CryptoKeyManager Component

Properties   Methods   Events   Config Settings   Errors  

The CryptoKeyManager component provides a simple way to load, generate and manage generic cryptographic keys.

Syntax

TsbxCryptoKeyManager

Remarks

CryptoKeyManager allows you to load, save, generate, import, and export low-level cryptographic keys. Two examples of such keys are raw RSA keys stored in PKCS1 format or AES256 keys. CryptoKeyManager supports asymmetric, symmetric, and HMAC keys.

CryptoKeyManager is a typical companion for low-level cryptography classes, such as PublicKeyCrypto, SymmetricCrypto, and HashFunction. It can also be used to provide external key material to certificate objects, and to derive cryptographic keys from passwords.

Use ImportBytes or ImportFromFile method to load the key material from a buffer or file. Use ImportFromCert (and remember to assign the certificate object to the Certificate property before calling it) to import a key from an X.509 certificate. Once loaded, the key will be available in the Key property.

 
 Copy
  // Loading an AES key and setting its IV
  CryptoKeyManager.ImportBytes(Key, kffDER, "AES256", "", "", ktSecret, "");
  CryptoKeyManager.Key.IV = IV;

  // Loading an ECDSA private key from a file  
  CryptoKeyManager.ImportFromFile("ec-secp256k1-priv-key.pem", kffAuto, "ECDSA", "NISTP256", "", ktSecret, "");
  
  // Loading an ECDSA public key from a file
  CryptoKeyManager.ImportFromFile("ec-secp256k1-pub-key.pem", kffAuto, "ECDSA", "NISTP256", "", ktPublic, "");
  
  // Importing a private key from a certificate object
  CertMgr.ImportFromFile("cert.pfx", "password");
  CryptoKeyManager.Certificate = CertMgr.Certificate;
  CryptoKeyManager.ImportFromCert();  

To generate a new key or keypair use Generate method. You can export the generated key using ExportBytes or ExportToFile method. You can attach the generated or loaded key to an external certificate object using the ExportToCert method.

 
 Copy
  // Generating an EdDSA Curve25519 keypair
  CryptoKeyManager.Generate("EDDSA", "CURVE25519", "", 256);

  // Generating an ECDSA NIST P256 curve keypair
  CryptoKeyManager.Generate("ECDSA", "NISTP256", "", 256);

  // Generating an RSA 2048 bit keypair  
  CryptoKeyManager.Generate("RSA", "", "", 2048);
  
  // Generating a symmetric AES256 key
  CryptoKeyManager.Generate("AES256", "", "", 256);

Use DeriveKey to derive a strong cryptographic key from a password using one of supported key derivation functions (KDFs):

 
 Copy
  CryptoKeyManager.DerivationAlgorithm = "PKCS5";
  CryptoKeyManager.HMACAlgorithm = "SHA256";
  CryptoKeyManager.DeriveIterations = 10000;
  CryptoKeyManager.DeriveKey(256, "password", "hex:41424344");
  Key = CryptoKeyManager.Key.Key;

CryptoKeyManager supports the majority of modern cryptographic algorithms:

• Asymmetric: RSA, ECDSA, EdDSA, ElGamal, DSS, Diffie-Hellman
• Symmetric: AES, Blowfish, Camellia, CAST5, ChaCha20, DES, 3DES-EDE, IDEA, RC2, RC4, Serpent, Twofish.
• KDFs: PKCS5, PBKDF2 (an alias to PKCS5), BCrypt, SCrypt, Argon2d, Argon2i, Argon2id.

See the "Supported Algorithms" section in the FAQ for the complete list.

Note: CryptoKeyManager can only work with one cryptographic key at a time. Use CryptoKeyStorage to access media containing more than one key.

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

CertBytes Property (CryptoKeyManager Component)

Returns the raw certificate data in DER format.

Syntax

__property DynamicArray CertBytes = { read=FCertBytes };

Remarks

Returns the raw certificate data in DER format.

This property is read-only and not available at design time.

Data Type

Byte Array

CertCA Property (CryptoKeyManager Component)

Indicates whether the certificate has a CA capability.

Syntax

__property bool CertCA = { read=FCertCA, write=FSetCertCA };

Default Value

false

Remarks

Indicates whether the certificate has a CA capability. For the certificate to be considered a CA, it must have its Basic Constraints extension set with the CA indicator enabled.

Set this property when generating a new certificate to have its Basic Constraints extension generated automatically.

This property is not available at design time.

Data Type

Boolean

CertCAKeyID Property (CryptoKeyManager Component)

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Syntax

__property DynamicArray CertCAKeyID = { read=FCertCAKeyID };

Remarks

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Authority Key Identifier is a certificate extension which allows identification of certificates belonging to the same issuer, but with different public keys. It is a de-facto standard to include this extension in all certificates to facilitate chain building.

This setting cannot be set when generating a certificate as it always derives from another certificate property. CertificateManager generates this setting automatically if enough information is available to it: for self-signed certificates, this value is copied from the CertSubjectKeyID setting, and for lower-level certificates, from the parent certificate's subject key ID extension.

This property is read-only and not available at design time.

Data Type

Byte Array

CertCertType Property (CryptoKeyManager Component)

Returns the type of the entity contained in the Certificate object.

Syntax

__property TsbxCryptoKeyManagerCertCertTypes CertCertType = { read=FCertCertType };

enum TsbxCryptoKeyManagerCertCertTypes {
  ctUnknown=0,
  ctX509Certificate=1,
  ctX509CertificateRequest=2
};

Default Value

ctUnknown

Remarks

Returns the type of the entity contained in the Certificate object.

A Certificate object can contain two types of cryptographic objects: a ready-to-use X.509 certificate, or a certificate request ("an unsigned certificate"). Certificate requests can be upgraded to full certificates by signing them with a CA certificate.

Use the CertificateManager component to load or create new certificate and certificate requests objects.

This property is read-only and not available at design time.

Data Type

Integer

CertCRLDistributionPoints Property (CryptoKeyManager Component)

Contains a list of locations of CRL distribution points used to check this certificate's validity.

Syntax

__property String CertCRLDistributionPoints = { read=FCertCRLDistributionPoints, write=FSetCertCRLDistributionPoints };

Default Value

""

Remarks

Contains a list of locations of CRL distribution points used to check this certificate's validity. The list is taken from the respective certificate extension.

Use this property when generating a certificate to provide a list of CRL endpoints that should be made part of the new certificate.

The endpoints are provided as a list of CRLF-separated URLs. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the location separator.

This property is not available at design time.

Data Type

String

CertCurve Property (CryptoKeyManager Component)

Specifies the elliptic curve associated with the certificate's public key.

Syntax

__property String CertCurve = { read=FCertCurve, write=FSetCertCurve };

Default Value

""

Remarks

Specifies the elliptic curve associated with the certificate's public key. This setting only applies to certificates containing EC keys.

This property is not available at design time.

Data Type

String

CertFingerprint Property (CryptoKeyManager Component)

Contains the fingerprint (a hash imprint) of this certificate.

Syntax

__property String CertFingerprint = { read=FCertFingerprint };

Default Value

""

Remarks

Contains the fingerprint (a hash imprint) of this certificate.

While there is no formal standard defining what a fingerprint is, a SHA1 hash of the certificate's DER-encoded body is typically used.

This property is read-only and not available at design time.

Data Type

String

CertFriendlyName Property (CryptoKeyManager Component)

Contains an associated alias (friendly name) of the certificate.

Syntax

__property String CertFriendlyName = { read=FCertFriendlyName };

Default Value

""

Remarks

Contains an associated alias (friendly name) of the certificate. The friendly name is not a property of a certificate: it is maintained by the certificate media rather than being included in its DER representation. Windows certificate stores are one example of media that does support friendly names.

This property is read-only and not available at design time.

Data Type

String

CertHandle Property (CryptoKeyManager Component)

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

__property __int64 CertHandle = { read=FCertHandle, write=FSetCertHandle };

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation.

 
 Copy
  pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

This property is not available at design time.

Data Type

Long64

CertHashAlgorithm Property (CryptoKeyManager Component)

Provides means to set the hash algorithm to be used in the subsequent operation on the certificate (such as generation or key signing).

Syntax

__property String CertHashAlgorithm = { read=FCertHashAlgorithm, write=FSetCertHashAlgorithm };

Default Value

""

Remarks

Provides means to set the hash algorithm to be used in the subsequent operation on the certificate (such as generation or key signing). It is not a property of a certificate; use CertSigAlgorithm to find out the hash algorithm that is part of the certificate signature.

This property is not available at design time.

Data Type

String

CertIssuer Property (CryptoKeyManager Component)

The common name of the certificate issuer (CA), typically a company name.

Syntax

__property String CertIssuer = { read=FCertIssuer };

Default Value

""

Remarks

The common name of the certificate issuer (CA), typically a company name. This is part of a larger set of credentials available via CertIssuerRDN.

This property is read-only and not available at design time.

Data Type

String

CertIssuerRDN Property (CryptoKeyManager Component)

A list of Property=Value pairs that uniquely identify the certificate issuer.

Syntax

__property String CertIssuerRDN = { read=FCertIssuerRDN, write=FSetCertIssuerRDN };

Default Value

""

Remarks

A list of Property=Value pairs that uniquely identify the certificate issuer.

Example: /C=US/O=Nationwide CA/CN=Web Certification Authority

This property is not available at design time.

Data Type

String

CertKeyAlgorithm Property (CryptoKeyManager Component)

Specifies the public key algorithm of this certificate.

Syntax

__property String CertKeyAlgorithm = { read=FCertKeyAlgorithm, write=FSetCertKeyAlgorithm };

Default Value

"0"

Remarks

Specifies the public key algorithm of this certificate.

Use the CertKeyBits, CertCurve, and CertPublicKeyBytes properties to get more details about the key the certificate contains.

This property is not available at design time.

Data Type

String

CertKeyBits Property (CryptoKeyManager Component)

Returns the length of the public key in bits.

Syntax

__property int CertKeyBits = { read=FCertKeyBits };

Default Value

0

Remarks

Returns the length of the public key in bits.

This value indicates the length of the principal cryptographic parameter of the key, such as the length of the RSA modulus or ECDSA field. The key data returned by the CertPublicKeyBytes or CertPrivateKeyBytes property would typically contain auxiliary values, and therefore be longer.

This property is read-only and not available at design time.

Data Type

Integer

CertKeyFingerprint Property (CryptoKeyManager Component)

Returns a SHA1 fingerprint of the public key contained in the certificate.

Syntax

__property String CertKeyFingerprint = { read=FCertKeyFingerprint };

Default Value

""

Remarks

Returns a SHA1 fingerprint of the public key contained in the certificate.

Note that the key fingerprint is different from the certificate fingerprint accessible via the CertFingerprint property. The key fingeprint uniquely identifies the public key, and so can be the same for multiple certificates containing the same key.

This property is read-only and not available at design time.

Data Type

String

CertKeyUsage Property (CryptoKeyManager Component)

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

Syntax

__property int CertKeyUsage = { read=FCertKeyUsage, write=FSetCertKeyUsage };

Default Value

0

Remarks

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

This value is a bit mask of the following values:

Set this property before generating the certificate to propagate the key usage flags to the new certificate.

This property is not available at design time.

Data Type

Integer

CertKeyValid Property (CryptoKeyManager Component)

Returns True if the certificate's key is cryptographically valid, and False otherwise.

Syntax

__property bool CertKeyValid = { read=FCertKeyValid };

Default Value

false

Remarks

Returns True if the certificate's key is cryptographically valid, and False otherwise.

This property is read-only and not available at design time.

Data Type

Boolean

CertOCSPLocations Property (CryptoKeyManager Component)

Locations of OCSP services that can be used to check this certificate's validity in real time, as recorded by the CA.

Syntax

__property String CertOCSPLocations = { read=FCertOCSPLocations, write=FSetCertOCSPLocations };

Default Value

""

Remarks

Locations of OCSP services that can be used to check this certificate's validity in real time, as recorded by the CA.

Set this property before calling the certificate manager's Generate method to propagate it to the new certificate.

The OCSP locations are provided as a list of CRLF-separated URLs. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the location separator.

This property is not available at design time.

Data Type

String

CertOCSPNoCheck Property (CryptoKeyManager Component)

Accessor to the value of the certificate's ocsp-no-check extension.

Syntax

__property bool CertOCSPNoCheck = { read=FCertOCSPNoCheck, write=FSetCertOCSPNoCheck };

Default Value

false

Remarks

Accessor to the value of the certificate's ocsp-no-check extension.

This property is not available at design time.

Data Type

Boolean

CertOrigin Property (CryptoKeyManager Component)

Returns the location that the certificate was taken or loaded from.

Syntax

__property int CertOrigin = { read=FCertOrigin };

Default Value

0

Remarks

Returns the location that the certificate was taken or loaded from.

This property is read-only and not available at design time.

Data Type

Integer

CertPolicyIDs Property (CryptoKeyManager Component)

Contains identifiers (OIDs) of the applicable certificate policies.

Syntax

__property String CertPolicyIDs = { read=FCertPolicyIDs, write=FSetCertPolicyIDs };

Default Value

""

Remarks

Contains identifiers (OIDs) of the applicable certificate policies.

The Certificate Policies extension identifies a sequence of policies under which the certificate has been issued, and which regulate its usage.

Set this property when generating a certificate to propagate the policies information to the new certificate.

The policies are provided as a list of CRLF-separated entries. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the policy element separator.

This property is not available at design time.

Data Type

String

CertPrivateKeyBytes Property (CryptoKeyManager Component)

Returns the certificate's private key in DER-encoded format.

Syntax

__property DynamicArray CertPrivateKeyBytes = { read=FCertPrivateKeyBytes };

Remarks

Returns the certificate's private key in DER-encoded format. It is normal for this property to be empty if the private key is non-exportable, which, for example, is typical for certificates originating from hardware security devices.

This property is read-only and not available at design time.

Data Type

Byte Array

CertPrivateKeyExists Property (CryptoKeyManager Component)

Indicates whether the certificate has a usable private key associated with it.

Syntax

__property bool CertPrivateKeyExists = { read=FCertPrivateKeyExists };

Default Value

false

Remarks

Indicates whether the certificate has a usable private key associated with it. If it is set to True, the certificate can be used for private key operations, such as signing or decryption.

This property is independent from CertPrivateKeyBytes, and can be set to True even if the former is empty. This would imply that the private key is non-exportable, but still can be used for cryptographic operations.

This property is read-only and not available at design time.

Data Type

Boolean

CertPrivateKeyExtractable Property (CryptoKeyManager Component)

Indicates whether the private key is extractable (exportable).

Syntax

__property bool CertPrivateKeyExtractable = { read=FCertPrivateKeyExtractable };

Default Value

false

Remarks

Indicates whether the private key is extractable (exportable).

This property is read-only and not available at design time.

Data Type

Boolean

CertPublicKeyBytes Property (CryptoKeyManager Component)

Contains the certificate's public key in DER format.

Syntax

__property DynamicArray CertPublicKeyBytes = { read=FCertPublicKeyBytes };

Remarks

Contains the certificate's public key in DER format.

This typically would contain an ASN.1-encoded public key value. The exact format depends on the type of the public key contained in the certificate.

This property is read-only and not available at design time.

Data Type

Byte Array

CertQualified Property (CryptoKeyManager Component)

Indicates whether the certificate is qualified.

Syntax

__property bool CertQualified = { read=FCertQualified };

Default Value

false

Remarks

Indicates whether the certificate is qualified.

This property is set to True if the certificate is confirmed by a Trusted List to be qualified.

This property is read-only and not available at design time.

Data Type

Boolean

CertQualifiedStatements Property (CryptoKeyManager Component)

Returns a simplified qualified status of the certificate.

Syntax

__property TsbxCryptoKeyManagerCertQualifiedStatements CertQualifiedStatements = { read=FCertQualifiedStatements, write=FSetCertQualifiedStatements };

enum TsbxCryptoKeyManagerCertQualifiedStatements {
  qstNonQualified=0,
  qstQualifiedHardware=1,
  qstQualifiedSoftware=2
};

Default Value

qstNonQualified

Remarks

Returns a simplified qualified status of the certificate.

This property is not available at design time.

Data Type

Integer

CertQualifiers Property (CryptoKeyManager Component)

A list of qualifiers.

Syntax

__property String CertQualifiers = { read=FCertQualifiers };

Default Value

""

Remarks

A list of qualifiers.

Contains a comma-separated list of qualifier aliases for the certificate, for example QCP-n-qscd,QCWithSSCD.

This property is read-only and not available at design time.

Data Type

String

CertSelfSigned Property (CryptoKeyManager Component)

Indicates whether the certificate is self-signed (root) or signed by an external CA.

Syntax

__property bool CertSelfSigned = { read=FCertSelfSigned };

Default Value

false

Remarks

Indicates whether the certificate is self-signed (root) or signed by an external CA.

This property is read-only and not available at design time.

Data Type

Boolean

CertSerialNumber Property (CryptoKeyManager Component)

Returns the certificate's serial number.

Syntax

__property DynamicArray CertSerialNumber = { read=FCertSerialNumber, write=FSetCertSerialNumber };

Remarks

Returns the certificate's serial number.

The serial number is a binary string that uniquely identifies a certificate among others issued by the same CA. According to the X.509 standard, the (issuer, serial number) pair should be globally unique to facilitate chain building.

This property is not available at design time.

Data Type

Byte Array

CertSigAlgorithm Property (CryptoKeyManager Component)

Indicates the algorithm that was used by the CA to sign this certificate.

Syntax

__property String CertSigAlgorithm = { read=FCertSigAlgorithm };

Default Value

""

Remarks

Indicates the algorithm that was used by the CA to sign this certificate.

A signature algorithm typically combines hash and public key algorithms together, such as sha256WithRSAEncryption or ecdsa-with-SHA256.

This property is read-only and not available at design time.

Data Type

String

CertSource Property (CryptoKeyManager Component)

Returns the source (location or disposition) of a cryptographic primitive entity, such as a certificate, CRL, or OCSP response.

Syntax

__property TsbxCryptoKeyManagerCertSources CertSource = { read=FCertSource };

enum TsbxCryptoKeyManagerCertSources {
  pksUnknown=0,
  pksSignature=1,
  pksDocument=2,
  pksUser=3,
  pksLocal=4,
  pksOnline=5
};

Default Value

pksUnknown

Remarks

Returns the source (location or disposition) of a cryptographic primitive entity, such as a certificate, CRL, or OCSP response.

This property is read-only and not available at design time.

Data Type

Integer

CertSubject Property (CryptoKeyManager Component)

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.

Syntax

__property String CertSubject = { read=FCertSubject };

Default Value

""

Remarks

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. This is part of a larger set of credentials available via CertSubjectRDN.

This property is read-only and not available at design time.

Data Type

String

CertSubjectAlternativeName Property (CryptoKeyManager Component)

Returns or sets the value of the Subject Alternative Name extension of the certificate.

Syntax

__property String CertSubjectAlternativeName = { read=FCertSubjectAlternativeName, write=FSetCertSubjectAlternativeName };

Default Value

""

Remarks

Returns or sets the value of the Subject Alternative Name extension of the certificate.

Subject alternative names are used to provide additional names that are impractical to store in the main CertSubjectRDN field. For example, it is often used to store all the domain names that a TLS certificate is authorized to protect.

The alternative names are provided as a list of CRLF-separated entries. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the element separator.

This property is not available at design time.

Data Type

String

CertSubjectKeyID Property (CryptoKeyManager Component)

Contains a unique identifier of the certificate's cryptographic key.

Syntax

__property DynamicArray CertSubjectKeyID = { read=FCertSubjectKeyID, write=FSetCertSubjectKeyID };

Remarks

Contains a unique identifier of the certificate's cryptographic key.

Subject Key Identifier is a certificate extension which allows a specific public key to be associated with a certificate holder. Typically, subject key identifiers of CA certificates are recorded as respective CA key identifiers in the subordinate certificates that they issue, which facilitates chain building.

The CertSubjectKeyID and CertCAKeyID properties of self-signed certificates typically contain identical values, as in that specific case, the issuer and the subject are the same entity.

This property is not available at design time.

Data Type

Byte Array

CertSubjectRDN Property (CryptoKeyManager Component)

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Syntax

__property String CertSubjectRDN = { read=FCertSubjectRDN, write=FSetCertSubjectRDN };

Default Value

""

Remarks

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Depending on the purpose of the certificate and the policies of the CA that issued it, the values included in the subject record may differ drastically and contain business or personal names, web URLs, email addresses, and other data.

Example: /C=US/O=Oranges and Apples, Inc./OU=Accounts Receivable/1.2.3.4.5=Value with unknown OID/CN=Margaret Watkins.

This property is not available at design time.

Data Type

String

CertValid Property (CryptoKeyManager Component)

Indicates whether or not the signature over the certificate or the request is valid and matches the public key contained in the CA certificate/request.

Syntax

__property bool CertValid = { read=FCertValid };

Default Value

false

Remarks

Indicates whether or not the signature over the certificate or the request is valid and matches the public key contained in the CA certificate/request.

This property is read-only and not available at design time.

Data Type

Boolean

CertValidFrom Property (CryptoKeyManager Component)

The time point at which the certificate becomes valid, in UTC.

Syntax

__property String CertValidFrom = { read=FCertValidFrom, write=FSetCertValidFrom };

Default Value

""

Remarks

The time point at which the certificate becomes valid, in UTC.

This property is not available at design time.

Data Type

String

CertValidTo Property (CryptoKeyManager Component)

The time point at which the certificate expires, in UTC.

Syntax

__property String CertValidTo = { read=FCertValidTo, write=FSetCertValidTo };

Default Value

""

Remarks

The time point at which the certificate expires, in UTC.

This property is not available at design time.

Data Type

String

DerivationAlgorithm Property (CryptoKeyManager Component)

Specifies the algorithm to use for key derivation.

Syntax

__property String DerivationAlgorithm = { read=FDerivationAlgorithm, write=FSetDerivationAlgorithm };

Default Value

"PKCS5"

Remarks

Use this property to specify the key derivation algorithm to use.

Component supports the following algorithms: PKCS5, PBKDF2 (an alias to PKCS5), BCrypt, SCrypt, Argon2d, Argon2i, Argon2id.

Data Type

String

DeriveIterations Property (CryptoKeyManager Component)

Specifies the number of iterations to use as part of key derivation routine.

Syntax

__property int DeriveIterations = { read=FDeriveIterations, write=FSetDeriveIterations };

Default Value

2048

Remarks

Use this property to adjust the number of hash algorithm iterations to employ as part of key derivation function.

Data Type

Integer

FIPSMode Property (CryptoKeyManager Component)

Reserved.

Syntax

__property bool FIPSMode = { read=FFIPSMode, write=FSetFIPSMode };

Default Value

false

Remarks

This property is reserved for future use.

Data Type

Boolean

HMACAlgorithm Property (CryptoKeyManager Component)

Specifies the HMAC algorithm to use with the key derivation algorithm.

Syntax

__property String HMACAlgorithm = { read=FHMACAlgorithm, write=FSetHMACAlgorithm };

Default Value

"SHA1"

Remarks

Use this property to specify the HMAC algorithm to use with the chosen key derivation algorithm.

Component supports the following algorithms: SHA1, SHA224, SHA256, SHA384, SHA512, MD5, RIPEMD, HMAC.

Data Type

String

KeyAlgorithm Property (CryptoKeyManager Component)

The algorithm of the cryptographic key.

Syntax

__property String KeyAlgorithm = { read=FKeyAlgorithm, write=FSetKeyAlgorithm };

Default Value

""

Remarks

The algorithm of the cryptographic key. A cryptokey object may hold either symmetric, MAC, or public key. Public key algorithms: RSA, ECDSA, Elgamal, DH.

This property is not available at design time.

Data Type

String

KeyBits Property (CryptoKeyManager Component)

The length of the key in bits.

Syntax

__property int KeyBits = { read=FKeyBits };

Default Value

0

Remarks

The length of the key in bits.

This property is read-only and not available at design time.

Data Type

Integer

KeyCurve Property (CryptoKeyManager Component)

This property specifies the name of the curve the EC key is built on.

Syntax

__property String KeyCurve = { read=FKeyCurve, write=FSetKeyCurve };

Default Value

""

Remarks

This property specifies the name of the curve the EC key is built on.

This property is not available at design time.

Data Type

String

KeyExportable Property (CryptoKeyManager Component)

Returns True if the key is exportable (can be serialized into an array of bytes), and False otherwise.

Syntax

__property bool KeyExportable = { read=FKeyExportable };

Default Value

false

Remarks

Returns True if the key is exportable (can be serialized into an array of bytes), and False otherwise.

This property is read-only and not available at design time.

Data Type

Boolean

KeyFingerprint Property (CryptoKeyManager Component)

Contains the fingerprint (a hash imprint) of this key.

Syntax

__property String KeyFingerprint = { read=FKeyFingerprint };

Default Value

""

Remarks

Contains the fingerprint (a hash imprint) of this key.

This property is read-only and not available at design time.

Data Type

String

KeyHandle Property (CryptoKeyManager Component)

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

__property __int64 KeyHandle = { read=FKeyHandle, write=FSetKeyHandle };

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation.

 
 Copy
  pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

This property is not available at design time.

Data Type

Long64

KeyID Property (CryptoKeyManager Component)

Provides access to a storage-specific key identifier.

Syntax

__property DynamicArray KeyID = { read=FKeyID, write=FSetKeyID };

Remarks

Provides access to a storage-specific key identifier. Key identifiers are used by cryptographic providers to refer to a particular key and/or distinguish between different keys. They are typically unique within a storage, but there is no guarantee that a particular cryptoprovider will conform to that (or will assign any key IDs at all).

This property is not available at design time.

Data Type

Byte Array

KeyIV Property (CryptoKeyManager Component)

The initialization vector (IV) of a symmetric key.

Syntax

__property DynamicArray KeyIV = { read=FKeyIV, write=FSetKeyIV };

Remarks

The initialization vector (IV) of a symmetric key. This is normally a public part of a symmetric key, the idea of which is to introduce randomness to the encrypted data and/or serve as a first block in chaining ciphers.

This property is not available at design time.

Data Type

Byte Array

KeyKey Property (CryptoKeyManager Component)

The byte array representation of the key.

Syntax

__property DynamicArray KeyKey = { read=FKeyKey };

Remarks

The byte array representation of the key. This may not be available for non-KeyExportable keys.

This property is read-only and not available at design time.

Data Type

Byte Array

KeyNonce Property (CryptoKeyManager Component)

A nonce value associated with a key.

Syntax

__property DynamicArray KeyNonce = { read=FKeyNonce, write=FSetKeyNonce };

Remarks

A nonce value associated with a key. It is similar to IV, but its only purpose is to introduce randomness.

This property is not available at design time.

Data Type

Byte Array

KeyPrivate Property (CryptoKeyManager Component)

Returns True if the object hosts a private key, and False otherwise.

Syntax

__property bool KeyPrivate = { read=FKeyPrivate };

Default Value

false

Remarks

Returns True if the object hosts a private key, and False otherwise.

This property is read-only and not available at design time.

Data Type

Boolean

KeyPublic Property (CryptoKeyManager Component)

Returns True if the object hosts a public key, and False otherwise.

Syntax

__property bool KeyPublic = { read=FKeyPublic };

Default Value

false

Remarks

Returns True if the object hosts a public key, and False otherwise.

This property is read-only and not available at design time.

Data Type

Boolean

KeySubject Property (CryptoKeyManager Component)

Returns the key subject.

Syntax

__property DynamicArray KeySubject = { read=FKeySubject, write=FSetKeySubject };

Remarks

Returns the key subject. This is a cryptoprovider-dependent value, which normally aims to provide some user-friendly insight into the key owner.

This property is not available at design time.

Data Type

Byte Array

KeySymmetric Property (CryptoKeyManager Component)

Returns True if the object contains a symmetric key, and False otherwise.

Syntax

__property bool KeySymmetric = { read=FKeySymmetric };

Default Value

false

Remarks

Returns True if the object contains a symmetric key, and False otherwise.

This property is read-only and not available at design time.

Data Type

Boolean

KeyValid Property (CryptoKeyManager Component)

Returns True if this key is valid.

Syntax

__property bool KeyValid = { read=FKeyValid };

Default Value

false

Remarks

Returns True if this key is valid. The term Valid highly depends on the kind of the key being stored. A symmetric key is considered valid if its length fits the algorithm being set. The validity of an RSA key also ensures that the RSA key elements (primes, exponents, and modulus) are consistent.

This property is read-only and not available at design time.

Data Type

Boolean

Config Method (CryptoKeyManager Component)

Sets or retrieves a configuration setting.

Syntax

String __fastcall Config(String ConfigurationString);

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreateNew Method (CryptoKeyManager Component)

Creates a template for a new keypair.

Syntax

void __fastcall CreateNew();

Remarks

This method pre-generates a template for a new key.

Adjust the properties of the Key object and call Generate to complete the generation.

DeriveKey Method (CryptoKeyManager Component)

Generates a strong cryptographic key from a password.

Syntax

void __fastcall DeriveKey(int KeyBits, String Password, String Salt);

Remarks

Use this method to generate a cryptographically strong key of a needed length from a password.

This method uses the key derivation function specified in DerivationAlgorithm, the HMAC algorithm provided in HMACAlgorithm, over DeriveIterations iterations, to generate a cryptographic key of the needed length from a password and salt.

Salt is expected to contain a human-readable text string. To provide a binary salt, use the hex prefix with base16-encoded salt value: hex:01AB8F20004F10FE.

 
 Copy
  CryptoKeyManager.DerivationAlgorithm = "PKCS5";
  CryptoKeyManager.HMACAlgorithm = "SHA256";
  CryptoKeyManager.DeriveIterations = 10000;
  CryptoKeyManager.DeriveKey(256, "password", "hex:41424344");
  Key = CryptoKeyManager.Key.Key;

DoAction Method (CryptoKeyManager Component)

Performs an additional action.

Syntax

String __fastcall DoAction(String ActionID, String ActionParams);

Remarks

DoAction is a generic method available in every component. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insensitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

Common ActionIDs:

ExportBytes Method (CryptoKeyManager Component)

Exports the key to a byte array.

Syntax

DynamicArray<Byte> __fastcall ExportBytes(int Format, int KeyType, String Password);

Remarks

Use this method to save the Key (both the public and secret parts) to a byte array.

ExportToCert Method (CryptoKeyManager Component)

Exports the key to a certificate.

Syntax

void __fastcall ExportToCert();

Remarks

Use this method to save the Key (both the public and secret parts) to the certificate specified in Certificate.

ExportToFile Method (CryptoKeyManager Component)

Exports the key to a file.

Syntax

void __fastcall ExportToFile(String FileName, int Format, int KeyType, String Password);

Remarks

Use this method to save the Key (both the public and secret parts) to the file passed via the FileName parameter.

Generate Method (CryptoKeyManager Component)

Generates a new crypto key.

Syntax

void __fastcall Generate(String KeyAlgorithm, String Scheme, String SchemeParams, int KeyBits);

Remarks

Call this method to generate a new key or keypair with the desired KeyAlgorithm and KeyBits of length.

The generated key will be populated in the Key property.

 
 Copy
  // Generating an EdDSA Curve25519 keypair
  CryptoKeyManager.Generate("EDDSA", "CURVE25519", "", 256);

  // Generating an ECDSA NIST P256 curve keypair
  CryptoKeyManager.Generate("ECDSA", "NISTP256", "", 256);

  // Generating an RSA 2048 bit keypair  
  CryptoKeyManager.Generate("RSA", "", "", 2048);
  
  // Generating a symmetric AES256 key
  CryptoKeyManager.Generate("AES256", "", "", 256);

GetKeyParam Method (CryptoKeyManager Component)

Returns a binary algorithm-specific key parameter.

Syntax

DynamicArray<Byte> __fastcall GetKeyParam(String Name);

Remarks

Use this method to retrieve a binary algorithm-specific key parameter.

The following parameters are currently supported:

GetKeyParamStr Method (CryptoKeyManager Component)

Returns a string algorithm-specific key parameter.

Syntax

String __fastcall GetKeyParamStr(String Name);

Remarks

Use this method to get an human-readable algorithm-specific key parameter.

The following parameters are currently supported:

ImportBytes Method (CryptoKeyManager Component)

Loads a key from a byte array.

Syntax

void __fastcall ImportBytes(DynamicArray<Byte> Value, int Format, String KeyAlgorithm, String Scheme, String SchemeParams, int KeyType, String Password);

Remarks

Use this method to load a key, either public or secret, from a byte array.

 
 Copy
Mgr.ImportBytes(ThirtyTwoKeyBytes, kffDER, "AES256", "", "", ktSecret)

ImportFromCert Method (CryptoKeyManager Component)

Loads a key from a certificate.

Syntax

void __fastcall ImportFromCert();

Remarks

Use this method to load a key, either public or secret, from a certificate.

ImportFromFile Method (CryptoKeyManager Component)

Loads a key from a file.

Syntax

void __fastcall ImportFromFile(String FileName, int Format, String KeyAlgorithm, String Scheme, String SchemeParams, int KeyType, String Password);

Remarks

Use this method to load a key, either public or secret, from a file.

Reset Method (CryptoKeyManager Component)

Resets the component settings.

Syntax

void __fastcall Reset();

Remarks

Reset is a generic method available in every component.

SetKeyParam Method (CryptoKeyManager Component)

Sets an algorithm-specific key parameter.

Syntax

void __fastcall SetKeyParam(String Name, DynamicArray<Byte> Value);

Remarks

Use this method to set an algorithm-specific key parameter.

The following parameters are currently supported:

SetKeyParamStr Method (CryptoKeyManager Component)

Sets a string-based algorithm-specific key parameter.

Syntax

void __fastcall SetKeyParamStr(String Name, String ValueStr);

Remarks

Use this method to set a string-based algorithm-specific key parameter.

Error Event (CryptoKeyManager Component)

Informs about an error during an operation.

Syntax

typedef struct {
  int ErrorCode;
  String Description;
} TsbxCryptoKeyManagerErrorEventParams;
typedef void __fastcall (__closure *TsbxCryptoKeyManagerErrorEvent)(System::TObject* Sender, TsbxCryptoKeyManagerErrorEventParams *e);
__property TsbxCryptoKeyManagerErrorEvent OnError = { read=FOnError, write=FOnError };

Remarks

The event is fired when an error happens in the middle of the component's work.

ErrorCode contains an error code and Description contains a textual description of the error.

Notification Event (CryptoKeyManager Component)

This event notifies the application about an underlying control flow event.

Syntax

typedef struct {
  String EventID;
  String EventParam;
} TsbxCryptoKeyManagerNotificationEventParams;
typedef void __fastcall (__closure *TsbxCryptoKeyManagerNotificationEvent)(System::TObject* Sender, TsbxCryptoKeyManagerNotificationEventParams *e);
__property TsbxCryptoKeyManagerNotificationEvent OnNotification = { read=FOnNotification, write=FOnNotification };

Remarks

The component fires this event to let the application know about some event, occurrence, or milestone in the component. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the component, the exact action it is performing, or the document being processed, one or both may be omitted.

PasswordNeeded Event (CryptoKeyManager Component)

This event is fired when a decryption password is needed.

Syntax

typedef struct {
  String NeededFor;
  String Password;
  bool Cancel;
} TsbxCryptoKeyManagerPasswordNeededEventParams;
typedef void __fastcall (__closure *TsbxCryptoKeyManagerPasswordNeededEvent)(System::TObject* Sender, TsbxCryptoKeyManagerPasswordNeededEventParams *e);
__property TsbxCryptoKeyManagerPasswordNeededEvent OnPasswordNeeded = { read=FOnPasswordNeeded, write=FOnPasswordNeeded };

Remarks

The component fires this event when a password is needed to decrypt a certificate or a private key.

In the handler of this event, assign the password to the Password parameter, or set Cancel to true to abort the operation.

The NeededFor parameter identifies the certificate for which the password is requested.

Config Settings (CryptoKeyManager Component)

CryptoKeyManager Config Settings

Base Config Settings

 
 Copy
PKICache=certificate,crl,ocsp

 
 Copy
PKICachePath=C:\Temp\cache

 
 Copy
Config("XMLRDNDescriptorName[OID]=PrimaryName,Alias1,Alias2");

 
 Copy
Config("XMLRDNDescriptorName[2.5.4.5]=SERIALNUMBER");

 
 Copy
Config("XMLRDNDescriptorName[1.2.840.113549.1.9.1]=E,EMAIL,EMAILADDRESS");

Trappable Errors (CryptoKeyManager Component)

CryptoKeyManager Errors