KeyMgr ConfigurationThe class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.
KeyMgr Configuration Settings
|AllowEmptyPassword: Whether a key can be created without a password.This controls whether a password will be used to encrypt a key. When true, create_key will accept an empty string as the password, leaving the key unencrypted. The default is false.|
|ContinueOnInvalidKey: Whether to continue loading the keyring when an invalid key is found.This setting determines whether the class will continue loading keys when an invalid key is found. This is applicable when calling load_keyring. If set to False (default) the class fails with an error. If set to True the class will fire the on_error event with information about the key which failed to load, and then continue loading additional keys.|
|CreateRSASubkeyforEncrypt: Whether to create a subkey when creating an RSA key.This setting determines whether the class will additionally create a subkey marked for encryption when calling create_key when PublicKeyAlgorithm is set to "RSA". The default is true.|
|CurrentKeyPrimaryKeyUsageFlags: The usage flags of the currently selected primary key.When queried, this will return the usage flags of the currently selected primary key, returned in decimal representation. Individual flags may be checked against the list at key_usage_flags.|
The elliptic curve used when calling CreateKey.This setting specifies the curve to use when creating ECDSA or EdDSA keys. This setting is only applicable when PublicKeyAlgorithm is set to ECDSA or EdDSA. Possible values are:
|DSAPublicSubKeyLength: Specifies the public subkey length when creating a DSA key.This setting is only applicable when creating DSA keys with create_key. This specifies the length of the public ElGamal subkey. The value is 0 means this setting is not used and the subkey will have the length defined in PublicKeyLength. The default value is 0.|
Whether or not to select a suitable signature hash algorithm automatically.This setting specifies whether the class ensures a valid hash algorithm is selected for use with the loaded DSA or ECDSA key. The default value is True.
DSA requires that the hash be 160 bits or larger, which means MD5 is not a suitable algorithm. When DSA Signature Hash Algorithm selection is enabled (default) the class will use the preferred algorithm from the key if it meets the requirements for DSA. If the preferred algorithm is MD5 and does not meed the requirements for DSA the class will automatically use a suitable algorithm based on the Q element of the DSA key (may be SHA1, SHA224, or SHA256).
The ECDSA Signature Hash Algorithm requirements are directly related to the key_curve used by the key. When this setting is enabled (default) the class will use the preferred algorithm from the key if it meets the requirements for ECDSA. If the preferred algorithm does not meet the requirements the class will automatically select a valid hash algorithm based on the curve as follows:
|ImportAllKeys: Whether or not to import all keys found in a key file.When calling import_key with a UserId parameter of "*" or "", the class will import all keys found in the file if this property is set to True (default). If this is set to False when the UserId parameter of import_key is set to "*" or "", only the first key found in the file will be imported. The default value is True.|
|KeyEncryptionAlgorithm: The encryption algorithm used when creating a key.Specifies the encryption algorithm to use when calling create_key. The default value is "CAST5". Possible values are "CAST5", "3DES", "AES256", "AES192", "AES128", "IDEA", and "BLOWFISH".|
|KeyIdLength: Specifies the length of the key's Id.When querying the key_id property the value will be returned with the length (in octets) specified. The default value is 4. The only other acceptable value is 8.|
Flags that show intended use for the key being created.When calling create_key this setting defines the flags that show the intended use for the key. The default value is (0x0F). The value
of KeyUsage is a combination of the following flags:
|KeyValidityTime: The validity period for the key being created.When create_key creates a new key, the key is valid the moment it is created. KeyValidityTime determines the number of days until expiration. The default value is 365 days. The special value 0 means the key will never expire.|
Specifies the level of detail that is logged.This setting controls the level of detail that is logged through the on_status event. Possible values are:
The public key algorithm for the key being created.Specifies the public key algorithm to use when creating the key via create_key. The default value is "RSA". Possible values are:
The "RSA-Legacy" algorithm should not be used under normal circumstances. It should only be used to create PGP 2.6.2 compatible keys, when required. This type of key will not have subkeys.
ECDSA and EdDSA Notes
Specifies the public key length when creating a key.Specifies the length of the public key when calling create_key. The default value is 1024. Common values are 512, 1024, and 2048.
When PublicKeyAlgorithm is set to ECDSA or EdDSA this setting is not applicable and the public key length is automatically determined based on the Curve selected. The public key length values are as follows:
|PublicKeyringFile: The file name of the public keyring file.This specifies the name of the public keyring file. The default value is "pubring.gpg". This may be set to a file name only, or a full path including the file name.|
The public key signature hash algorithm used when creating a key.This setting specifies the public key signature algorithm to be used when calling create_key. The default value is "SHA256". Possible values are:
|RawKeyData: Returns detailed key and keyring data for debugging purposes.This setting will return detailed debugging information about the current key and keyring.|
The reason why the key was revoked.This setting specifies why the key was revoked. It is only applicable if key_revoked is True. This
may be set before calling revoke_key and may be inspected after importing and selecting a revoked key.
Possible values are:
|RevocationReason: Text describing why the key was revoked.This setting specifies text description of why the key was revoked. It is only applicable if key_revoked is True. This may be set before calling revoke_key and may be queried after importing and selecting a revoked key. The default value is an empty string.|
|Revoker: The revoker's key Id.This setting returns the key Id of the designated revoker associated with this key. This will only be present if a separate revoker was added to the key (for instance by calling add_revoker). If more than one revoker was added this setting will return a comma-separated list of key Ids.|
|SecretKeyringFile: The file name of the secret keyring file.This specifies the name of the secret keyring file. The default value is "secring.gpg". This may be set to a file name only, or a full path including the file name.|
The subkey algorithm for the subkey being created.Specifies the public key algorithm to use when creating the key via create_key. The default value is "RSA". Possible values are:
The elliptic curve of the sub key.When calling create_key and PublicKeyAlgorithm is set to ECDSA or EdDSA this setting may optionally be specified to set a curve for the subkey which differs from the key curve specified by Curve.
Possible values are:
Note: It is valid to specify the subkey curve of Curve25519 when Curve is set to secp256r1, secp384r1, or secp521r1. It is also valid to set a subkey curve of secp256r1, secp384r1, or secp521r1 when Curve is set to Ed25519.
Flags that show intended use for the subkey being created.When calling create_sub_key this setting defines the flags that show the intended use for the key. The default value is (0x0C). The value
of SubKeyUsage is a combination of the following flags:
Restricts the usage to FIPS compliant algorithms only.When enabled the class will only support FIPS compliant algorithms. If a non-FIPS
compliant algorithm is used an exception is thrown. The following algorithms are supported
when this setting is True:
|VersionHeader: The Version header value in ASCII armored public keys.This setting specifies the Version header value included in newly created public keys. This includes keys that are exported via export_public_key where the UseAsciiArmor parameter is true. The default value is "IPWorks! OpenPGP v9.0".|
Base Configuration Settings
|BuildInfo: Information about the product's build.When queried, this setting will return a string containing information about the product's build.|
The system code page used for Unicode to Multibyte translations.The default code page is Unicode UTF-8 (65001).
The following is a list of valid code page identifiers:
Information about the current license.When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:
|ProcessIdleEvents: Whether the class uses its internal event loop to process events when the main thread is idle.If set to False, the class will not fire internal idle events. Set this to false to use the class in a background thread on macOS. By default this setting is True.|
|SelectWaitMillis: The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.If there are no events to process when do_events is called, the class will wait for the amount of time specified here before returning. The default value is 20.|
|UseInternalSecurityAPI: Tells the class whether or not to use the system security libraries or an internal implementation. By default the class will use the system security libraries to perform cryptographic functions. Setting this to True tells the class to use the internal implementation instead of using the system's security API.|