SecureBlackbox 2020 iOS Edition

Questions / Feedback?

CryptoKeyManager Class

Properties   Methods   Events   Configuration Settings   Errors  

The CryptoKeyManager class provides a simple way to load, generate and manage generic crypto keys.

Syntax

SecureBlackboxCryptoKeyManager
SecureBlackboxCryptoKeyManagerSwift

Remarks

CryptoKeyManager allows you to load, save, generate, import, and export low-level crypto keys. One example of such keys are raw RSA keys stored in PKCS1 format or AES256 keys. CryptoKeyManager supports asymmetric, symmetric, and HMAC keys.

CryptoKeyManager is a typical companion for low-level cryptography classes, such as PublicKeyCrypto, SymmetricCrypto, and HashFunction. It can also be used to provide external key material to certificate objects, and to derive cryptographic keys from passwords.

Use ImportBytes or ImportFromFile method to load the key material from a buffer or file. Use ImportFromCert (and remember to assign the certificate object to the Certificate property before calling it) to import a key from an X.509 certificate. Once loaded, the key will be available in the Key property.

To generate a new key or keypair use Generate method. You can export the generated key using ExportBytes or ExportToFile method. You can attach the generated or loaded key to an external certificate object using the ExportToCert method.

Note: CryptoKeyManager can only work with one cryptographic key at a time. Use CryptoKeyStorage to access media containing more than one key.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

- certBytesReturns raw certificate data in DER format.
- certCAIndicates whether the certificate has a CA capability (a setting in BasicConstraints extension).
- certCAKeyIDA unique identifier (fingerprint) of the CA certificate's private key.
- certCRLDistributionPointsLocations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
- certCurveSpecifies the elliptic curve of the EC public key.
- certFingerprintContains the fingerprint (a hash imprint) of this certificate.
- certFriendlyNameContains an associated alias (friendly name) of the certificate.
- certHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
- certHashAlgorithmSpecifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
- certIssuerThe common name of the certificate issuer (CA), typically a company name.
- certIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
- certKeyAlgorithmSpecifies the public key algorithm of this certificate.
- certKeyBitsReturns the length of the public key.
- certKeyFingerprintReturns a fingerprint of the public key contained in the certificate.
- certKeyUsageIndicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
- certKeyValidReturns True if the certificate's key is cryptographically valid, and False otherwise.
- certOCSPLocationsLocations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
- certOriginReturns the origin of this certificate.
- certPolicyIDsContains identifiers (OIDs) of the applicable certificate policies.
- certPrivateKeyBytesContains the certificate's private key.
- certPrivateKeyExistsIndicates whether the certificate has an associated private key.
- certPrivateKeyExtractableIndicates whether the private key is extractable.
- certPublicKeyBytesContains the certificate's public key in DER format.
- certSelfSignedIndicates whether the certificate is self-signed (root) or signed by an external CA.
- certSerialNumberReturns the certificate's serial number.
- certSigAlgorithmIndicates the algorithm that was used by the CA to sign this certificate.
- certSubjectThe common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
- certSubjectKeyIDContains a unique identifier (fingerprint) of the certificate's private key.
- certSubjectRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
- certValidFromThe time point at which the certificate becomes valid, in UTC.
- certValidToThe time point at which the certificate expires, in UTC.
- keyAlgorithmThe algorithm of the cryptographic key.
- keyBitsThe length of the key in bits.
- keyExportableReturns True if the key is exportable (can be serialized into an array of bytes), and False otherwise.
- keyHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
- keyIDProvides access to a storage-specific key identifier.
- keyIVThe initialization vector (IV) of a symmetric key.
- keyKeyThe byte array representation of the key.
- keyNonceA nonce value associated with a key.
- keyPrivateReturns True if the object hosts a private key, and False otherwise.
- keyPublicReturns True if the object hosts a public key, and False otherwise.
- keySubjectReturns the key subject.
- keySymmetricReturns True if the object contains a symmetric key, and False otherwise.
- keyValidReturns True if this key is valid.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

- configSets or retrieves a configuration setting.
- deriveKeyGenerates a strong cryptographic key from a password.
- exportBytesExports the key to a byte array.
- exportToCertExports the key to a certificate.
- exportToFileExports the key to a file.
- generateGenerates a new crypto key.
- getKeyParamReturns an algorithm-specific key parameter.
- getKeyParamStrReturns an algorithm-specific key parameter to a string.
- importBytesLoads a key from a byte array.
- importFromCertLoads a key from a certificate.
- importFromFileLoads a key from a file.
- setKeyParamSets an algorithm-specific key parameter.
- setKeyParamStrSets an algorithm-specific key parameter.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

- onErrorInforms about an error during an operation.
- onNotificationThis event notifies the application about an underlying control flow event.
- onPasswordNeededThis event is fired when a decryption password is needed.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

Argon2MemoryCostSets the memory cost parameter of Argon2 key derivation algorithm.
Argon2ParallelismSets the parallelism parameter of Argon2 key derivation algorithm.
CurveThe name of the curve of the newly added elliptic cryptography (EC) key.
DerivationAlgorithmThe algorithm to use for key derivation.
DeriveIterationsThe number of iterations to use as part of key derivation routine.
HMACAlgorithmSpecifies the HMAC algorithm to use with the key derivation algorithm.
TempPathPath for storing temporary files.
TempPathPath for storing temporary files.
CheckKeyIntegrityBeforeUseEnables or disable private key integrity check before use.
CookieCachingSpecifies whether a cookie cache should be used for HTTP(S) transports.
CookiesGets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only).
DefDeriveKeyIterationsSpecifies the default key derivation algorithm iteration count.
EnableClientSideSSLFFDHEEnables or disables finite field DHE key exchange support in TLS clients.
GlobalCookiesGets or sets global cookies for all the HTTP transports.
HttpUserAgentSpecifies the user agent name to be used by all HTTP clients.
LogDestinationSpecifies the debug log destination.
LogDetailsSpecifies the debug log details to dump.
LogFileSpecifies the debug log filename.
LogFiltersSpecifies the debug log filters.
LogFlushModeSpecifies the log flush mode.
LogLevelSpecifies the debug log level.
LogMaxEventCountSpecifies the maximum number of events to cache before further action is taken.
LogRotationModeSpecifies the log rotation mode.
MaxASN1BufferLengthSpecifies the maximal allowed length for ASN.1 primitive tag data.
MaxASN1TreeDepthSpecifies the maximal depth for processed ASN.1 trees.
OCSPHashAlgorithmSpecifies the hash algorithm to be used to identify certificates in OCSP requests.
UseOwnDNSResolverSpecifies whether the client classes should use own DNS resolver.
UseSharedSystemStoragesSpecifies whether the validation engine should use a global per-process copy of the system certificate stores.
UseSystemOAEPAndPSSEnforces or disables the use of system-driven RSA OAEP and PSS computations.
UseSystemRandomEnables or disables the use of the OS PRNG.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 iOS Edition - Version 20.0 [Build 8165]