inherits EventArgs
  Public ReadOnly Property ErrorCode As Integer
  Public ReadOnly Property Description As String
End Class

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component throws an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Log Event (AESFile Component)

Fires with log information during processing.

Syntax

C#
VB.NET

public event OnLogHandler OnLog;

public delegate void OnLogHandler(object sender, AESFileLogEventArgs e);

public class AESFileLogEventArgs : EventArgs {
  public int LogLevel { get; }
  public string Message { get; }
  public string LogType { get; }
}

Public Event OnLog As OnLogHandler

Public Delegate Sub OnLogHandler(sender As Object, e As AESFileLogEventArgs)

Public Class AESFileLogEventArgs Inherits EventArgs
  Public ReadOnly Property LogLevel As Integer
  Public ReadOnly Property Message As String
  Public ReadOnly Property LogType As String
End Class

Remarks

This event fires during processing with log information. The level of detail that is logged is controlled via the LogLevel.

LogLevel indicates the level of message. Possible values are:


0 (None)	No events are logged.
1 (Info - default)	Informational events are logged.
2 (Verbose)	Detailed data is logged.
3 (Debug)	Debug data is logged.

LogMessage is the log entry.

LogType indicates the type of log. Possible values are:

"INFO"
"ENCRYPT"
"COMPRESS"
"SIGN"
"DECRYPT"
"DECOMPRESS"
"VERIFY"
"DEBUG"

Progress Event (AESFile Component)

Fired as progress is made.

Syntax

C#
VB.NET

public event OnProgressHandler OnProgress;

public delegate void OnProgressHandler(object sender, AESFileProgressEventArgs e);

public class AESFileProgressEventArgs : EventArgs {
  public string Data { get; }
  public byte[] DataB { get; }
  public string Filename { get; }
  public long BytesProcessed { get; }
  public int PercentProcessed { get; }
}

Public Event OnProgress As OnProgressHandler

Public Delegate Sub OnProgressHandler(sender As Object, e As AESFileProgressEventArgs)

Public Class AESFileProgressEventArgs Inherits EventArgs
  Public ReadOnly Property Data As String
  Public ReadOnly Property DataB As Byte()
  Public ReadOnly Property Filename As String
  Public ReadOnly Property BytesProcessed As Long
  Public ReadOnly Property PercentProcessed As Integer
End Class

Remarks

This event is fired automatically as data is encrypted or decrypted by the component. When WriteToProgressEvent is true, the output data is provided through the Data parameter, allowing for it to be streamed out.

Filename contains the name of the file being written. If no file is being written, Filename will contain an empty string, and the output data will be provided exclusively through this event.

The PercentProcessed parameter indicates the current status of the operation.

The BytesProcessed parameter holds the total number of bytes processed so far.

Config Settings (AESFile Component)

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

AESFile Config Settings

BuildNumber: The build number of the encrypted data.

This property will be populated when Decrypt is called, and will be set to the current component build number when Encrypt is called. This configuration setting is read-only.

CloseInputStreamAfterProcessing: Determines whether or not the input stream is closed after processing.

Determines whether or not the input stream set by SetInputStream is closed after processing is complete. The default value is True.

CloseOutputStreamAfterProcessing: Determines whether or not the output stream is closed after processing.

Determines whether or not the output stream set by SetOutputStream is closed after processing is complete. The default value is True.

LogLevel: Specifies the level of detail that is logged.

This setting controls the level of detail that is logged through the Status event. Possible values are:


0 (None)	No events are logged.
1 (Info - default)	Informational events are logged.
2 (Verbose)	Detailed data is logged.
3 (Debug)	Debug data is logged.

WriteToProgressEvent: Whether to write output data so it is accessible from inside the progress event.

When set to True this setting allows output data to be obtained from within the Progress event. event.

By default, this config is set to false.

Base Config Settings

BuildInfo: Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

GUIAvailable: Whether or not a message loop is available for processing events.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The component will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications, an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the component does not attempt to process external events.

LicenseInfo: Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a component is using. It will return the following information:

Product: The product the license is for.
Product Key: The key the license was generated from.
License Source: Where the license was found (e.g., RuntimeLicense, License File).
License Type: The type of license installed (e.g., Royalty Free, Single Server).
Last Valid Build: The last valid build number for which the license will work.

MaskSensitiveData: Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is true.

This setting only works on these components: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseFIPSCompliantAPI: Tells the component whether or not to use FIPS certified APIs.

When set to true, the component will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle Federal Information Processing Standards (FIPS), while all other Windows editions make use of Microsoft security libraries.

FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to true. This is a static setting that applies to all instances of all components of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.

For more details, please see the FIPS 140-2 Compliance article.

Note: This setting is applicable only on Windows.

Note: Enabling FIPS compliance requires a special license; please contact sales@nsoftware.com for details.

UseInternalSecurityAPI: Whether or not to use the system security libraries or an internal implementation.

When set to false, the component will use the system security libraries by default to perform cryptographic functions where applicable. In this case, calls to unmanaged code will be made. In certain environments, this is not desirable. To use a completely managed security implementation, set this setting to true.

Setting this configuration setting to true tells the component to use the internal implementation instead of using the system security libraries.

On Windows, this setting is set to false by default. On Linux/macOS, this setting is set to true by default.

If using the .NET Standard Library, this setting will be true on all platforms. The .NET Standard library does not support using the system security libraries.

Note: This setting is static. The value set is applicable to all components used in the application.

When this value is set, the product's system dynamic link library (DLL) is no longer required as a reference, as all unmanaged code is stored in that file.

Trappable Errors (AESFile Component)

AESFile Errors

105	An invalid parameter was specified.
111	Overwrite is false and the destination already exists.
112	No input was specified.
115	Invalid password.
116	No password was specified.
202	The input file is not valid AESF format.
303	Cannot open file.
304	Cannot write file.
305	Cannot read file.
306	Cannot create file.