Version 22.0 [Build 8460]

# OpenPGP Class

The OpenPGP class is used to encrypt/decrypt and sign/verify PGP messages.

## Syntax

ipworksopenpgp.openpgp()

## Remarks

The OpenPGP class supports encrypting/decrypting and signing/verifying OpenPGP messages in the format specified by RFC 4880.

The Encrypt, Sign, and SignAndEncrypt methods are used to create a message to be sent to your partner. You can additionally create messages bound for multiple recipients with different keys, simultaneously encrypt and compress with the most popular compression algorithms, and control other aspects such as the encrypting algorithm to use.

When a message is received, the Decrypt, VerifySignature, and DecryptAndVerifySignature methods are used to process the incoming message.

The Key* properties specify the key (with private key) used to sign and decrypt.

The SignerKey* properties specify the key used to verify a signature.

The RecipientKey* properties specify the key used to encrypt.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

## Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

 ASCIIArmor Specifies whether to use ASCII armor to encode the output message. AutoSelectAlgorithms Whether to automatically select algorithms when encrypting or signing. ClearSignature Specifies whether or not to create a cleartext signature. CompressionMethod The compression algorithm used. DetachedSignature Specifies whether or not to generate a detached signature when signing a message. EncryptingAlgorithm The encryption algorithm used when encrypting. InputFile The file to process. InputMessage The message to process. Keys A collection of keys used for cryptographic operations. MessageHeaders A collection of headers in the ASCII armored message. OutputFile The output file. OutputMessage The output message after processing. Overwrite Indicates whether or not the class should overwrite files. RecipientKeys The collection of keys belonging to the recipient of the message. SignerKeys The collection of keys belonging to the signer of the message. SigningAlgorithm The signature hash algorithm used when signing.

## Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

 Config Sets or retrieves a configuration setting. Decrypt Decrypts the message. DecryptAndVerifySignature Decrypts and verifies the signature of the message. Encrypt Encrypts the message. GetRecipientInfo Gets recipient information for an encrypted message. Reset Resets the class properties. Sign Signs the message. SignAndEncrypt Signs and encrypts the current message. VerifySignature Verifies the signature of the current message.

## Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

 Error Information about errors during data delivery. KeyPassphrase Fired if the passphrase of current key is incorrect or empty. Progress Fired as progress is made. RecipientInfo Fired for each recipient key of the encrypted message. SignatureInfo Fired during verification of the signed message. Status Shows the progress of the operation. VerificationStatus Fired after verification of the signed message.

## Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

# OpenPGP.ASCIIArmor Property

Specifies whether to use ASCII armor to encode the output message.

## Syntax


isASCIIArmor(): boolean;

setASCIIArmor(ASCIIArmor: boolean): void;



FALSE

## Remarks

This property controls whether or not ASCII armoring is used on the output message. The default value is False.

# OpenPGP.AutoSelectAlgorithms Property

Whether to automatically select algorithms when encrypting or signing.

## Syntax


getAutoSelectAlgorithms(): number;

setAutoSelectAlgorithms(autoSelectAlgorithms: number): void;



0

## Remarks

This property is set to the binary 'OR' of one or more options indicating which algorithms to automatically select.

When enabled automatic selection is performed by examining the perferred algorithms specified by the key.

When Encrypt is called the class will read the preferred encryption algorithm and compression method from the key specified in the RecipientKey* properties.

If multiple keys are specified the preferred encryption algorithm and compression method from the last key is used. The EncryptingAlgorithm and CompressionMethod properties are ignored.

When Sign is called the class will read the preferred MAC algorithm and compression method from the private key specified in the Key* properties. If multiple keys are specified the preferred MAC algorithm and compression method from the last key is used. The SigningAlgorithm and CompressionMethod properties are ignored.

The list below defines available options.

 Compression Algorithm 1 (Hex 0x01) Cipher Algorithm 2 (Hex 0x02) MAC Algorithm 4 (Hex 0x04)

The default value is 0 which means algorithms are not automatically selected.

# OpenPGP.ClearSignature Property

Specifies whether or not to create a cleartext signature.

## Syntax


isClearSignature(): boolean;

setClearSignature(clearSignature: boolean): void;



FALSE

## Remarks

This property controls whether or not a cleartext signature is created during signing. The default value is False. When set to true a clear text signature will be created when Sign is called.

# OpenPGP.CompressionMethod Property

The compression algorithm used.

## Syntax


getCompressionMethod(): string;

setCompressionMethod(compressionMethod: string): void;



"zip"

## Remarks

This property specifies which compression method is used when generating output. Possible values are:

• zip (default)
• zlib
• bzip2
• none or uncompressed
Note: The level of compression is controlled by the CompressionLevel setting.

# OpenPGP.DetachedSignature Property

Specifies whether or not to generate a detached signature when signing a message.

## Syntax


isDetachedSignature(): boolean;

setDetachedSignature(detachedSignature: boolean): void;



FALSE

## Remarks

This property specifies whether or not a detached signature is created when signing a message. The default value is False.

If set to true the output will only be the signature. The data being signed will not be included in the output. If set to true ClearSignature will be ignored.

When this property is false (default) the signature is not detached. The output will contain both the signed data and the signature.

# OpenPGP.EncryptingAlgorithm Property

The encryption algorithm used when encrypting.

## Syntax


getEncryptingAlgorithm(): string;

setEncryptingAlgorithm(encryptingAlgorithm: string): void;



"AES128"

## Remarks

This property specifies the encryption algorithm used when encrypting. Possible values are:

• CAST5
• 3DES or TripleDES
• AES256
• AES192
• AES128 (default)
• BLOWFISH
• TWOFISH
• IDEA

# OpenPGP.InputFile Property

The file to process.

## Syntax


getInputFile(): string;

setInputFile(inputFile: string): void;



""

## Remarks

This property specifies the file to be processed. Set this property to the full or relative path to the file which will be processed.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

# OpenPGP.InputMessage Property

The message to process.

## Syntax


getInputMessage(): Uint8Array;

setInputMessage(inputMessage: Uint8Array): void;



""

## Remarks

This property specifies the message to be processed. Set this property to the OpenPGP message content.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

# OpenPGP.Keys Property

A collection of keys used for cryptographic operations.

## Syntax


getKeys(): KeyList;

setKeys(keys: KeyList): void;



## Remarks

This collection holds keys that are used for signing and decrypting. In most cases only one key will be specified, however multiple keys may be needed in some cases.

This property is not available at design time.

A collection of headers in the ASCII armored message.

## Syntax





## Remarks

This property holds a collection of headers specified in the message. It is only applicable when ASCIIArmor is set to true.

When generating ASCII armored output the class will include the headers specified here in addition to the standard Version header.

After decrypting or verifying a message that is ASCII armored this collection will be populated with the headers that were present in the message.

This property is not available at design time.

# OpenPGP.OutputFile Property

The output file.

## Syntax


getOutputFile(): string;

setOutputFile(outputFile: string): void;



""

## Remarks

This property specifies the file to which the output will be written. This may be set to an absolute or relative path.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

• OutputFile
• OutputMessage: The output data is written to this property if no other destination is specified.

# OpenPGP.OutputMessage Property

The output message after processing.

## Syntax


getOutputMessage(): Uint8Array;

setOutputMessage(outputMessage: Uint8Array): void;



""

## Remarks

This property will be populated with the output from the operation if OutputFile is not set.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

• OutputFile
• OutputMessage: The output data is written to this property if no other destination is specified.

# OpenPGP.Overwrite Property

Indicates whether or not the class should overwrite files.

## Syntax


isOverwrite(): boolean;

setOverwrite(overwrite: boolean): void;



FALSE

## Remarks

This property indicates whether or not the class will overwrite OutputFile. If Overwrite is False, an error will be thrown whenever OutputFile exists before an operation. The default value is False.

# OpenPGP.RecipientKeys Property

The collection of keys belonging to the recipient of the message.

## Syntax


getRecipientKeys(): KeyList;

setRecipientKeys(recipientKeys: KeyList): void;



## Remarks

This property contains the keys of the message recipient.

Set this property before calling Encrypt or SignAndEncrypt.

This property is not available at design time.

# OpenPGP.SignerKeys Property

The collection of keys belonging to the signer of the message.

## Syntax


getSignerKeys(): KeyList;

setSignerKeys(signerKeys: KeyList): void;



## Remarks

This property contains the keys of the message signer.

Set this property before calling VerifySignature or DecryptAndVerifySignature.

This property is not available at design time.

# OpenPGP.SigningAlgorithm Property

The signature hash algorithm used when signing.

## Syntax


getSigningAlgorithm(): string;

setSigningAlgorithm(signingAlgorithm: string): void;



"SHA256"

## Remarks

This property specifies the signature hash algorithm used when signing. Possible values are:

• SHA1
• MD5
• SHA256 (default)
• SHA384
• SHA512
• SHA224
• RIPEMD160

# OpenPGP.config Method

Sets or retrieves a configuration setting.

## Syntax

async openpgp.config(configurationString : string): Promise<string>

## Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

# OpenPGP.decrypt Method

Decrypts the message.

## Syntax

async openpgp.decrypt(): Promise<void>

## Remarks

This method decrypts the specified message.

The message will be decrypted using the keys specified in the Key* properties. Before decryption begins the class will fire the RecipientInfo event with information about the encrypted message, including the key used to encrypt the message. Within this event you may use the available information to load the correct key into Keys.

# OpenPGP.decryptAndVerifySignature Method

Decrypts and verifies the signature of the message.

## Syntax

async openpgp.decryptAndVerifySignature(): Promise<void>

## Remarks

This method attempts to both decrypt and verify the signature of the message. All of the properties affected by calling the Decrypt and VerifySignature methods are affected in the same manner.

This method may be used when the data is signed, encrypted, or signed and encrypted. For instance, if the data is encrypted but not signed you may still use this method and the class will perform the decryption without error.

The message will be decrypted using the keys specified in the Key* properties. Before decryption begins the class will fire the RecipientInfo event with information about the encrypted message, including the key used to encrypt the message. Within this event you may use the available information to load the correct key into Keys.

The message will be verified using the keys specified in the SignerKey* properties. Before verification begins the class will fire the SignatureInfo event with information about the signature including the key used to sign the message. Within this event you may use the information available to load the correct key into the SignerKey* properties.

By default, if the signature is not valid the class . The configuration setting RequireValidSignature may be set to False to disable this requirement. When RequireValidSignature is set to False, the Status parameter of the VerificationStatus event should be checked to determine the result of the operation.

NOTE: This method does not attempt to check the validity of the signing key itself.

# OpenPGP.encrypt Method

Encrypts the message.

## Syntax

async openpgp.encrypt(): Promise<void>

## Remarks

This method encrypts the specified message.

The message is encrypted with the public keys specified in the RecipientKey* properties.

When encrypting, the following properties may be used to further configure the class:

# OpenPGP.getRecipientInfo Method

Gets recipient information for an encrypted message.

## Syntax

async openpgp.getRecipientInfo(): Promise<void>

## Remarks

This method will fire a RecipientInfo event for every recipient key for which the message has been encrypted. The event will provide the KeyId, which can be used to identify the correct key to be used for decryption.

# OpenPGP.reset Method

Resets the class properties.

## Syntax

async openpgp.reset(): Promise<void>

## Remarks

This method resets all message and key properties to their default values.

# OpenPGP.sign Method

Signs the message.

## Syntax

async openpgp.sign(): Promise<void>

## Remarks

This method signs the specified message.

The message is signed with the private key specified in the Key* properties.

When signing, the following properties may be used to further configure the class:

# OpenPGP.signAndEncrypt Method

Signs and encrypts the current message.

## Syntax

async openpgp.signAndEncrypt(): Promise<void>

## Remarks

This method signs and encrypts the specified message.

The message is encrypted with the public keys specified in the RecipientKey* properties and signed with the private key specified in the Key* properties .

When encrypting, the following properties may be used to further configure the class:

When signing, the following properties may be used to further configure the class:

# OpenPGP.verifySignature Method

Verifies the signature of the current message.

## Syntax

async openpgp.verifySignature(): Promise<void>

## Remarks

This method verifies the signature of the message.

The message will be verified using the keys specified in the SignerKey* properties. Before verification begins the class will fire the SignatureInfo event with information about the signature including the key used to sign the message. Within this event you may use the information available to load the correct key into the SignerKey* properties.

By default, if the signature is not valid the class . The configuration setting RequireValidSignature may be set to False to disable this requirement. When RequireValidSignature is set to False, the Status parameter of the VerificationStatus event should be checked to determine the result of the operation.

# OpenPGP.Error Event

Information about errors during data delivery.

## Syntax

openpgp.on('Error', listener: (e: {readonly errorCode: number, readonly description: string}) => void )


## Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class .

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

# OpenPGP.KeyPassphrase Event

Fired if the passphrase of current key is incorrect or empty.

## Syntax

openpgp.on('KeyPassphrase', listener: (e: {readonly userId: string, readonly keyId: string, passphrase: string}) => void )


## Remarks

This event fires when the passphrase for the key is required. The passphrase must be specified before operations requiring the secret key are attempted. The passphrase may be supplied by setting the Passphrase parameter in this event, or by specifying the KeysPassphrase property before attempting the operation.

The passphrase is required when using the following methods in KeyMgr:

• SignUserId
• ChangeExpirationDate
• ChangePassphrase

When using the OpenPGP class, or an email-based class, the following methods require a passphrase for the key:

# OpenPGP.Progress Event

## Syntax

openpgp.on('Progress', listener: (e: {readonly bytesProcessed: number, readonly percentProcessed: number, readonly operation: number, isEOF: boolean}) => void )


## Remarks

This event is fired automatically as data is processed by the class.

The PercentProcessed parameter indicates the current status of the operation.

The BytesProcessed parameter holds the total number of bytes processed so far.

The Operation parameter is only applicable when either ReadFromProgressEvent or WriteToProgressEvent is set to True. This parameter defines whether a Read or Write operation is required. If the configuration settings are not set this parameter will always return 0. Possible values are:

 0 None 1 Read 2 Write

The IsEOF parameter is only applicable when either ReadFromProgressEvent or WriteToProgressEvent is set to True. This parameter defines whether the Read or Write operation is complete. When the Operation is Read (1) this parameter must be set to indicate that all data has been supplied to the class. When the Operation is Write (2) this value may be queried to determine when all data has been processed.

# OpenPGP.RecipientInfo Event

Fired for each recipient key of the encrypted message.

## Syntax

openpgp.on('RecipientInfo', listener: (e: {readonly keyId: string, readonly publicKeyAlgorithm: string}) => void )


## Remarks

This event fires when the Decrypt or DecryptAndVerifySignature method is called.

KeyId is the Id of the key used to encrypt the message. If a subkey was used to encrypt the message this will be the Id of that subkey. It is the hex-encoded, 4- or 8-byte Id of the key. It is the same as the last 4 or 8 bytes of the fingerprint. For instance:

BF52A0AB
This can be used to identify the correct key to specify in Keys. Keys can be set from within this event as this event fires directly before the decryption process begins.

# OpenPGP.SignatureInfo Event

Fired during verification of the signed message.

## Syntax

openpgp.on('SignatureInfo', listener: (e: {readonly keyId: string, readonly signingAlgorithm: string, readonly publicKeyAlgorithm: string}) => void )


## Remarks

This event fires when the VerifySignature or DecryptAndVerifySignature method is called. It provides information about the signature of the message.

KeyId is the Id of the key used to sign the message. If a subkey was used to sign the message this will be the Id of that subkey. It is the hex-encoded, 4- or 8-byte Id of the key. It is the same as the last 4 or 8 bytes of the Fingerprint. For instance:

BF52A0AB
This can be used to identify the correct key to specify in the SignerKey* properties. This property can be set from within this event as this event fires directly before the verification process begins.

SigningAlgorithm describes the hash algorithm used when the message was originally signed. This value is applicable only to the message signature, not the key used to sign the message. Possible values are:

• SHA1
• SHA256
• SHA384
• SHA512
• SHA224
• MD5

PublicKeyAlgorithm is the algorithm of the public key used to sign the message. Possible values are:

• RSA
• DSA
• ECDSA
• EdDSA

# OpenPGP.Status Event

Shows the progress of the operation.

## Syntax

openpgp.on('Status', listener: (e: {readonly message: string}) => void )


## Remarks

The event is fired for informational and logging purposes only. It may be used to track the progress of an operation.

The level of detail is controlled by the LogLevel setting.

# OpenPGP.VerificationStatus Event

Fired after verification of the signed message.

## Syntax

openpgp.on('VerificationStatus', listener: (e: {readonly keyId: string, readonly status: number}) => void )


## Remarks

This event fires when VerifySignature or DecryptAndVerifySignature is called. It provides information about the result.

KeyId is the Id of the key used to sign the message. It is the hex-encoded, 4-or 8-byte Id of the key. It is the same as the last 4 or 8 bytes of the Fingerprint. For instance:

BF52A0AB

Status holds the result of the operation. Possible values are:

 0 Verification succeeded 1 Verification failed 2 The required key could not be found 3 Verification succeeded but the key is expired.

This is an HTTP header as it is received from the server.

## Remarks

When a header is received through a Header event, it is parsed into a Header type. This type contains a , and its corresponding .

## Fields

 Fieldstring This property contains the name of the HTTP Header (this is the same case as it is delivered). Valuestring This property contains the Header contents.

## Constructors

public Header();


public Header(String field, String value);


# Key Type

The OpenPGP key being used.

## Remarks

This type describes the current key. The key may be a public or secret key. The fields are used to identify or select the key.

## Fields

Curve
string

This property specifies the elliptic curve used in the ECDSA or EdDSA key. This property is only applicable if is ECDSA or EdDSA. Possible values are:

 Value PublicKeyAlgorithm Description secp256r1 ECDSA NIST curve P-256 secp384r1 ECDSA NIST curve P-384 secp521r1 ECDSA NIST curve P-521 Ed25519 EdDSA Ed25519 secp256k1 EdDSA Secp256k1

EffectiveDate
string

The date when this key becomes valid. Prior to this it is not valid. The following is an example of a valid encoded date:

23-Jan-2000 15:00:00.

Encoded
Uint8Array

The key. This property is used to assign a specific key. The properties may also be used to specify a key.

EncodedB
byte[]

The key. This property is used to assign a specific key. The properties may also be used to specify a key.

ExpirationDate
string

The date the key expires. After this date the key will no longer be valid. The following is an example of a valid encoded date:

23-Jan-2001 15:00:00.

Fingerprint
string

The hex-encoded, 20-byte fingerprint of the key.

This is in the form:

5E70662EA810E768391A2FE8F7B7D49C89C9D7B1

Id
string

The hex-encoded, 4-byte key Id. It is same as last 4 bytes of .

This is in the form:

89C9D7B1
The KeyIdLength setting may be set to a value of 8 to return the last 8 bytes instead of the last 4 bytes.

OtherUserIds
string

If the specified key has alternate user Ids associated with it, this property returns a comma-separated list of the other user Ids.

Passphrase
string

The passphrase for the key's secret key (if any). This must be specified before operations requiring the secret key are attempted. The passphrase may be supplied in this property or through the KeyPassphrase event, which will fire when a passphrase is required.

The passphrase is required when using the following methods in KeyMgr:

• SignUserId
• ChangeExpirationDate
• ChangePassphrase

When using the OpenPGP class, or an email-based class, the following methods require a passphrase for the key:

• Decrypt
• Sign
• SignAndEncrypt

PublicKey
string

The public key of the key. The key is provided as ASCII armored data.

PublicKeyAlgorithm
string

A text description of the public key algorithm of the key. Possible values are:

• RSA
• DSA
• ECDSA
• EdDSA
• RSA-Legacy

PublicKeyLength
number

The length of the public key in bits. Common values are 512, 1024, and 2048.

If the property is ECDSA or EcDSA the length of the public key is determined by the . Possible lenghts are:

 Curve Public Key Length (bits) secp256r1 256 secp384r1 384 secp521r1 521 Ed25519 256 secp256k1 256

Revoked
boolean

Whether or not the key is revoked.

SecretKey
string

The secret key of the key (if available). The key is provided as ASCII armored data.

SecretKeyAvailable
boolean

Whether or not a secret key is available for the selected key.

Usage
string

A text description of .

The value will be of one or more of the following strings, separated by commas:

• Certifying Other Certificates
• Signing Emails and Files
• Encrypting Emails and Files
• Split Key
• Authenticate Against Servers
• Group Key

UsageFlags
number

Flags that show the intended use for the key. The default value is 0x0F. The value of is a combination of the following flags:

 0x01 This key may be used to certify other keys. 0x02 This key may be used to sign data. 0x0C This key may be used to encrypt communications and encrypt storage. 0x10 The private component of this key may have been split by a secret-sharing mechanism. 0x20 This key may be used for authentication. 0x80 The private component of this key may be in the possession of more than one person.

Please refer to the property for a text representation of .

UserId
string

The user Id of the key. When a key is loaded this property is populated with the user Id associated with the key. This property may be set to load a key from the Keyring. When this property is set the class will search the Keyring for a key associated with the UserId specified.

When loading a key with multiple user Ids, this property will be populated with the UserId that was most recently added to the key. To discover all of the UserIds associated with a key query this property and KeyOtherUserIds after loading the key.

The UserId format is:

FirstName LastName (Comment) <Email>
Not all values are required when selecting or generating a key, but at least FirstName or Email are required.

When using this property to select a key you may also specify the key's Id, or any of its subkeys' Ids, instead of a user Id. The class will then search for a key with a matching Id. This is helpful in situations where you do not have the UserId but still need to load the key, such as within the OpenPGP class's RecipientInfo event.

## Constructors

public Key(String keyPath);


Reads the OpenPGP public key from the specified KeyPath . If multiple keys are present only the first one is used.

public Key(byte[] keyData);


Reads the OpenPGP key from the specified KeyData . Both binary-formatted and ASCII-armored data are accepted.

public Key(String keyPath, String userId);


Searches the KeyPath for an OpenPGP key with a matching UserId . If UserId is set to "*" the first key will be used.

public Key(String keyPath, String secretKeyringFile, String publicKeyringFile, String userId);


Searches the KeyPath for the specified SecretKeyRingFile and PublicKeyringFile . If UserId is set to "*" the first key will be used.

public Key(byte[] keyData, String userId);


Searches the KeyData for an OpenPGP key with a matching UserId . If UserId is set to "*" the first key will be used.

# Config Settings (class ipworksopenpgp.openpgp)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

### OpenPGP Config Settings

AllowEmptyInput:   Whether to allow empty files for input.

This setting controls whether the class allows empty input when processing. When True, the class will process 0 byte files specified by InputFile, or 0 byte messages specified by InputMessage. The default value is False.

AllowOldPacketType:   Whether to allow the older encrypted packet type.

By default the class will only encrypt data using the newer and more secure integrity protected data packet type. Old implementations such as PGP 6.5.8 may require the older less secure data packet type.

When set to True the class will read the features from the recipient key to determine if the older packet type is required. If the key does require the old packet type, then the older packet type will be used. If the key does not require the old packet type, then the new integrity protected packet type will still be used.

By default this value is False. This means under no conditions is the older less secure packet type used. The newer integrity protected packet type is always used.

Only enable this setting if you have a requirement to do so.

CloseInputStreamAfterProcessing:   Determines whether or not the input stream is closed after processing.

Determines whether or not the input stream set by SetInputStream is closed after processing is complete. The default value is True.

CloseOutputStreamAfterProcessing:   Determines whether or not the output stream is closed after processing.

Determines whether or not the output stream set by SetOutputStream is closed after processing is complete. The default value is True.

CompressionLevel:   The level of compression used.

This setting specifies the level of compression used: possible values depend on the value of CompressionMethod and are detailed below.

 zlib 1-6 zip 1-6 bzip2 1-9

Higher values will cause the class to compress better; lower values will cause the class to compress faster. The default value for all methods is 4.

DeleteOutputFileOnError:   Whether to delete the output file on an error.

Set this to true to automatically delete any partially written OutputFile if an error occurs. The default is false

DetachedSignatureData:   The detached signature.

This setting is used to specify the detached signature before calling VerifySignature. The message data should be specified normally and this setting should be set to the detached signature data. Both hex-string and OpenPGP ASCII-armored message formats are allowed. Hex-encoded data should be provided as a string like so:

89011C04000102000605025100459B000A0910E2...
EnsureValidDSASignatureHashAlgorithm:   Whether or not to select a suitable signature hash algorithm automatically.

This setting specifies whether the class ensures a valid hash algorithm is selected for use with the loaded DSA or ECDSA key. The default value is True.

## DSA Notes

DSA requires that the hash be 160 bits or larger, which means MD5 is not a suitable algorithm. When DSA Signature Hash Algorithm selection is enabled (default) the class will use the preferred algorithm from the key if it meets the requirements for DSA. If the preferred algorithm is MD5 and does not meed the requirements for DSA the class will automatically use a suitable algorithm based on the Q element of the DSA key (may be SHA1, SHA224, or SHA256).

## ECDSA Notes

The ECDSA Signature Hash Algorithm requirements are directly related to the KeyCurve used by the key. When this setting is enabled (default) the class will use the preferred algorithm from the key if it meets the requirements for ECDSA. If the preferred algorithm does not meet the requirements the class will automatically select a valid hash algorithm based on the curve as follows:

 Curve Hash Algorithm secp256r1 SHA256 secp384r1 SHA384 secp521r1 SHA512 secp256k1 SHA256

FileName:   The original name of the encrypted file.

When encrypting, this configuration setting can be used to specify the original name of the encrypted data. When specifying an InputFile to encrypt from, this is included automatically in the encrypted packet. After decrypting, this will contain the file name of the original encrypted file.

KeyIdLength:   The length of the KeyId available.

This controls the length of KeyId available when RecipientInfo fires. Possible values are 4 (default) or 8.

KeySelectionMethod:   The method used to select a key for encryption or signing.

When more than one key is present this class can be configured to automatically select a key based on certain criteria (described below) or allow for manual selection.

 0 Automatic selection, first suitable subkey. Expired keys accepted. 1 Automatic selection, first suitable subkey. Expired keys not accepted. 2 Automatic selection, newest suitable subkey. Expired keys not accepted (Default). 99 Manual Selection.

A key's suitability is determined by its usage flags.

Manual Selection

To manually select a key for any operation pass the key's Id in the constructor.  Openpgp pgp = new Openpgp(); pgp.Config("KeySelectionMethod=99"); pgp.RecipientKeys.Add(new Key(@"C:\path\to\key.asc", "7CA1376C39768977")); // Key with Id 7CA1376C39768977 will be used for encryption.

LogLevel:   Specifies the level of detail that is logged.

This setting controls the level of detail that is logged through the Status event. Possible values are:

 0 (None) No events are logged. 1 (Info - default) Informational events are logged. 2 (Verbose) Detailed data is logged. 3 (Debug) Debug data is logged.

PGPZipDir:   The directory used when creating or extracting a PGP zip file.

A PGP zip file is a Tar archive that is encrypted. It is commonly used by utilities to protect multiple files in one OpenPGP message. The class supports creating and extracting these types of files.

• To create a PGP zip file set this value to a location on disk including a filemask and call Encrypt. For instance: OpenPGP1.Config("PGPZipDir=C:\MyFiles\*.txt"); OpenPGP1.OutputFile = "C:\PGPZip.pgp"; OpenPGP1.Encrypt(); The created file returned in the OutputFile property is the PGP zip. If InputFile is specified it is used to temporarily hold the Tar archive while creating the PGP zip file. The temporary file is not automatically deleted. If InputFile is not specified the Tar archive is held in memory while creating the PGP zip file.
• To extract a PGP zip file set this value to a location on disk and call Decrypt. For instance: OpenPGP1.Config("PGPZipDir=C:\MyFiles"); OpenPGP1.InputFile = "C:\PGPZip.pgp"; OpenPGP1.Decrypt(); The extracted files will be present in the specified directory. If OutputFile is specified it is used to temporarily hold the Tar archive. The temporary file is not automatically deleted. If OutputFile is not specified the Tar archive is held in memory while extracting the PGP zip file. Note that if the OpenPGP message supplied is not a PGP zip file the decryption will occur as normal without error.

ProgressEventThreshold:   The amount of data in bytes to process before firing the progress event.

When encrypting or decrypting, the Progress event is fired as data is processed by the class. When this setting is specified, the event will only fire after processing at least the specified number of bytes. The default value is 0.

PublicKeyringFile:   The file name of the public keyring file.

This specifies the name of the public keyring file. The default value is "pubring.gpg". This may be set to a file name only, or a full path including the file name.

When set to True this setting allows input data to be specified from within the Progress event. The class will repeatedly fire the Progress event to ask for data. Inside the event set InputMessage when the Operation parameter of the event is 1 (Read). When all data has been provided set the IsEOF parameter of the event to True. This allows input data to be chunked and provided piece by piece. The default value is False.

RecursiveDecryptMode:   Whether the encrypted data should be decrypted recursively.

In some instances data will be encrypted multiple times. This configuration option determines how the class will handle this situation. Options are:

 0 Automatic - If the PGP message contains the special header version "PGP Command Line" then recursive decryption will be attempted. (Default) 1 Always attempt recursive decryption. 2 Never attempt recursive decryption.

RequireEncryption:   Whether to throw an error when decrypting and encryption is not detected.

By default, the component's decryption methods will succeed if the message is not encrypted. To cause an error to be thrown in this case, set this option to true.

The default value is false.

RequireIntegrityProtectedPacket:   Whether an MDC packet is required for decryption.

When set to true, the class will throw an exception if the message being decrypted does not contain a Message Detection Code (MDC) packet. The default value is false.

RequireSignature:   Whether to throw an error when verifying a signature and no signature is found.

By default, the component's signature verification methods will succeed if the message is not signed. To cause an error to be thrown in this case, set this option to true.

The default value is false.

RequireValidSignature:   Specifies if an invalid signature is considered an error condition.

By default, if the signature is not valid the class . This setting may be set to False to disable this requirement. When False, the Status parameter of the VerificationStatus event should be checked to determine the result of the operation. The default value is True.

SecretKeyringFile:   The file name of the secret keyring file.

This specifies the name of the secret keyring file. The default value is "secring.gpg". This may be set to a file name only, or a full path including the file name.

By default, when headers are specified via MessageHeaders, the class will split headers over a certain length onto multiple lines. This is done to avoid potential errors during transport of the message. If false, the headers will be on one line regardless of length. The default value is True.

SymmetricPassphrase:   The password used for symmetric encryption or decryption.

This setting specifies the passphrase when using symmetric encryption. If a value is provided, symmetric encryption/decryption will be attempted. In this case no keys are used for either encryption or decryption. Only Encrypt and Decrypt are valid operations when a value is set. Sign, SignAndEncrypt, VerifySignature, and DecryptAndVerifySignature are not valid operations when using this option.

UseFipsCompliantAlgorithms:   Restricts the usage to FIPS compliant algorithms only.

When enabled the class will only support FIPS compliant algorithms. If a non-FIPS compliant algorithm is used an exception is thrown. The following algorithms are supported when this setting is True:

• 3DES
• AES128
• AES192
• AES256
• RSA
• DSA
• SHA1
• SHA256
• SHA384
• SHA512
• SHA224
The default value is False.

This setting specifies the Version header value included in the ASCII armored OpenPGP message. This may be set before calling Encrypt, Sign, or SignAndEncrypt. The default value is "IPWorks! OpenPGP 2022".

This setting will be populated after calling Decrypt, VerifySignature, or DecryptAndVerifySignature.

WriteToProgressEvent:   Whether to write output data so it is accessible from inside the progress event.

When set to True this setting allows output data to be obtained from within the Progress event. The class will repeatedly fire the Progress event to provide output data. Inside the event check OutputMessage when the Operation parameter of the event is 2 (Write). The IsEOF parameter should be checked inside the event to determine when all output data has been provided. This allows output data to be chunked and obtained piece by piece. The default value is False.

### Base Config Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

CodePage:   The system code page used for Unicode to Multibyte translations.

The default code page is Unicode UTF-8 (65001).

The following is a list of valid code page identifiers:

The following is a list of valid code page identifiers for Mac OS only:

 Identifier Name 1 ASCII 2 NEXTSTEP 3 JapaneseEUC 4 UTF8 5 ISOLatin1 6 Symbol 7 NonLossyASCII 8 ShiftJIS 9 ISOLatin2 10 Unicode 11 WindowsCP1251 12 WindowsCP1252 13 WindowsCP1253 14 WindowsCP1254 15 WindowsCP1250 21 ISO2022JP 30 MacOSRoman 10 UTF16String 0x90000100 UTF16BigEndian 0x94000100 UTF16LittleEndian 0x8c000100 UTF32String 0x98000100 UTF32BigEndian 0x9c000100 UTF32LittleEndian 65536 Proprietary

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

• Product: The product the license is for.
• Product Key: The key the license was generated from.
• License Type: The type of license installed (e.g., Royalty Free, Single Server).
• Last Valid Build: The last valid build number for which the license will work.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is false.

This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseInternalSecurityAPI:   Tells the class whether or not to use the system security libraries or an internal implementation.

When set to false, the class will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this setting to true tells the class to use the internal implementation instead of using the system security libraries.

This setting is set to false by default on all platforms.

# Trappable Errors (class ipworksopenpgp.openpgp)

### OpenPGP Errors

 101   Cannot decode ASCII Armor data. 102   Unknown ASCII Armor data type. 103   Checksum failed. 104   Unknown ASCII Armor header. 105   Cannot decode PGP packet. 106   Cannot encode PGP packet. 107   Unknown PGP packet tag. 108   Unsupported version. 109   Unsupported algorithm. 110   Unknown subpacket. 111   Internal error. 112   Feature not supported. 113   Secret data was not encrypted. 114   Cannot find the key. 115   Error reading file. 116   Error writing file. 117   Error reading key. 118   Error writing key. 119   Cannot verify signature. 120   Cannot create signature. 121   Invalid UserId. 122   Invalid passphrase. 123   Data encryption failed. 124   Error creating key. 125   Unsupported symmetric algorithm. 126   Unsupported hash. 127   Unsupported compression algorithm. 128   Invalid key usage. 129   Component is busy. 130   Error decrypting data. 131   Data is not compressed. 132   Error decompressing data. 133   Error compressing data. 134   Unsupported signature. 141   No input. 142   Signing was required, but the message was not signed. 143   Encryption was required, but the message was not encrypted. 146   No data integrity packet was found (MDC), but one was required. 200   Out of memory.