SecureBlackbox 2020 macOS Edition

Questions / Feedback?

Open Method

Opens existing storage or creates one in memory.

Syntax

public func open(storageID: String) throws -> Void

Remarks

Use this method to open the storage with the given StorageID. Certificate storages can come from several different locations, detailed below.

Memory
A storage can be created in memory by passing an empty string ("").

File
A storage can be opened from a file using one of two syntaxes:

  • C:\Certs\certs.pem
  • file://C:/Certs/certs.pem

Windows System
A storage can be opened from the Windows System using this syntax: system://{user}@{host}/?{params}

user is one of these values:

  • currentuser
  • localmachine
  • currentservice
host is either "localhost", an IP address, or FQDN.

params are chosen from this list:
  • store (required), is the name of the Windows store to access (e.g. "MY")
  • readonly, whether to access the store with only read permissions. Use 0 for false, and 1 for true.
Example: system://currentuser@localhost/?store=MY&readonly=1

PKCS#11 Device
A storage can be opened from a PKCS#11 device using this syntax: pkcs11://{user}:{pin}@/{driverpath}?{params}

user is the username used to access the device; typically it's either "user" or "admin".

pin is the pin code used to access the device.

driverpath is the path to the driver used to access the device.

params are chosen from this list:

  • slot, the token slot to access on the device. If not provided, one will be chosen automatically. If set to -1, no session will be opened.
  • readonly, whether to access the device with only read permissions. Use 0 for false, and 1 for true.
  • login, whether to sign in to the device with a PIN. Use 0 or no to avoid signing in, or 1 or yes to enforce it. When not specified, the yes mode is used.
Example: pkcs11://user:1234@/c:/windows/system32/asepkcs.dll?slot=0&readonly=1

KMIP Server
A storage can be opened from a KMIP server using this syntax: mailto:{password}@{remotehost}:{remoteport}/?{params}

password is the password use to authenticate to the server.

remotehost is the FQDN to the server.

remoteport is the server port to connect to.

params are chosen from this list:

  • encoder, the message encoding used to communicate with the server. Possible values are:
    • 1 (XML)
    • 2 (JSON)
    • 3 (TTLV)
Example: mailto:password@kmip.website.com:5696/?encoder=1

Apple
A storage can be opened on macOS using this syntax: apple:///{path}/?{params}

path is the path for storage file.

params are chosen from this list:

  • keychainindex, key chain index. If not provided, one will be set to 0.
  • readonly, whether to access the storage with only read permissions. Use 0 for false, and 1 for true.
Example: apple:///Users/test/Documents/test.storage?readonly=1 A storage can be opened on iOS using this syntax: apple:///?{params}

params are chosen from this list:
  • readonly, whether to access the storage with only read permissions. Use 0 for false, and 1 for true.
Example: apple:///?readonly=1 In Xamarin projects for iOS keychain support should be enabled manually. To do this: 1. Double click on Entitlements.plist file, go to "Entitlements" tab and turn "Enable Keychain" option on. 2. Go to project options, select "iOS Bundle Signing", choose correct configuration and platform and set "Custom Entitlements" to "Entitlements.plist" value.

Java Key Storage
A storage can be opened from a JKS file using the following syntax: java://{path}

path is the path for storage file.

Example: java://C:/Certs/certs.jks

Android Key Storage
A storage (AndroidKeyStore) can be opened on Android using this syntax: android:///?{params}

params are chosen from this list:

  • readonly, whether to access the storage with only read permissions. Use 0 for false, and 1 for true.
Example: android:///?readonly=1

Azure Key Vault
A storage can be opened from the Azure Key Vault service using this syntax: vault://{clientid}:{clientsecret}@{vaultname}.{vaulthost}/

clientid is the client id obtained from Azure Portal when registering an app.

clientsecret is the client secret obtained from Azure Portal when registering an app.

vaultname is the name of the vault to connect to.

vaulthost is the Cloud environment where the vault is located; supported environments are:

Cloud environmentvaulthost
Azure Cloudvault.azure.net
Azure China Cloudvault.azure.cn
Azure US Governmentvault.usgovcloudapi.net
Azure German Cloudvault.microsoftazure.de

Example: vault://xxxx:yyyy@myvault.vault.azure.net/

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 macOS Edition - Version 20.0 [Build 8165]