This controls whether a password will be used to encrypt a key. When true, CreateKey will accept an empty string as the password, leaving the key unencrypted. The default is false.

This setting determines whether or not subkeys' passphrases should be changed when ChangePassphrase is called. The default value is False.

This setting determines whether the component will continue loading keys when an invalid key is found. This is applicable when calling LoadKeyring. If set to False (default) the component throws an exception. If set to True the component will fire the Error event with information about the key which failed to load, and then continue loading additional keys.

This setting determines whether the component will additionally create a subkey marked for encryption when calling CreateKey when PublicKeyAlgorithm is set to "RSA". The default is true.

When queried, this will return the usage flags of the currently selected primary key, returned in decimal representation. Individual flags may be checked against the list at UsageFlags.

This setting specifies the curve to use when creating ECDSA or EdDSA keys. This setting is only applicable when PublicKeyAlgorithm is set to ECDSA or EdDSA. Possible values are:

The default value is secp256r1 for ECDSA keys and Ed25519 for EdDSA keys.

This setting is only applicable when creating DSA keys with CreateKey. This specifies the length of the public ElGamal subkey. The value is 0 means this setting is not used and the subkey will have the length defined in PublicKeyLength. The default value is 0.

This setting specifies whether the component ensures a valid hash algorithm is selected for use with the loaded DSA or ECDSA key. The default value is True.

DSA Notes

DSA requires that the hash be 160 bits or larger, which means MD5 is not a suitable algorithm. When DSA Signature Hash Algorithm selection is enabled (default) the component will use the preferred algorithm from the key if it meets the requirements for DSA. If the preferred algorithm is MD5 and does not meed the requirements for DSA the component will automatically use a suitable algorithm based on the Q element of the DSA key (may be SHA1, SHA224, or SHA256).

ECDSA Notes

The ECDSA Signature Hash Algorithm requirements are directly related to the Curve used by the key. When this setting is enabled (default) the component will use the preferred algorithm from the key if it meets the requirements for ECDSA. If the preferred algorithm does not meet the requirements the component will automatically select a valid hash algorithm based on the curve as follows:

When calling ImportKey with a UserId parameter of "*" or "", the component will import all keys found in the file if this property is set to True (default). If this is set to False when the UserId parameter of ImportKey is set to "*" or "", only the first key found in the file will be imported. The default value is True.

Specifies the encryption algorithm to use when calling CreateKey. The default value is "CAST5". Possible values are "CAST5", "3DES", "AES256", "AES192", "AES128", "IDEA", and "BLOWFISH".

When querying the Id field the value will be returned with the length (in octets) specified. The default value is 4. The only other acceptable value is 8.

When calling CreateKey this setting defines the flags that show the intended use for the key. The default value is (0x0F). The value of KeyUsage is a combination of the following flags:

When CreateKey creates a new key, the key is valid the moment it is created. KeyValidityTime determines the number of days until expiration. The default value is 365 days. The special value 0 means the key will never expire.

This setting controls the level of detail that is logged through the Status event. Possible values are:

Specifies the public key algorithm to use when creating the key via CreateKey. The default value is "RSA". Possible values are:

• RSA
• DSA
• ECDSA
• EdDSA
• RSA-Legacy

The "RSA-Legacy" algorithm should not be used under normal circumstances. It should only be used to create PGP 2.6.2 compatible keys, when required. This type of key will not have subkeys.

Note: When creating a DSA key only PublicKeyLength values of 512 and 1024 are supported. Additionally the PublicKeySignatureHashAlgorithm value "MD5" is not supported with DSA keys.

ECDSA and EdDSA Notes

When creating an ECDSA or EdDSA key the PublicKeyLength value is automatically determined based on the Curve. The Curve and SubKeyCurve settings is also applicable.

If Curve and SubKeyCurve are not specified the following defaults will be used:

Specifies the length of the public key when calling CreateKey. The default value is 1024. Common values are 512, 1024, and 2048.

When PublicKeyAlgorithm is set to ECDSA or EdDSA this setting is not applicable and the public key length is automatically determined based on the Curve selected. The public key length values are as follows:

This specifies the name of the public keyring file. The default value is "pubring.gpg". This may be set to a file name only, or a full path including the file name.

This setting specifies the public key signature algorithm to be used when calling CreateKey. The default value is "SHA256". Possible values are:

• SHA1
• MD5
• SHA256 (default)
• SHA384
• SHA512
• SHA224

This setting will return detailed debugging information about the current key and keyring.

This setting specifies why the key was revoked. It is only applicable if Revoked is True. This may be set before calling RevokeKey and may be inspected after importing and selecting a revoked key. Possible values are:

The default value is 0.

This setting specifies text description of why the key was revoked. It is only applicable if Revoked is True. This may be set before calling RevokeKey and may be queried after importing and selecting a revoked key. The default value is an empty string.

This setting returns the key Id of the designated revoker associated with this key. This will only be present if a separate revoker was added to the key (for instance by calling AddRevoker). If more than one revoker was added this setting will return a comma-separated list of key Ids.

This specifies the name of the secret keyring file. The default value is "secring.gpg". This may be set to a file name only, or a full path including the file name.

Specifies the public key algorithm to use when creating the key via CreateKey. The default value is "RSA". Possible values are:

When calling CreateKey and PublicKeyAlgorithm is set to ECDSA or EdDSA this setting may optionally be specified to set a curve for the subkey which differs from the key curve specified by Curve. Possible values are:

The default value for ECDSA keys is the same value as specified in Curve. The default value for EdDSA keys is Curve25519.

Note: It is valid to specify the subkey curve of Curve25519 when Curve is set to secp256r1, secp384r1, or secp521r1. It is also valid to set a subkey curve of secp256r1, secp384r1, or secp521r1 when Curve is set to Ed25519.

When calling CreateSubKey this setting defines the flags that show the intended use for the key. The default value is (0x0C). The value of SubKeyUsage is a combination of the following flags:

When enabled the component will only support FIPS compliant algorithms. If a non-FIPS compliant algorithm is used an exception is thrown. The following algorithms are supported when this setting is True:

• 3DES
• AES128
• AES192
• AES256
• RSA
• DSA
• SHA1
• SHA256
• SHA384
• SHA512
• SHA224

This setting specifies the Version header value included in newly created public keys. This includes keys that are exported via ExportPublicKey where the UseAsciiArmor parameter is true. The default value is "IPWorks! OpenPGP v9.0".

When queried, this setting will return a string containing information about the product's build.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The component will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the component does not attempt to process external events.

When queried, this setting will return a string containing information about the license this instance of a component is using. It will return the following information:

• Product: The product the license is for.
• Product Key: The key the license was generated from.
• License Source: Where the license was found (e.g. RuntimeLicense, License File).
• License Type: The type of license installed (e.g. Royalty Free, Single Server).

If set to True (default), when the component creates a thread the thread's Daemon property will be explicitly set to True. When set to False the component will not set the Daemon property on the created thread. The default value is True.

By default the component will use the system security libraries to perform cryptographic functions. Setting this to True tells the component to use the internal implementation instead of using the system's security API.