KeyMgr Class

Properties   Methods   Events   Config Settings   Errors  

The KeyMgr class is used to create and manage OpenPGP keys.

Syntax

ipworksopenpgp.Keymgr

Remarks

The KeyMgr class can be used to perform a variety of key-related actions. You can create, delete, import, export, and manage keys. Both individual keys and keyrings can be created and used.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

KeyThe currently selected key.
KeyringThe location on disk of the keyring.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

AddRevokerAdds a designated revoker to the key.
AddUserIdAdds the specified user Id to the current key.
ChangeExpirationDateChanges the expiration date of the key.
ChangePassphraseChanges the passphrase of the current key.
ConfigSets or retrieves a configuration setting.
CreateKeyCreates an OpenPGP key pair.
CreateSubKeyCreates a new subkey.
DeleteKeyDeletes the specified key.
ExportPublicKeyExports the public key of the current key.
ExportSecretKeyExports the private key of the current key.
ImportKeyImports the key specified by UserId to the current keyring.
ImportKeyBImports the key specified by UserId to the current keyring.
ListKeysLists keys in the specified Keyring .
ListSignaturesLists all signatures of the current key.
ListSubkeysLists the subkeys of the currently selected key.
LoadKeyringLoads the keyring from disk.
LoadKeyringBLoads the keyring from SecretKeyringData and PublicKeyringData .
ResetResets the class properties.
RevokeKeyRevokes the specified key.
SaveKeyringSaves the current Keyring to disk.
SignUserIdSigns the specified user Id of the current key.
VerifyPassphraseVerifies the passphrase of specified key.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

ErrorInformation about errors during data delivery.
KeyListFires for each key in the keyring when ListKeys is called.
KeyPassphraseFired if the passphrase of current key is incorrect or empty.
SignatureListFires for each signature of the current key when ListSignatures is called.
StatusShows the progress of the operation.
SubkeyListFires once for each subkey listed when ListSubkeys is called.

Config Settings


The following is a list of config settings for the class with short descriptions. Click on the links for further details.

AllowEmptyPasswordWhether a key can be created without a password.
ChangeSubkeyPassphraseWhether or not the passphrase for subkey's should be changed.
ContinueOnInvalidKeyWhether to continue loading the keyring when an invalid key is found.
CreateRSASubkeyforEncryptWhether to create a subkey when creating an RSA key.
CurrentKeyPrimaryKeyUsageFlagsThe usage flags of the currently selected primary key.
CurveThe elliptic curve used when calling CreateKey.
DSAPublicSubKeyLengthSpecifies the public subkey length when creating a DSA key.
EnsureValidDSASignatureHashAlgorithmWhether or not to select a suitable signature hash algorithm automatically.
ImportAllKeysWhether or not to import all keys found in a key file.
KeyEncryptionAlgorithmThe encryption algorithm used when creating a key.
KeyIdLengthSpecifies the length of the key's Id.
KeyringFormatWhich format of keyring to use.
KeyUsageFlags that show intended use for the key being created.
KeyValidityTimeThe validity period for the key being created.
LogLevelSpecifies the level of detail that is logged.
PublicKeyAlgorithmThe public key algorithm for the key being created.
PublicKeyLengthSpecifies the public key length when creating a key.
PublicKeyringFileThe file name of the public keyring file.
PublicKeySignatureHashAlgorithmThe public key signature hash algorithm used when creating a key.
RawKeyDataReturns detailed key and keyring data for debugging purposes.
RevocationCodeThe reason why the key was revoked.
RevocationReasonText describing why the key was revoked.
RevokerThe revoker's key Id.
SecretKeyringFileThe file name of the secret keyring file.
SubKeyAlgorithmThe subkey algorithm for the subkey being created.
SubKeyCurveThe elliptic curve of the sub key.
SubKeyUsageFlags that show intended use for the subkey being created.
UseFipsCompliantAlgorithmsRestricts the usage to FIPS compliant algorithms only.
VersionHeaderThe Version header value in ASCII armored public keys.
BuildInfoInformation about the product's build.
GUIAvailableTells the class whether or not a message loop is available for processing events.
LicenseInfoInformation about the current license.
MaskSensitiveWhether sensitive data is masked in log messages.
UseDaemonThreadsWhether threads created by the class are daemon threads.
UseInternalSecurityAPITells the class whether or not to use the system security libraries or an internal implementation.

Key Property (KeyMgr Class)

The currently selected key.

Syntax


public Key getKey();


public void setKey(Key key);

Remarks

This property holds the currently selected key. It is populated after calling ImportKey or after setting Keyring. This may also be set to directly load an existing key. Both public keys and secret keys are supported.

This property is not available at design time.

Please refer to the Key type for a complete list of fields.

Keyring Property (KeyMgr Class)

The location on disk of the keyring.

Syntax


public String getKeyring();


Default Value

""

Remarks

To load a keyring use the LoadKeyring method.

This property is read-only.

AddRevoker Method (Keymgr Class)

Adds a designated revoker to the key.

Syntax

public void addRevoker(String userId);

Remarks

This method adds a designated revoker to the selected Key. The UserId parameter specifies the revoker to add. The revoker's key must be present in the current keyring. Use this with caution: once added, a revoker cannot be removed. The key's passphrase is required for this operation and may be specified via Passphrase or through the KeyPassphrase event.

The UserId format is:

FirstName LastName (Comment) <Email>
Not all values are required when selecting or generating a key, but at least FirstName or Email are required.

AddUserId Method (Keymgr Class)

Adds the specified user Id to the current key.

Syntax

public void addUserId(String userId);

Remarks

The key's passphrase is required for this operation and may be specified via Passphrase or through the KeyPassphrase event.

The UserId format is:

FirstName LastName (Comment) <Email>
Not all values are required when selecting or generating a key, but at least FirstName or Email are required.

ChangeExpirationDate Method (Keymgr Class)

Changes the expiration date of the key.

Syntax

public void changeExpirationDate(int expirationDate);

Remarks

This method changes the expiration date of the current Key. The ExpirationDate parameter specifies the number of days for which the key is valid starting today. For instance a value of "31" means the key is valid for the next 31 days.

The special value "0" means the key will never expire.

The key's passphrase is required for this operation and may be specified via Passphrase or through the KeyPassphrase event.

Note: See KeyValidityTime for information on specifying the expiration date when creating the key with CreateKey.

ChangePassphrase Method (Keymgr Class)

Changes the passphrase of the current key.

Syntax

public void changePassphrase(String passphrase);

Remarks

The Passphrase parameter specifies the new passphrase.

The key's passphrase is required for this operation and may be specified via Passphrase or through the KeyPassphrase event.

Config Method (Keymgr Class)

Sets or retrieves a configuration setting.

Syntax

public String config(String configurationString);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreateKey Method (Keymgr Class)

Creates an OpenPGP key pair.

Syntax

public void createKey(String userId, String passphrase);

Remarks

This method creates a new OpenPGP key pair. The UserId parameter specifies the user Id of the key.

The UserId format is:

FirstName LastName (Comment) <Email>
Not all values are required when selecting or generating a key, but at least FirstName or Email are required.

Additional configuration settings may be set to further configure the details of the key being created. Please see the following settings for details:

CreateSubKey Method (Keymgr Class)

Creates a new subkey.

Syntax

public void createSubKey();

Remarks

This method creates a new subkey. Before calling this method the Key property must be set to a valid private key.

The following settings may optionally be set to define specific values for the created subkey:

DeleteKey Method (Keymgr Class)

Deletes the specified key.

Syntax

public void deleteKey(String userId);

Remarks

This method deletes the key specified by UserId from the current keyring. Below is a table of the type of Ids that may be specified to identify the key:

Id Type Example
UserId FirstName LastName <user@mail.com>
UserId (name only) FirstName LastName
UserId (first name only) FirstName
UserId (email only) user@mail.com
Short KeyId 89C9D7B1
Long KeyId F7B7D49C89C9D7B1

ExportPublicKey Method (Keymgr Class)

Exports the public key of the current key.

Syntax

public void exportPublicKey(String fileName, boolean useAsciiArmor);

Remarks

This method exports the public key of the currently selected Key. The FileName parameter specifies the file on disk to which the public key will be written. The UseAsciiArmor parameter determines whether or not ASCII armoring is used when writing the key to disk.

Note: When UseAsciiArmor is set to True the VersionHeader setting may also be set to specify your own header value.

ExportSecretKey Method (Keymgr Class)

Exports the private key of the current key.

Syntax

public void exportSecretKey(String fileName, boolean useAsciiArmor);

Remarks

This method exports the private key of the currently selected Key. The FileName parameter specifies the file on disk that the private key will be written to. The UseAsciiArmor parameter determines whether or not ASCII armoring is used when writing the key to disk.

ImportKey Method (Keymgr Class)

Imports the key specified by UserId to the current keyring.

Syntax

public void importKey(String fileName, String userId);

Remarks

This method imports the key specified by UserId from the key file specified by FileName into the current Keyring. The imported key will be automatically selected and available in the Key property.

If the FileName specifies a key file which contains multiple keys only the key belonging to UserId will be imported.

If UserId is set to "*" or "" (empty string) all keys in the key file will be imported. The ImportAllKeys setting controls the behavior of the class in this case.

Note: If you simply wish to select a key in the current ring set UserId instead.

ImportKeyB Method (Keymgr Class)

Imports the key specified by UserId to the current keyring.

Syntax

public void importKeyB(byte[] data, String userId);

Remarks

This method imports the key specified by UserId from the key data specified by Data into the current Keyring. The imported key will be automatically selected and available in the Key property.

If the Data specifies key data that contains multiple keys only the key belonging to UserId will be imported.

If UserId is set to "*" or "" (empty string) all keys in the key data will be imported. The ImportAllKeys setting controls the behavior of the class in this case.

Note: If you simply wish to select a key in the current ring set UserId instead.

ListKeys Method (Keymgr Class)

Lists keys in the specified Keyring .

Syntax

public String listKeys();

Remarks

This method lists the keys (public/private key pairs) in the specified keyring. The results are provided through the KeyList event.

KeyList data will also be returned from this method, however it is recommended to use the KeyList event if possible.

ListSignatures Method (Keymgr Class)

Lists all signatures of the current key.

Syntax

public String listSignatures();

Remarks

This method lists all the signatures of the currently selected key. The SignatureList event will fire for each signature.

SignatureList data will also be returned from this method. However, it is recommended to use the SignatureList event if possible.

ListSubkeys Method (Keymgr Class)

Lists the subkeys of the currently selected key.

Syntax

public String listSubkeys();

Remarks

This method lists all subkeys of current key. The SubkeyList event will be fired for each subkey.

SubkeyList data will also be returned from this method, however it is recommended to use the SubkeyList event if possible.

LoadKeyring Method (Keymgr Class)

Loads the keyring from disk.

Syntax

public void loadKeyring(String keyringPath);

Remarks

This method loads the keyring from disk. If the keyring is stored in a directory, set KeyringPath to the directory. The directory must contain the files "secring.gpg" and "pubring.gpg". A keyring may also be stored in a single file. If the keyring is a file KeyringPath should be set to the path of the file.

When this method is called the class will read the keyring and populate the Key property with the first key found in the keyring. Set UserId to select a different key in the current keyring.

LoadKeyringB Method (Keymgr Class)

Loads the keyring from SecretKeyringData and PublicKeyringData .

Syntax

public void loadKeyringB(byte[] secretKeyringData, byte[] publicKeyringData);

Remarks

This method loads the keyring from SecretKeyringData and PublicKeyringData.

When this method is called the class will read the keyring and populate the Key property with the first key found in the keyring. Set UserId to select a different key in the current keyring.

Reset Method (Keymgr Class)

Resets the class properties.

Syntax

public void reset();

Remarks

This method resets all message and key properties to their default values.

RevokeKey Method (Keymgr Class)

Revokes the specified key.

Syntax

public String revokeKey(String keyId);

Remarks

This method revokes the key specified by KeyId and returns the revocation certificate.

When creating a revocation certificate there are two supported formats. The first format includes only the revocation signature. This format is returned by this method. The second format includes both the public key and the revocation signature. This format can be obtained by calling ExportPublicKey after calling this method. Both formats are common, and both formats are acceptable when calling ImportKey.

Before calling this method a key must be selected and available in the Key property.

The KeyId may be the Id of the main key or a subkey.

SaveKeyring Method (Keymgr Class)

Saves the current Keyring to disk.

Syntax

public void saveKeyring(String keyringPath);

Remarks

This method saves the current keyring to disk. There are two output options. The keyring may either be saved to a single key file or may be saved to a directory.

To save the keyring to a directory set KeyringPath to the path. The directory must already exist. The class will create a "pubring.gpg" and "secring.gpg" file in the specified directory. If the files already exist they will be overwritten.

To save the keyring to a key file set KeyringPath to a path and file name. If the file already exists it will be overwritten.

SignUserId Method (Keymgr Class)

Signs the specified user Id of the current key.

Syntax

public void signUserId(String userId, String issuerUserId);

Remarks

This method signs the UserId with the IssuerUserId.

To sign all user Ids in the current key set the UserId parameter to "*".

The key's passphrase is required for this operation and may be specified via Passphrase or through the KeyPassphrase event.

VerifyPassphrase Method (Keymgr Class)

Verifies the passphrase of specified key.

Syntax

public boolean verifyPassphrase(String passphrase);

Remarks

This method verifies the passphrase of the key specified by UserId.

If the password is correct, this method returns True; otherwise, this method returns False.

Error Event (Keymgr Class)

Information about errors during data delivery.

Syntax

public class DefaultKeymgrEventListener implements KeymgrEventListener {
  ...
  public void error(KeymgrErrorEvent e) {}
  ...
}

public class KeymgrErrorEvent {
  public int errorCode;
  public String description;
}

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class throws an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

KeyList Event (Keymgr Class)

Fires for each key in the keyring when ListKeys is called.

Syntax

public class DefaultKeymgrEventListener implements KeymgrEventListener {
  ...
  public void keyList(KeymgrKeyListEvent e) {}
  ...
}

public class KeymgrKeyListEvent {
  public String userId;
  public String keyId;
  public String fingerprint;
  public boolean hasSecretKey;
  public String publicKeyAlgorithm;
  public int publicKeyLength;
  public String curve;
}

Remarks

This event fires once for each key in the Keyring when ListKeys is called.

UserId holds the current user Id of the key.

The UserId format is:

FirstName LastName (Comment) <Email>
Not all values are required when selecting or generating a key, but at least FirstName or Email are required.

KeyId is the hex-encoded, 4-byte or 8-byte Id of the key. It is the same as the last 4 or 8 bytes of the Fingerprint. For instance:

BF52A0AB

Fingerprint holds the hex-encoded, 20-byte fingerprint of the key. This is in the form:

5E70662EA810E768391A2FE8F7B7D49C89C9D7B1

HasSecretKey returns True if the key contains a secret key.

PublicKeyAlgorithm is the public key algorithm. Possible values are:

  • RSA
  • DSA
  • ECDSA
  • EdDSA

PublicKeyLength is the length of the public key. Common values are 512, 1024, and 2048. If the PublicKeyAlgorithm is ECDSA or EdDSA the length of the public key is determined by the Curve. Possible lengths are:

CurvePublic Key Length (bits)
secp256r1256
secp384r1384
secp521r1521
Ed25519 256
secp256k1256

Curve is the curve used by the key when PublicKeyAlgorithm is ECDSA or EdDSA. Possible values are:

ValuePublicKeyAlgorithmDescription
secp256r1 ECDSA NIST curve P-256
secp384r1 ECDSA NIST curve P-384
secp521r1 ECDSA NIST curve P-521
Ed25519 EdDSA Ed25519
secp256k1 EdDSA Secp256k1

KeyPassphrase Event (Keymgr Class)

Fired if the passphrase of current key is incorrect or empty.

Syntax

public class DefaultKeymgrEventListener implements KeymgrEventListener {
  ...
  public void keyPassphrase(KeymgrKeyPassphraseEvent e) {}
  ...
}

public class KeymgrKeyPassphraseEvent {
  public String userId;
  public String keyId;
  public String passphrase;
}

Remarks

This event fires when the passphrase for the key is required. The passphrase must be specified before operations requiring the secret key are attempted. The passphrase may be supplied by setting the Passphrase parameter in this event, or by specifying the Passphrase field before attempting the operation.

The passphrase is required when using the following methods in KeyMgr:

When using the OpenPGP class, or an email-based class, the following methods require a passphrase for the key:

  • Decrypt
  • Sign
  • SignAndEncrypt

SignatureList Event (Keymgr Class)

Fires for each signature of the current key when ListSignatures is called.

Syntax

public class DefaultKeymgrEventListener implements KeymgrEventListener {
  ...
  public void signatureList(KeymgrSignatureListEvent e) {}
  ...
}

public class KeymgrSignatureListEvent {
  public String userId;
  public String issuerKeyId;
  public String issuerUserId;
  public String publicKeyAlgorithm;
  public String curve;
  public String hashAlgorithm;
  public String effectiveDate;
  public int signatureClass;
  public int validityStatus;
}

Remarks

This event fires once for each signature of the current key when ListSignatures is called.

UserId holds the current user Id of the key.

The UserId format is:

FirstName LastName (Comment) <Email>
Not all values are required when selecting or generating a key, but at least FirstName or Email are required.

IssuerKeyId is the hex-encoded, 4- or-8-byte Id of the issuer's key. It is the same as the last 4 or 8 bytes of the Fingerprint. For instance: BF52A0AB

IssuerUserId is the user Id of the issuer. If this is empty the issuer's key could not be found in the current keyring.

PublicKeyAlgorithm is the public key algorithm. Possible values are:

  • RSA
  • DSA
  • ECDSA
  • EdDSA

Curve is the curve used by the key when PublicKeyAlgorithm is ECDSA or EdDSA. Possible values are:

ValuePublicKeyAlgorithmDescription
secp256r1 ECDSA NIST curve P-256
secp384r1 ECDSA NIST curve P-384
secp521r1 ECDSA NIST curve P-521
Ed25519 EdDSA Ed25519
secp256k1 EdDSA Secp256k1

HashAlgorithm is the hash algorithm used by the signature. Possible values are:

  • SHA1
  • SHA256
  • SHA384
  • SHA512
  • SHA224
  • MD5

EffectiveDate is the date when this signature became valid. The following example illustrates the format of an encoded date: 23-Jan-2000 15:00:00 .

SignatureClass is the type of signature. Possible values are:

16Generic Signature
17Personal Signature
18Casual Signature
19Positive Signature (self-signed)

ValidityStatus specifies the current validity status of the signature. Possible values are:

1Invalid
2Valid
3Unknown (the issuer's public key could not be found)

Status Event (Keymgr Class)

Shows the progress of the operation.

Syntax

public class DefaultKeymgrEventListener implements KeymgrEventListener {
  ...
  public void status(KeymgrStatusEvent e) {}
  ...
}

public class KeymgrStatusEvent {
  public String message;
}

Remarks

The event is fired for informational and logging purposes only. It may be used to track the progress of an operation.

The level of detail is controlled by the LogLevel setting.

SubkeyList Event (Keymgr Class)

Fires once for each subkey listed when ListSubkeys is called.

Syntax

public class DefaultKeymgrEventListener implements KeymgrEventListener {
  ...
  public void subkeyList(KeymgrSubkeyListEvent e) {}
  ...
}

public class KeymgrSubkeyListEvent {
  public String keyId;
  public String fingerprint;
  public String publicKeyAlgorithm;
  public int publicKeyLength;
  public String curve;
  public int usageFlags;
  public String usage;
  public String effectiveDate;
  public String expirationDate;
  public boolean revoked;
}

Remarks

This event fires once for each subkey when ListSubkeys is called.

KeyId is the hex-encoded, 4- or 8-byte Id of the key. It is the same as the last 4 or 8 bytes of the Fingerprint. For instance:

BF52A0AB

Fingerprint holds the hex-encoded, 20-byte fingerprint of the key. This is in the form:

5E70662EA810E768391A2FE8F7B7D49C89C9D7B1

PublicKeyAlgorithm is the public key algorithm. Possible values are:

  • RSA
  • Elgamal
  • ECDH (Only used with ECDSA and EdDSA keys)

PublicKeyLength is the length of the public key. Common values are 512, 1024, and 2048.

Curve is the curve used by the key when PublicKeyAlgorithm is ECDH. Possible values are:

ValueDescription
secp256r1 NIST curve P-256
secp384r1 NIST curve P-384
secp521r1 NIST curve P-521
Curve25519 Curve25519
Ed25519 Ed25519

Usage is the textual description of UsageFlags.

The value will be of one or more of the following strings, separated by commas:

  • Certifying Other Certificates
  • Signing Emails and Files
  • Encrypting Emails and Files
  • Split Key
  • Authenticate Against Servers
  • Group Key

UsageFlags is an integer flag that shows the intended use for the key. The value is a combination of the following flags:

0x01This key may be used to certify other keys.
0x02This key may be used to sign data.
0x0CThis key may be used to encrypt communications and encrypt storage.
0x10The private component of this key may have been split by a secret-sharing mechanism.
0x20This key may be used for authentication.
0x80The private component of this key may be in the possession of more than one person.

EffectiveDate is the date when this key became valid. The following example illustrates the format of an encoded date: 23-Jan-2000 15:00:00.

ExpirationDate is the date the key expires. After this date the key will no longer be valid. The following example illustrates the format of an encoded date: 23-Jan-2000 15:00:00. If the ExpirationDate is not populated this indicates that the key never expires.

Revoked Indicates whether the subkey is revoked or not.

Key Type

The OpenPGP key being used.

Remarks

This type describes the current key. The key may be a public or secret key. The fields are used to identify or select the key.

Fields

Curve
String (read-only)

Default Value: ""

This field specifies the elliptic curve used in the ECDSA or EdDSA key. This field is only applicable if PublicKeyAlgorithm is ECDSA or EdDSA. Possible values are:

ValuePublicKeyAlgorithmDescription
secp256r1 ECDSA NIST curve P-256
secp384r1 ECDSA NIST curve P-384
secp521r1 ECDSA NIST curve P-521
Ed25519 EdDSA Ed25519
secp256k1 EdDSA Secp256k1

EffectiveDate
String (read-only)

Default Value: ""

The date when this key becomes valid. Prior to this it is not valid. The following is an example of a valid encoded date:

23-Jan-2000 15:00:00.

Encoded
String

Default Value: ""

The key. This field is used to assign a specific key. The UserId fields may also be used to specify a key.

EncodedB
byte[]

Default Value: ""

The key. This field is used to assign a specific key. The UserId fields may also be used to specify a key.

ExpirationDate
String (read-only)

Default Value: ""

The date the key expires. After this date the key will no longer be valid. The following is an example of a valid encoded date:

23-Jan-2001 15:00:00.

Fingerprint
String (read-only)

Default Value: ""

The hex-encoded, 20-byte fingerprint of the key.

This is in the form:

5E70662EA810E768391A2FE8F7B7D49C89C9D7B1

Id
String (read-only)

Default Value: ""

The hex-encoded, 4-byte key Id. It is same as last 4 bytes of Fingerprint.

This is in the form:

89C9D7B1
The KeyIdLength setting may be set to a value of 8 to return the last 8 bytes instead of the last 4 bytes.

OtherUserIds
String (read-only)

Default Value: ""

If the specified key has alternate user Ids associated with it, this field returns a comma-separated list of the other user Ids.

Passphrase
String

Default Value: ""

The passphrase for the key's secret key (if any). This must be specified before operations requiring the secret key are attempted. The passphrase may be supplied in this field or through the KeyPassphrase event, which will fire when a passphrase is required.

The passphrase is required when using the following methods in KeyMgr:

  • AddUserId
  • SignUserId
  • ChangeExpirationDate
  • ChangePassphrase

When using the OpenPGP class, or an email-based class, the following methods require a passphrase for the key:

  • Decrypt
  • Sign
  • SignAndEncrypt

PublicKey
String (read-only)

Default Value: ""

The public key of the key. The key is provided as ASCII armored data.

PublicKeyAlgorithm
String (read-only)

Default Value: ""

A text description of the public key algorithm of the key. Possible values are:

  • RSA
  • DSA
  • ECDSA
  • EdDSA
  • RSA-Legacy

PublicKeyLength
int (read-only)

Default Value: 0

The length of the public key in bits. Common values are 512, 1024, and 2048.

If the PublicKeyAlgorithm field is ECDSA or EcDSA the length of the public key is determined by the Curve. Possible lenghts are:

CurvePublic Key Length (bits)
secp256r1256
secp384r1384
secp521r1521
Ed25519 256
secp256k1256

Revoked
boolean (read-only)

Default Value: False

Whether or not the key is revoked.

SecretKey
String (read-only)

Default Value: ""

The secret key of the key (if available). The key is provided as ASCII armored data.

SecretKeyAvailable
boolean (read-only)

Default Value: False

Whether or not a secret key is available for the selected key.

Usage
String (read-only)

Default Value: ""

A text description of UsageFlags.

The value will be of one or more of the following strings, separated by commas:

  • Certifying Other Certificates
  • Signing Emails and Files
  • Encrypting Emails and Files
  • Split Key
  • Authenticate Against Servers
  • Group Key

UsageFlags
int (read-only)

Default Value: 47

Flags that show the intended use for the key. The default value is 0x0F. The value of UsageFlags is a combination of the following flags:

0x01This key may be used to certify other keys.
0x02This key may be used to sign data.
0x0CThis key may be used to encrypt communications and encrypt storage.
0x10The private component of this key may have been split by a secret-sharing mechanism.
0x20This key may be used for authentication.
0x80The private component of this key may be in the possession of more than one person.

Please refer to the Usage field for a text representation of UsageFlags.

UserId
String

Default Value: ""

The user Id of the key. When a key is loaded this field is populated with the user Id associated with the key. This field may be set to load a key from the Keyring. When this field is set the class will search the Keyring for a key associated with the UserId specified.

When loading a key with multiple user Ids, this field will be populated with the UserId that was most recently added to the key. To discover all of the UserIds associated with a key query this field and OtherUserIds after loading the key.

The UserId format is:

FirstName LastName (Comment) <Email>
Not all values are required when selecting or generating a key, but at least FirstName or Email are required.

When using this field to select a key you may also specify the key's Id, or any of its subkeys' Ids, instead of a user Id. The class will then search for a key with a matching Id. This is helpful in situations where you do not have the UserId but still need to load the key, such as within the OpenPGP class's RecipientInfo event.

Constructors

public Key( keyPath);

Reads the OpenPGP public key from the specified KeyPath . If multiple keys are present only the first one is used.

public Key( keyData);

Reads the OpenPGP key from the specified KeyData . Both binary-formatted and ASCII-armored data are accepted.

public Key( keyPath,  userId);

Searches the KeyPath for an OpenPGP key with a matching UserId . If UserId is set to "*" the first key will be used.

public Key( keyPath,  secretKeyringFile,  publicKeyringFile,  userId);

Searches the KeyPath for the specified SecretKeyRingFile and PublicKeyringFile . If UserId is set to "*" the first key will be used.

public Key( keyData,  userId);

Searches the KeyData for an OpenPGP key with a matching UserId . If UserId is set to "*" the first key will be used.

Config Settings (Keymgr Class)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

KeyMgr Config Settings

AllowEmptyPassword:   Whether a key can be created without a password.

This controls whether a password will be used to encrypt a key. When true, CreateKey will accept an empty string as the password, leaving the key unencrypted. The default is false.

ChangeSubkeyPassphrase:   Whether or not the passphrase for subkey's should be changed.

This setting determines whether or not subkeys' passphrases should be changed when ChangePassphrase is called. The default value is True.

ContinueOnInvalidKey:   Whether to continue loading the keyring when an invalid key is found.

This setting determines whether the class will continue loading keys when an invalid key is found. This is applicable when calling LoadKeyring. If set to False (default) the class throws an exception. If set to True the class will fire the Error event with information about the key which failed to load, and then continue loading additional keys.

CreateRSASubkeyforEncrypt:   Whether to create a subkey when creating an RSA key.

This setting determines whether the class will additionally create a subkey marked for encryption when calling CreateKey when PublicKeyAlgorithm is set to "RSA". The default is true.

CurrentKeyPrimaryKeyUsageFlags:   The usage flags of the currently selected primary key.

When queried, this will return the usage flags of the currently selected primary key, returned in decimal representation. Individual flags may be checked against the list at UsageFlags.

Curve:   The elliptic curve used when calling CreateKey.

This setting specifies the curve to use when creating ECDSA or EdDSA keys. This setting is only applicable when PublicKeyAlgorithm is set to ECDSA or EdDSA. Possible values are:

ValuePublicKeyAlgorithmDescription
secp256r1 ECDSA NIST curve P-256
secp384r1 ECDSA NIST curve P-384
secp521r1 ECDSA NIST curve P-521
Ed25519 EdDSA Ed25519
secp256k1 EdDSA Secp256k1
The default value is secp256r1 for ECDSA keys and Ed25519 for EdDSA keys.
DSAPublicSubKeyLength:   Specifies the public subkey length when creating a DSA key.

This setting is only applicable when creating DSA keys with CreateKey. This specifies the length of the public ElGamal subkey. The value is 0 means this setting is not used and the subkey will have the length defined in PublicKeyLength. The default value is 0.

EnsureValidDSASignatureHashAlgorithm:   Whether or not to select a suitable signature hash algorithm automatically.

This setting specifies whether the class ensures a valid hash algorithm is selected for use with the loaded DSA or ECDSA key. The default value is True.

DSA Notes

DSA requires that the hash be 160 bits or larger, which means MD5 is not a suitable algorithm. When DSA Signature Hash Algorithm selection is enabled (default) the class will use the preferred algorithm from the key if it meets the requirements for DSA. If the preferred algorithm is MD5 and does not meed the requirements for DSA the class will automatically use a suitable algorithm based on the Q element of the DSA key (may be SHA1, SHA224, or SHA256).

ECDSA Notes

The ECDSA Signature Hash Algorithm requirements are directly related to the Curve used by the key. When this setting is enabled (default) the class will use the preferred algorithm from the key if it meets the requirements for ECDSA. If the preferred algorithm does not meet the requirements the class will automatically select a valid hash algorithm based on the curve as follows:

CurveHash Algorithm
secp256r1 SHA256
secp384r1 SHA384
secp521r1 SHA512
secp256k1 SHA256

ImportAllKeys:   Whether or not to import all keys found in a key file.

When calling ImportKey with a UserId parameter of "*" or "", the class will import all keys found in the file if this property is set to True (default). If this is set to False when the UserId parameter of ImportKey is set to "*" or "", only the first key found in the file will be imported. The default value is True.

KeyEncryptionAlgorithm:   The encryption algorithm used when creating a key.

Specifies the encryption algorithm to use when calling CreateKey. The default value is "CAST5". Possible values are "CAST5", "3DES", "AES256", "AES192", "AES128", "IDEA", and "BLOWFISH".

KeyIdLength:   Specifies the length of the key's Id.

When querying the Id field the value will be returned with the length (in octets) specified. The default value is 4. The only other acceptable value is 8.

KeyringFormat:   Which format of keyring to use.

GPG has two formats to store multiple keys. Set this to the correct format. keymgr1.Config("KeyringFormat=2");

Config ValueKeyring Format
1GPG 2.0 and older (Default)
2GPG 2.1 and newer

Versions 2.0 and older use keyrings. Public keys are stored in pubring.gpg. Secret keys are stored in secring.gpg.

Versions 2.1 and newer use a keybox. Public keys are stored in a .kbx file. Private keys are stored in private-keys-v1.d.

KeyUsage:   Flags that show intended use for the key being created.

When calling CreateKey this setting defines the flags that show the intended use for the key. The default value is (0x0F). The value of KeyUsage is a combination of the following flags:

0x01This key may be used to certify other keys.
0x02This key may be used to sign data.
0x0CThis key may be used to encrypt communications and encrypt storage.
0x10The private component of this key may have been split by a secret-sharing mechanism.
0x20This key may be used for authentication.
0x80The private component of this key may be in the possession of more than one person.

KeyValidityTime:   The validity period for the key being created.

When CreateKey creates a new key, the key is valid the moment it is created. KeyValidityTime determines the number of days until expiration. The default value is 365 days. The special value 0 means the key will never expire.

LogLevel:   Specifies the level of detail that is logged.

This setting controls the level of detail that is logged through the Status event. Possible values are:

0 (None)No events are logged.
1 (Info - default)Informational events are logged.
2 (Verbose)Detailed data is logged.
3 (Debug)Debug data is logged.
PublicKeyAlgorithm:   The public key algorithm for the key being created.

Specifies the public key algorithm to use when creating the key via CreateKey. The default value is "RSA". Possible values are:

  • RSA
  • DSA
  • ECDSA
  • EdDSA
  • RSA-Legacy

The "RSA-Legacy" algorithm should not be used under normal circumstances. It should only be used to create PGP 2.6.2 compatible keys, when required. This type of key will not have subkeys.

Note: When creating a DSA key only PublicKeyLength values of 512 and 1024 are supported. Additionally the PublicKeySignatureHashAlgorithm value "MD5" is not supported with DSA keys.

ECDSA and EdDSA Notes

When creating an ECDSA or EdDSA key the PublicKeyLength value is automatically determined based on the Curve. The Curve and SubKeyCurve settings is also applicable.

If Curve and SubKeyCurve are not specified the following defaults will be used:

PublicKeyAlgorithmDefault Curve
ECDSAsecp256r1
EdDSAEd2519

PublicKeyLength:   Specifies the public key length when creating a key.

Specifies the length of the public key when calling CreateKey. The default value is 1024. Common values are 512, 1024, and 2048.

When PublicKeyAlgorithm is set to ECDSA or EdDSA this setting is not applicable and the public key length is automatically determined based on the Curve selected. The public key length values are as follows:

CurvePublic Key Length (bits)
secp256r1256
secp384r1384
secp521r1521
Ed25519 256
secp256k1256

PublicKeyringFile:   The file name of the public keyring file.

This specifies the name of the public keyring file. The default value is "pubring.gpg". This may be set to a file name only, or a full path including the file name.

PublicKeySignatureHashAlgorithm:   The public key signature hash algorithm used when creating a key.

This setting specifies the public key signature algorithm to be used when calling CreateKey. The default value is "SHA256". Possible values are:

  • SHA1
  • MD5
  • SHA256 (default)
  • SHA384
  • SHA512
  • SHA224
RawKeyData:   Returns detailed key and keyring data for debugging purposes.

This setting will return detailed debugging information about the current key and keyring.

RevocationCode:   The reason why the key was revoked.

This setting specifies why the key was revoked. It is only applicable if Revoked is True. This may be set before calling RevokeKey and may be inspected after importing and selecting a revoked key. Possible values are:

0No reason specified
1Key is superseded
2Key material has been compromised
3Key is retired and no longer used
4User Id information is no longer valid
100-110Private Use
The default value is 0.
RevocationReason:   Text describing why the key was revoked.

This setting specifies text description of why the key was revoked. It is only applicable if Revoked is True. This may be set before calling RevokeKey and may be queried after importing and selecting a revoked key. The default value is an empty string.

Revoker:   The revoker's key Id.

This setting returns the key Id of the designated revoker associated with this key. This will only be present if a separate revoker was added to the key (for instance by calling AddRevoker). If more than one revoker was added this setting will return a comma-separated list of key Ids.

SecretKeyringFile:   The file name of the secret keyring file.

This specifies the name of the secret keyring file. The default value is "secring.gpg". This may be set to a file name only, or a full path including the file name.

SubKeyAlgorithm:   The subkey algorithm for the subkey being created.

Specifies the public key algorithm to use when creating the key via CreateSubKey. The default value is empty string and the class will automatically select an appropriate algorithm based on PublicKeyAlgorithm and SubKeyUsage. In most cases "RSA" is used by default. If this setting is empty string and PublicKeyAlgorithm is set to "DSA" and SubKeyUsage is set to "0x0C" (Encryption) then "ElGamal" will be used. This setting may be set to any of the following values which will override the default automatic behavior:

Key AlgorithmSupported Operations
RSA Sign and Encrypt
DSA Sign
ElGamal Encrypt
ECDSA Sign
EdDSA Sign
ECDH Encrypt
SubKeyCurve:   The elliptic curve of the sub key.

When calling CreateKey and PublicKeyAlgorithm is set to ECDSA or EdDSA this setting may optionally be specified to set a curve for the subkey which differs from the key curve specified by Curve. Possible values are:

ValueDescription
secp256r1 NIST curve P-256
secp384r1 NIST curve P-384
secp521r1 NIST curve P-521
Curve25519 Curve25519
Ed25519 Ed25519
The default value for ECDSA keys is the same value as specified in Curve. The default value for EdDSA keys is Curve25519.

Note: It is valid to specify the subkey curve of Curve25519 when Curve is set to secp256r1, secp384r1, or secp521r1. It is also valid to set a subkey curve of secp256r1, secp384r1, or secp521r1 when Curve is set to Ed25519.

SubKeyUsage:   Flags that show intended use for the subkey being created.

When calling CreateSubKey this setting defines the flags that show the intended use for the key. The default value is (0x0C). The value of SubKeyUsage is a combination of the following flags:

0x01This key may be used to certify other keys.
0x02This key may be used to sign data.
0x0CThis key may be used to encrypt communications and encrypt storage.
0x10The private component of this key may have been split by a secret-sharing mechanism.
0x20This key may be used for authentication.
0x80The private component of this key may be in the possession of more than one person.

UseFipsCompliantAlgorithms:   Restricts the usage to FIPS compliant algorithms only.

When enabled the class will only support FIPS compliant algorithms. If a non-FIPS compliant algorithm is used an exception is thrown. The following algorithms are supported when this setting is True:

  • 3DES
  • AES128
  • AES192
  • AES256
  • RSA
  • DSA
  • SHA1
  • SHA256
  • SHA384
  • SHA512
  • SHA224
The default value is False.
VersionHeader:   The Version header value in ASCII armored public keys.

This setting specifies the Version header value included in newly created public keys. This includes keys that are exported via ExportPublicKey where the UseAsciiArmor parameter is true. The default value is "IPWorks! OpenPGP v9.0".

Base Config Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

GUIAvailable:   Whether or not a message loop is available for processing events.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The class will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications, an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the class does not attempt to process external events.

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g., RuntimeLicense, License File).
  • License Type: The type of license installed (e.g., Royalty Free, Single Server).
  • Last Valid Build: The last valid build number for which the license will work.
MaskSensitive:   Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is true.

This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseDaemonThreads:   Whether threads created by the class are daemon threads.

If set to True (default), when the class creates a thread, the thread's Daemon property will be explicitly set to True. When set to False, the class will not set the Daemon property on the created thread. The default value is True.

UseInternalSecurityAPI:   Whether or not to use the system security libraries or an internal implementation.

When set to false, the class will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this configuration setting to true tells the class to use the internal implementation instead of using the system security libraries.

This setting is set to false by default on all platforms.

Trappable Errors (Keymgr Class)

OpenPGP Errors

101   Cannot decode ASCII Armor data.
102   Unknown ASCII Armor data type.
103   Checksum failed.
104   Unknown ASCII Armor header.
105   Cannot decode PGP packet.
106   Cannot encode PGP packet.
107   Unknown PGP packet tag.
108   Unsupported version.
109   Unsupported algorithm.
110   Unknown subpacket.
111   Internal error.
112   Feature not supported.
113   Secret data was not encrypted.
114   Cannot find the key.
115   Error reading file.
116   Error writing file.
117   Error reading key.
118   Error writing key.
119   Cannot verify signature.
120   Cannot create signature.
121   Invalid UserId.
122   Invalid passphrase.
123   Data encryption failed.
124   Error creating key.
125   Unsupported symmetric algorithm.
126   Unsupported hash.
127   Unsupported compression algorithm.
128   Invalid key usage.
129   Component is busy.
130   Error decrypting data.
131   Data is not compressed.
132   Error decompressing data.
133   Error compressing data.
134   Unsupported signature.
135   Failed to overwrite file.
141   No input.
142   Signing was required, but the message was not signed.
143   Encryption was required, but the message was not encrypted.
146   No data integrity packet was found (MDC), but one was required.
200   Out of memory.