OpenPGP ConfigurationThe class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.
OpenPGP Configuration Settings
|AllowEmptyInput: Whether to allow empty files for input.This setting controls whether the class allows empty input when processing. When True, the class will process 0 byte files specified by input_file, or 0 byte messages specified by input_message. The default value is False.|
Whether to allow the older encrypted packet type.By default the class will only encrypt data using the newer and more secure integrity protected data packet type.
Old implementations such as PGP 6.5.8 may require the older less secure data packet type.
When set to True the class will read the features from the recipient key to determine if the older packet type is required. If the key does require the old packet type, then the older packet type will be used. If the key does not require the old packet type, then the new integrity protected packet type will still be used.
By default this value is False. This means under no conditions is the older less secure packet type used. The newer integrity protected packet type is always used.
Only enable this setting if you have a requirement to do so.
The level of compression used.This setting specifies the level of compression used: possible values depend on the value of compression_method and are detailed below.
|DeleteOutputFileOnError: Whether to delete the output file on an error.Set this to true to automatically delete any partially written output_file if an error occurs. The default is False|
The detached signature.This setting is used to specify the detached signature before calling verify_signature.
The message data should be specified normally and this setting should be set to the detached signature
data. Both hex-string and OpenPGP ASCII-armored message formats are allowed.
Hex-encoded data should be provided as a string like so:
Whether or not to select a suitable signature hash algorithm automatically.This setting specifies whether the class ensures a valid hash algorithm is selected for use with the loaded DSA or ECDSA key. The default value is True.
DSA requires that the hash be 160 bits or larger, which means MD5 is not a suitable algorithm. When DSA Signature Hash Algorithm selection is enabled (default) the class will use the preferred algorithm from the key if it meets the requirements for DSA. If the preferred algorithm is MD5 and does not meed the requirements for DSA the class will automatically use a suitable algorithm based on the Q element of the DSA key (may be SHA1, SHA224, or SHA256).
The ECDSA Signature Hash Algorithm requirements are directly related to the key_curve used by the key. When this setting is enabled (default) the class will use the preferred algorithm from the key if it meets the requirements for ECDSA. If the preferred algorithm does not meet the requirements the class will automatically select a valid hash algorithm based on the curve as follows:
|FileName: The original name of the encrypted file.When encrypting, this configuration setting can be used to specify the original name of the encrypted data. When specifying an input_file to encrypt from, this is included automatically in the encrypted packet. After decrypting, this will contain the file name of the original encrypted file.|
|KeyIdLength: The length of the KeyId available.This controls the length of KeyId available when on_recipient_info fires. Possible values are 4 (default) or 8.|
The method used to select a key for encryption or signing.When more than one key is present this class can be configured to automatically select a key based on certain criteria (described below) or allow for manual selection.
To manually select a key for any operation pass the key's Id in the constructor.
Openpgp pgp = new Openpgp(); pgp.Config("KeySelectionMethod=99"); pgp.RecipientKeys.Add(new Key(@"C:\path\to\key.asc", "7CA1376C39768977")); // Key with Id 7CA1376C39768977 will be used for encryption.
Specifies the level of detail that is logged.This setting controls the level of detail that is logged through the on_status event. Possible values are:
The directory used when creating or extracting a PGP zip file.A PGP zip file is a Tar archive that is encrypted. It is commonly used by utilities to protect multiple
files in one OpenPGP message. The class supports creating and extracting these types of files.
|ProgressEventThreshold: The amount of data in bytes to process before firing the progress event.When encrypting or decrypting, the on_progress event is fired as data is processed by the class. When this setting is specified, the event will only fire after processing at least the specified number of bytes. The default value is 0.|
|PublicKeyringFile: The file name of the public keyring file.This specifies the name of the public keyring file. The default value is "pubring.gpg". This may be set to a file name only, or a full path including the file name.|
|ReadFromProgressEvent: Whether to read input data from inside the progress event.When set to True this setting allows input data to be specified from within the on_progress event. The class will repeatedly fire the on_progress event to ask for data. Inside the event set input_message when the Operation parameter of the event is 1 (Read). When all data has been provided set the IsEOF parameter of the event to True. This allows input data to be chunked and provided piece by piece. The default value is False.|
Whether the encrypted data should be decrypted recursively.In some instances data will be encrypted multiple times. This configuration option determines how the class
will handle this situation. Options are:
Whether to throw an error when decrypting and encryption is not detected.By default, the component's decryption methods will succeed if the message is not encrypted. To cause an error to be thrown in this case,
set this option to true.
The default value is false.
|RequireIntegrityProtectedPacket: Whether an MDC packet is required for decryption.When set to true, the class will throw an exception if the message being decrypted does not contain a Message Detection Code (MDC) packet. The default value is false.|
Whether to throw an error when verifying a signature and no signature is found.By default, the component's signature verification methods will succeed if the message is not signed. To cause an error to be thrown in this case,
set this option to true.
The default value is false.
|RequireValidSignature: Specifies if an invalid signature is considered an error condition.By default, if the signature is not valid the class fails with an error. This setting may be set to False to disable this requirement. When False, the Status parameter of the on_verification_status event should be checked to determine the result of the operation. The default value is True.|
|SecretKeyringFile: The file name of the secret keyring file.This specifies the name of the secret keyring file. The default value is "secring.gpg". This may be set to a file name only, or a full path including the file name.|
|SplitHeaders: Controls whether ASCII Armor headers are split or not.By default, when headers are specified via message_headers, the class will split headers over a certain length onto multiple lines. This is done to avoid potential errors during transport of the message. If false, the headers will be on one line regardless of length. The default value is True.|
|SymmetricPassphrase: The password used for symmetric encryption or decryption.This setting specifies the passphrase when using symmetric encryption. If a value is provided, symmetric encryption/decryption will be attempted. In this case no keys are used for either encryption or decryption. Only encrypt and decrypt are valid operations when a value is set. sign, sign_and_encrypt, verify_signature, and decrypt_and_verify_signature are not valid operations when using this option.|
Restricts the usage to FIPS compliant algorithms only.When enabled the class will only support FIPS compliant algorithms. If a non-FIPS
compliant algorithm is used an exception is thrown. The following algorithms are supported
when this setting is True:
|UsePlatformAES: Whether to use the platform AES implementation.By default class will use an internal implementation to perform AES. This is more self-contained and managed. In certain scenarios it may be better to use the platform's implementation. Set this to true to perform AES using the platform implementation. This is only available on Unix. The default is false.|
|VersionHeader: The Version header value in the ASCII armored OpenPGP message.This setting specifies the Version header value included in the ASCII armored OpenPGP message. This may be set before calling encrypt, sign, or sign_and_encrypt. The default value is "IPWorks! OpenPGP 2016".|
|WriteToProgressEvent: Whether to write output data so it is accessible from inside the progress event.When set to True this setting allows output data to be obtained from within the on_progress event. The class will repeatedly fire the on_progress event to provide output data. Inside the event check output_message when the Operation parameter of the event is 2 (Write). The IsEOF parameter should be checked inside the event to determine when all output data has been provided. This allows output data to be chunked and obtained piece by piece. The default value is False.|
Base Configuration Settings
|BuildInfo: Information about the product's build.When queried, this setting will return a string containing information about the product's build.|
The system code page used for Unicode to Multibyte translations.The default code page is Unicode UTF-8 (65001).
The following is a list of valid code page identifiers:
Information about the current license.When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:
|ProcessIdleEvents: Whether the class uses its internal event loop to process events when the main thread is idle.If set to False, the class will not fire internal idle events. Set this to false to use the class in a background thread on macOS. By default this setting is True.|
|SelectWaitMillis: The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.If there are no events to process when do_events is called, the class will wait for the amount of time specified here before returning. The default value is 20.|
|UseInternalSecurityAPI: Tells the class whether or not to use the system security libraries or an internal implementation. By default the class will use the system security libraries to perform cryptographic functions. Setting this to True tells the class to use the internal implementation instead of using the system's security API.|