KMIPClient Component

Properties   Methods   Events   Config Settings   Errors  

The KMIPClient component provides client-side functionality for KMIP protocol.

Syntax

nsoftware.SecureBlackbox.KMIPClient

Remarks

The KMIPClient component implements the client-side counterpart of the KMIP environment. KMIP, or the Key Management Interoperability Protocol, is an OASIS standard of communication between applications that need to use or manage cryptographic keys over the network. A typical example of a KMIP client is an application that needs to access a remotely stored cryptographic key (shared by a KMIP server) - for example, to solicit a digital signature or decrypt an encrypted document.

Capabilities

Working with KMIPClient

Setting up the component

KMIP servers can come in a variety of configurations, many of which cannot be detected or applied automatically. That's why the first stage is about configuring the component in such way that it knows how to talk to a specific server that you need to work with. Below are the key settings that you need to tune up. You can get most or all of this information from the administrator of the KMIP server:

Network access parameters

This is the network address and port that the KMIP server is listening on - for example, 10.0.1.110:5696 or kmip.server.com:25696.

The transport type

This could be one of TCP (unencrypted low-level connection), TLS (encrypted low-level connection), HTTP (unencrypted HTTP), HTTPS (encrypted HTTP). Transport type is not negotiable: the client must use exactly the same transport as the server expects. You specify the transport by applying the appropriate transport-specific prefix to the server address that you are passing to BaseURL:

• kmip:// for plain TCP (e.g. kmip://10.0.1.110:5696)
• kmips:// for TLS (e.g. kmips://kmip.server.com:25696)
• http:// for HTTP (e.g. http://kmip.server.com:80)
• https:// for HTTPS (e.g. https://10.0.1.110:5697)

KMIP servers accessible over HTTP(S) may reside either at a root (/) or a deeper-level web server endpoint (for example, /services/kmip). Append this path to the network parameters as you would normally do when working with HTTP endpoints. Having done that, combine the transport prefix, the network parameters, and the HTTP path (if used) together to obtain the value to assign to BaseURL:

client.BaseURL = "https://kmip.server.com:25696/services/kmip"; // TLS-secured HTTP connection to kmip.server.com running on port 25696

The encoding type

KMIP offers three encoding types: TTLV ("tag, type, length, value"), JSON, and XML. Depending on configuration and scenarios used installation may prefer one over the others. Plain TCP and TLS KMIP setups normally use TTLV encoding. The client and server must use the same encoding to understand each other.

TLS configuration

TLS-protected connections require additional setup of the TLS parameters. Those are not part of KMIP, but, rather, are intended to supply expected security configuration. The principal security setting here concerns the way the server's TLS certificate is validated. You will find more details about configuring TLS on the client side in the Validating TLS Certificates article.

Once the connection and protocol parameters are configured, you can go ahead and start making requests to the KMIP server. A KMIP server can serve requests which generally fall into one of the two categories:

• Key management requests - such as importing a certificate, generating a keypair, or obtaining a list of keys stored on the server.
• Cryptographic operation requests - such as signing or encrypting data.

Managing keys and certificates

The common key management operations are:

Importing a keypair or certificate to the server

Use AddKey to import an asymmetric keypair or its part, or a secret symmetric key, to the KMIP server. Use Add to import a certificate. Both methods return a unique object identifier that you can use to identify the object on the server.

Listing server objects

Use List to request a criteria-based list of objects from the server. The objects returned by the server will be published in the Objects collection.

Reading object properties

KMIPClient offers a few methods to read object properties. You can choose the method that fits your scenario best. Use Read and ReadKey methods to read certificates and keys directly into the Certificate and Key properties. You can then pass the received objects to other components that support them (such as CertificateManager). Use ReadObject to read the object into the Objects list. Use ReadAttribute to read a specific attribute of an object.

Generating server-side objects

KMIP supports server-side object generation, which allows for secure cryptographic material setup. Among objects you can generate are certificates (Generate) and generic keys (GenerateKey).

Making cryptographic calls

The common cryptographic calls are:

Signing data

Use the Sign method to sign the data using a server-side private key.

Encrypting and decrypting data

Use the Encrypt and Decrypt methods to encrypt or decrypt data using a server-side key. This method can be used with both symmetric and asymmetric keys.

Providing data for the operations

You can provide input for the cryptographic operations in one of the following forms:

• as a byte array - use InputBytes property.
• as a stream - use InputStream.
• in a file - use InputFile.

Note that the OutputBytes is only populated if neither of OutputFile and OutputStream is set.

Referencing server objects

Every object residing on a KMIP server is referenced by its unique object identifier. Your code is expected to pass the identifier of the object that you want to use or read to the relevant method, such as Sign or ReadObject. If you do not know the identifier of the object that you need to use, use the List method to solicit the list of the server-side objects first. Locate the required object in the list and pass its unique identifier to the needed method.

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AuthTypes Property (KMIPClient Component)

Defines allowed HTTP authentication types.

Syntax

• C#
• VB.NET

public int AuthTypes { get; set; }

Public Property AuthTypes As Integer

Default Value

0

Remarks

Use this property to define which authentication types the component should support or attempt to use by enabling the relevant bitmask flags:

AuxResult Property (KMIPClient Component)

ToDo

Syntax

• C#
• VB.NET

public string AuxResult { get; }

Public ReadOnly Property AuxResult As String

Default Value

""

Remarks

TBD:

This property is read-only.

BaseURL Property (KMIPClient Component)

Specifies the url of the KMIP server.

Syntax

• C#
• VB.NET

public string BaseURL { get; set; }

Public Property BaseURL As String

Default Value

""

Remarks

Use this property to specify the address of the KMIP server.

The address to assign to this property needs to be in the standard URI-like notation:

protocol://address:port/path

The protocol token must be based on the transport that you want to use (which is largely defined by the server setup) and can be one of the following:

• kmip:// - KMIP over TCP (unencrypted)
• kmips:// - KMIP over TLS (encrypted)
• http:// - KMIP over HTTP (unencrypted)
• https:// - KMIP over HTTPS (encrypted)

The address and port are network credentials that the server can be accessed at, such as 192.168.5.101:5696 for a server residing in a local network, or kmip.server.com:25696 for a server residing on the Internet. The path part can be used for KMIP servers accessible via HTTP(S) endpoints.

Examples

• kmip://10.25.0.61:5696
• kmips://10.0.1.10:11111
• kmips://kmip.server.com:11111
• http://www.server.com:3128/services/kmip
• https://kmip.server.com:19991

Note that you need to take extra steps to prepare the component for secure connections when using TLS-enabled endpoints. One factor to be considered is the need to validate the server's TLS certificates. This article provides insights into the validation routine: Validating TLS Certificates.

BlockedCertificates Property (KMIPClient Component)

The certificates that must be rejected as trust anchors.

Syntax

• C#
• VB.NET

public CertificateList BlockedCertificates { get; }

Public Property BlockedCertificates As CertificateList

Remarks

Use this property to provide a list of compromised or blocked certificates. Any chain containing a blocked certificate will fail validation.

This property is not available at design time.

Certificate Property (KMIPClient Component)

The certificate to perform operations on.

Syntax

• C#
• VB.NET

public Certificate Certificate { get; set; }

Public Property Certificate As Certificate

Remarks

Use this property to provide the certificate object on which a subsequent operation should be performed. TBD:

This property is not available at design time.

ConnectionInfo Property (KMIPClient Component)

Returns the details of the underlying network connection.

Syntax

• C#
• VB.NET

public TLSConnectionInfo ConnectionInfo { get; }

Public ReadOnly Property ConnectionInfo As TLSConnectionInfo

Remarks

Use this property to learn about the connection setup, such as the protocol security details and amounts of data transferred each way.

This property is read-only and not available at design time.

DataBytes Property (KMIPClient Component)

Use this property to pass the secondary input to the component in the byte array form.

Syntax

• C#
• VB.NET

public byte[] DataBytes { get; set; }

Public Property DataBytes As Byte()

Remarks

Some cryptographic operations require more than one inputs. One example is the Verify operation, which expects you to provide the signature and the data being authenticated as separate data pieces. This property lets you provide that secondary data piece (the data being authenticated). The primary data piece (the signature in this case) should be provided via one of the Input* properties, such as InputBytes.

This property is one of three ways in which you can provide the data to the component. The other two are DataFile and DataStream. Choose the data source type that fits your circumstances best.

This property is not available at design time.

DataFile Property (KMIPClient Component)

Use this property to pass the secondary input to the component from a file.

Syntax

• C#
• VB.NET

public string DataFile { get; set; }

Public Property DataFile As String

Default Value

""

Remarks

Some cryptographic operations require more than one inputs. One example is the Verify operation, which expects you to provide the signature and the data being authenticated as separate data pieces. This property lets you provide that secondary data piece (the data being authenticated). The primary data piece (the signature in this case) should be provided via one of the Input* properties, such as InputFile.

This property is one of three ways in which you can provide the data to the component. The other two are DataBytes and DataStream. Choose the data source type that fits your circumstances best.

DataStream Property (KMIPClient Component)

Use this property to pass the secondary input to the component as a stream.

Syntax

• C#
• VB.NET

public System.IO.Stream DataStream { get; set; }

Public Property DataStream As System.IO.Stream

Default Value

null

Remarks

Some cryptographic operations require more than one inputs. One example is the Verify operation, which expects you to provide the signature and the data being authenticated as separate data pieces. This property lets you provide that secondary data piece (the data being authenticated). The primary data piece (the signature in this case) should be provided via one of the Input* properties, such as InputStream.

This property is one of three ways in which you can provide the data to the component. The other two are DataBytes and DataFile. Choose the data source type that fits your circumstances best.

This property is not available at design time.

Encoding Property (KMIPClient Component)

Specifies the KMIP encoding type.

Syntax

• C#
• VB.NET

public KMIPClientEncodings Encoding { get; set; }

enum KMIPClientEncodings {
  etTTLV,
  etXML,
  etJSON
}

Public Property Encoding As KmipclientEncodings

Enum KMIPClientEncodings
  etTTLV
  etXML
  etJSON
End Enum

Default Value

0

Remarks

Use this property to specify the KMIP message encoding to be used in the communications with the server.

The following encodings are available:

You need to know the right encoding for your KMIP server before accessing it. This is something you can get from the administrator of the server. KMIP servers accessible via plain TCP or TLS transports typically use the TTLV encoding.

ExternalCrypto Property (KMIPClient Component)

Provides access to external signing and DC parameters.

Syntax

• C#
• VB.NET

public ExternalCrypto ExternalCrypto { get; }

Public ReadOnly Property ExternalCrypto As ExternalCrypto

Remarks

Use this property to tune-up remote cryptography settings. SecureBlackbox supports two independent types of external cryptography: synchronous (based on the ExternalSign event) and asynchronous (based on the DC protocol and the DCAuth signing component).

This property is read-only.

FIPSMode Property (KMIPClient Component)

Reserved.

Syntax

• C#
• VB.NET

public bool FIPSMode { get; set; }

Public Property FIPSMode As Boolean

Default Value

False

Remarks

This property is reserved for future use.

InputBytes Property (KMIPClient Component)

Use this property to pass the input to component in byte array form.

Syntax

• C#
• VB.NET

public byte[] InputBytes { get; set; }

Public Property InputBytes As Byte()

Remarks

Assign a byte array containing the data to be processed to this property.

This property is not available at design time.

InputFile Property (KMIPClient Component)

A path to the file containing the data to be passed as input to a cryptographic operation.

Syntax

• C#
• VB.NET

public string InputFile { get; set; }

Public Property InputFile As String

Default Value

""

Remarks

Provide the full path to the file containing data to be signed, verified, encrypted or decrypted.

This property is one of the three ways that you can provide the input data to KMIPClient, with InputBytes and InputStream being the other two.

InputStream Property (KMIPClient Component)

A stream containing the data to be passed as input to a cryptographic operation.

Syntax

• C#
• VB.NET

public System.IO.Stream InputStream { get; set; }

Public Property InputStream As System.IO.Stream

Default Value

null

Remarks

This readable stream should provide data to be signed, verified, encrypted or decrypted.

This property is one of the three ways that you can provide the input data to KMIPClient, with InputBytes and InputFile being the other two.

This property is not available at design time.

Key Property (KMIPClient Component)

The key to perform operations on.

Syntax

• C#
• VB.NET

public CryptoKey Key { get; set; }

Public Property Key As CryptoKey

Remarks

Use this property to provide the key object on which a subsequent operation should be performed. TBD:

This property is not available at design time.

KnownCertificates Property (KMIPClient Component)

Additional certificates for chain validation.

Syntax

• C#
• VB.NET

public CertificateList KnownCertificates { get; }

Public Property KnownCertificates As CertificateList

Remarks

Use this property to supply a list of additional certificates that might be needed for chain validation. An example of a scenario where you might want to do that is when intermediary CA certificates are absent from the standard system locations (or when there are no standard system locations), and therefore should be supplied to the component manually.

The purpose of the certificates to be added to this collection is roughly equivalent to that of the Intermediate Certification Authorities system store in Windows.

Do not add trust anchors or root certificates to this collection: add them to TrustedCertificates instead.

This property is not available at design time.

KnownCRLs Property (KMIPClient Component)

Additional CRLs for chain validation.

Syntax

• C#
• VB.NET

public CRLList KnownCRLs { get; }

Public Property KnownCRLs As CRLList

Remarks

Use this property to supply additional CRLs that might be needed for chain validation. This property may be helpful when a chain is validated in offline mode, and the associated CRLs are stored separately from the signed message or document.

This property is not available at design time.

KnownOCSPs Property (KMIPClient Component)

Additional OCSP responses for chain validation.

Syntax

• C#
• VB.NET

public OCSPResponseList KnownOCSPs { get; }

Public Property KnownOCSPs As OCSPResponseList

Remarks

Use this property to supply additional OCSP responses that might be needed for chain validation. This property may be helpful when a chain is validated in offline mode, and the associated OCSP responses are stored separately from the signed message or document.

This property is not available at design time.

Objects Property (KMIPClient Component)

A list of objects returned by List .

Syntax

• C#
• VB.NET

public KMIPObjectList Objects { get; }

Public ReadOnly Property Objects As KMIPObjectList

Remarks

This property provides access to the list of objects returned by List. TBD:

This property is read-only and not available at design time.

OutputBytes Property (KMIPClient Component)

Use this property to read the output the component object has produced.

Syntax

• C#
• VB.NET

public byte[] OutputBytes { get; }

Public ReadOnly Property OutputBytes As Byte()

Remarks

Read the contents of this property after the operation has completed to read the produced output. This property will only be set if the OutputFile and OutputStream properties had not been assigned.

This property is read-only and not available at design time.

OutputFile Property (KMIPClient Component)

Specifies the file where the signed, encrypted, or decrypted data should be saved.

Syntax

• C#
• VB.NET

public string OutputFile { get; set; }

Public Property OutputFile As String

Default Value

""

Remarks

Provide a full path to the file where the signed, encrypted, or decrypted data should be saved.

This property is one of the three ways that you can receive the output data from KMIPClient, with OutputBytes and OutputStream being the other two.

OutputStream Property (KMIPClient Component)

The stream where the signed, encrypted, or decrypted document should be saved.

Syntax

• C#
• VB.NET

public System.IO.Stream OutputStream { get; set; }

Public Property OutputStream As System.IO.Stream

Default Value

null

Remarks

Use this property to provide the stream to write the signed, encrypted, or decrypted data to.

This property is one of the three ways that you can receive the output data from KMIPClient, with OutputBytes and OutputFile being the other two.

This property is not available at design time.

Password Property (KMIPClient Component)

Specifies a password to authenticate to the KMIP server.

Syntax

• C#
• VB.NET

public string Password { get; set; }

Public Property Password As String

Default Value

""

Remarks

Use this property to provide a password for authentication on the KMIP server. TBD:

Proxy Property (KMIPClient Component)

The proxy server settings.

Syntax

• C#
• VB.NET

public ProxySettings Proxy { get; }

Public ReadOnly Property Proxy As ProxySettings

Remarks

Use this property to tune up the proxy server settings.

This property is read-only.

SignatureValidationResult Property (KMIPClient Component)

The signature validation result.

Syntax

• C#
• VB.NET

public KMIPClientSignatureValidationResults SignatureValidationResult { get; }

enum KMIPClientSignatureValidationResults {
  svtValid,
  svtUnknown,
  svtCorrupted,
  svtSignerNotFound,
  svtFailure,
  svtReferenceCorrupted
}

Public ReadOnly Property SignatureValidationResult As KmipclientSignatureValidationResults

Enum KMIPClientSignatureValidationResults
  svtValid
  svtUnknown
  svtCorrupted
  svtSignerNotFound
  svtFailure
  svtReferenceCorrupted
End Enum

Default Value

0

Remarks

Use this property to check the result of the most recent signature validation.

This property is read-only and not available at design time.

SocketSettings Property (KMIPClient Component)

Manages network connection settings.

Syntax

• C#
• VB.NET

public SocketSettings SocketSettings { get; }

Public ReadOnly Property SocketSettings As SocketSettings

Remarks

Use this property to tune up network connection parameters.

This property is read-only.

TLSClientChain Property (KMIPClient Component)

The TLS client certificate chain.

Syntax

• C#
• VB.NET

public CertificateList TLSClientChain { get; }

Public Property TLSClientChain As CertificateList

Remarks

Assign a certificate chain to this property to enable TLS client authentication in the component. Note that the client's end-entity certificate should have a private key associated with it.

Use the CertificateStorage or CertificateManager components to import the certificate from a file, system store, or PKCS11 device.

This property is not available at design time.

TLSServerChain Property (KMIPClient Component)

The TLS server's certificate chain.

Syntax

• C#
• VB.NET

public CertificateList TLSServerChain { get; }

Public ReadOnly Property TLSServerChain As CertificateList

Remarks

Use this property to access the certificate chain sent by the TLS server. This property is ready to read when the TLSCertValidate event is fired by the client component.

This property is read-only and not available at design time.

TLSSettings Property (KMIPClient Component)

Manages TLS layer settings.

Syntax

• C#
• VB.NET

public TLSSettings TLSSettings { get; }

Public ReadOnly Property TLSSettings As TLSSettings

Remarks

Use this property to tune up the TLS layer parameters.

This property is read-only.

TrustedCertificates Property (KMIPClient Component)

A list of trusted certificates for chain validation.

Syntax

• C#
• VB.NET

public CertificateList TrustedCertificates { get; }

Public Property TrustedCertificates As CertificateList

Remarks

Use this property to supply a list of trusted certificates that might be needed for chain validation. An example of a scenario where you might want to do that is when root CA certificates are absent from the standard system locations (or when there are no standard system locations), and therefore should be supplied to the component manually.

The purpose of this certificate collection is largely the same as that of the Windows Trusted Root Certification Authorities system store.

Use this property with extreme care as it directly affects chain verifiability; a wrong certificate added to the trusted list may result in bad chains being accepted, and forfeited signatures being recognized as genuine. Only add certificates that originate from the parties that you know and trust.

This property is not available at design time.

Username Property (KMIPClient Component)

The username to authenticate to the KMIP server.

Syntax

• C#
• VB.NET

public string Username { get; set; }

Public Property Username As String

Default Value

""

Remarks

Use this property to provide a username for authentication on the KMIP server. TBD:

Activate Method (KMIPClient Component)

Activates the specified server object.

Syntax

• C#
• VB.NET

public void Activate(string objectId);

Public Sub Activate(ByVal ObjectId As String)

Remarks

Use this method to activate the object using its ObjectId. Activating the object makes it available for cryptographic operations.

This method is complementary to Deactivate that can be used to disable server-side objects.

Add Method (KMIPClient Component)

Imports a certificate to the KMIP server.

Syntax

• C#
• VB.NET

public string Add(bool addPrivateKey, string group, bool activate);

Public Function Add(ByVal AddPrivateKey As Boolean, ByVal Group As String, ByVal Activate As Boolean) As String

Remarks

Call this method to import a certificate to the KMIP server. Provide the certificate via Certificate property.

Use the Group parameter to supply a unique identifier for objects associated with this certificate. A typical KMIP server would store two or three objects per certificate - the certificate, its public key, and, if provided, its private key. The shared group identifier will make it easy to establish correspondence between the objects.

Set the AddPrivateKey parameter to true to import the private key (and create a corresponding KMIP object) together with the certificate. Use the Activate parameter to instruct the server to activate the new certificate-related objects immediately.

The method returns the unique identifier of the created certificate object. Check the AuxResult property to read the ID of the associated key object.

AddKey Method (KMIPClient Component)

Imports a key or keypair to the KMIP server.

Syntax

• C#
• VB.NET

public string AddKey(string group, bool activate);

Public Function AddKey(ByVal Group As String, ByVal Activate As Boolean) As String

Remarks

Use this method to import a key or an asymmetric keypair to the KMIP server. Provide the key via the Key property.

Use the Group parameter to supply a unique identifier for objects associated with this key. Import of an asymmetric keypair may result in two objects being created on the server - the public key and the private key. The shared group identifier will make it easy to establish correspondence between the objects.

Use the Activate parameter to instruct the server to activate the new key objects immediately.

The method returns the unique identifier of the created key object. Check the AuxResult property to read the ID of the second object key component object, if expected.

Config Method (KMIPClient Component)

This method sets or retrieves a configuration setting.

Syntax

• C#
• VB.NET

public string Config(string configurationString);

Public Function Config(ByVal ConfigurationString As String) As String

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CustomRequest Method (KMIPClient Component)

Performs a custom request to the server.

Syntax

• C#
• VB.NET

public byte[] CustomRequest(byte[] data);

Public Function CustomRequest(ByVal Data As Byte()) As Byte()

Remarks

Use this method to send a custom request to the KMIP server. Pass the serialized KMIP request data to the Data parameter. Any response returned back by the server is passed back to the application via the result of this method.

This method can be handy if you need to make a request of the kind that KMIPClient does not support at the moment.

Deactivate Method (KMIPClient Component)

Deactivates the specified server object.

Syntax

• C#
• VB.NET

public void Deactivate(string objectId);

Public Sub Deactivate(ByVal ObjectId As String)

Remarks

Use this method to deactivate the object using its ObjectId. Deactivated objects remain on the server but cannot be used for cryptographic operations. Use Remove method to delete objects from the server permanently.

This method is complementary to Activate that lets you enable ('activate') server objects.

Decrypt Method (KMIPClient Component)

Decrypts the provided data using a key stored on the KMIP server.

Syntax

• C#
• VB.NET

public void Decrypt(string objectId, string algorithm, byte[] IV, string blockMode, string paddingMethod, int tagLength);

Public Sub Decrypt(ByVal ObjectId As String, ByVal Algorithm As String, ByVal IV As Byte(), ByVal BlockMode As String, ByVal PaddingMethod As String, ByVal TagLength As Integer)

Remarks

Use this method to decrypt data using the key with the specified ObjectId.

Provide the encrypted data via one of the Input* properties (InputFile, InputStream, or InputBytes). The decrypted data will be saved to one of the output properties.

Use the Algorithm, IV, BlockMode, PaddingMethod, and TagLength parameters to provide adjustments to the decryption algorithm. Not every call will require all of the adjustments. Asymmetric decryption calls (such as RSA) do not typically require parameters. TBD:

DoAction Method (KMIPClient Component)

Performs an additional action.

Syntax

• C#
• VB.NET

public string DoAction(string actionID, string actionParams);

Public Function DoAction(ByVal ActionID As String, ByVal ActionParams As String) As String

Remarks

DoAction is a generic method available in every component. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insensitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

Encrypt Method (KMIPClient Component)

Encrypts the provided data using a key stored on the KMIP server.

Syntax

• C#
• VB.NET

public void Encrypt(string objectId, string algorithm, byte[] IV, string blockMode, string paddingMethod, int tagLength);

Public Sub Encrypt(ByVal ObjectId As String, ByVal Algorithm As String, ByVal IV As Byte(), ByVal BlockMode As String, ByVal PaddingMethod As String, ByVal TagLength As Integer)

Remarks

Use this method to encrypt data using the key with the specified ObjectId. Provide the data to be encrypted via InputFile or InputStream. The encrypted data will be saved to OutputFile (or OutputStream).

Use optional Algorithm, IV, BlockMode, Padding, and TagLength parameters to adjust encryption flow. The values to be passed as these parameters depend on the encryption algorithm being used. Public key algorithms typically do not require these parameters. TBD:

Generate Method (KMIPClient Component)

Generates a new certificate on the KMIP server.

Syntax

• C#
• VB.NET

public string Generate(string publicKeyId, bool activate);

Public Function Generate(ByVal PublicKeyId As String, ByVal Activate As Boolean) As String

Remarks

Use this method to generate a new certificate on the server. Set up the needed parameters of the certificate in the Certificate property. This property may contain a prepared certificate request.

An optional PublicKeyId parameter specifies the ID of the server-side public key object to base the certificate on.

The method returns a unique ID assigned to the new certificate object. TBD:

GenerateKey Method (KMIPClient Component)

Generates a symmetric key or an asymmetric key pair on the KMIP server.

Syntax

• C#
• VB.NET

public string GenerateKey(string keyAlgorithm, string scheme, string schemeParams, int keyBits, string group, bool activate);

Public Function GenerateKey(ByVal KeyAlgorithm As String, ByVal Scheme As String, ByVal SchemeParams As String, ByVal KeyBits As Integer, ByVal Group As String, ByVal Activate As Boolean) As String

Remarks

Use KeyAlgorithm and KeyBits to indicate the desired algorithm and key length. Provide an group name of the new key via the Group parameter.

The method returns the Id assigned by the server to the new key object. This may differ from the one you supplied. TBD:

List Method (KMIPClient Component)

Retrieves the list of objects of a given type.

Syntax

• C#
• VB.NET

public void List(int objectTypes, string filter, int offsetItems, int maximumItems);

Public Sub List(ByVal ObjectTypes As Integer, ByVal Filter As String, ByVal OffsetItems As Integer, ByVal MaximumItems As Integer)

Remarks

ObjectTypes is a bit mask according to which objects of one or more types can be selected. Possible values:

If ObjectTypes of 0 is provided, all objects will be requested from the server. TBD:

Read Method (KMIPClient Component)

Downloads a certificate from the KMIP server.

Syntax

• C#
• VB.NET

public void Read(string objectId);

Public Sub Read(ByVal ObjectId As String)

Remarks

Use this method to download a certificate object from the server. Specify the ID of the certificate object via the ObjectId parameter.

Upon completion, the certificate is populated in the Certificate property. TBD:

ReadAttribute Method (KMIPClient Component)

ToDo

Syntax

• C#
• VB.NET

public string ReadAttribute(string objectId, string name);

Public Function ReadAttribute(ByVal ObjectId As String, ByVal Name As String) As String

Remarks

TBD:

ReadKey Method (KMIPClient Component)

Downloads a key object from the KMIP server.

Syntax

• C#
• VB.NET

public void ReadKey(string objectId);

Public Sub ReadKey(ByVal ObjectId As String)

Remarks

Use this method to retrieve a key object from the server. Public, private, and secret key IDs can be passed to this method, but only non-sensitive parameters of the private and secret keys will be returned.

The key data is populated in the Key property.

ReadObject Method (KMIPClient Component)

ToDo

Syntax

• C#
• VB.NET

public void ReadObject(string objectId);

Public Sub ReadObject(ByVal ObjectId As String)

Remarks

TBD:

Remove Method (KMIPClient Component)

Removes the specified object from the server.

Syntax

• C#
• VB.NET

public void Remove(string objectId);

Public Sub Remove(ByVal ObjectId As String)

Remarks

Use this method to delete the object specified by its ObjectId from the KMIP server permanently.

If you would like to disable the object but keep it on the server permanently, use Deactivate method instead.

Reset Method (KMIPClient Component)

Resets the component settings.

Syntax

• C#
• VB.NET

public void Reset();

Public Sub Reset()

Remarks

Reset is a generic method available in every component.

SetAttribute Method (KMIPClient Component)

ToDo

Syntax

• C#
• VB.NET

public void SetAttribute(string objectId, string name, string value, bool delete);

Public Sub SetAttribute(ByVal ObjectId As String, ByVal Name As String, ByVal Value As String, ByVal Delete As Boolean)

Remarks

TBD:

SetRequestBytes Method (KMIPClient Component)

Replaces the data that has been prepared for sending out.

Syntax

• C#
• VB.NET

public void SetRequestBytes(byte[] value);

Public Sub SetRequestBytes(ByVal Value As Byte())

Remarks

Call this method from your Request event handler to alter the request data being sent to the server. This method method may be handy if you need to adjust the request data that the client has prepared manually before sending it out.

SetResponseBytes Method (KMIPClient Component)

Alters the data received from the server in a response.

Syntax

• C#
• VB.NET

public void SetResponseBytes(byte[] value);

Public Sub SetResponseBytes(ByVal Value As Byte())

Remarks

Call this method from your Response event handler to alter the data received from the server before passing it for processing. This method may be handy if you would like to adjust data received from the server - for example, to fix an error in the server's response.

Sign Method (KMIPClient Component)

Signs the data using a key on the KMIP server.

Syntax

• C#
• VB.NET

public void Sign(string objectId, string algorithm, string paddingMethod, string hashAlgorithm, bool inputIsHash);

Public Sub Sign(ByVal ObjectId As String, ByVal Algorithm As String, ByVal PaddingMethod As String, ByVal HashAlgorithm As String, ByVal InputIsHash As Boolean)

Remarks

Use this method to sign the data using the key with the specified ObjectId. Pass the data to be signed via InputFile (or InputStream) property. The resulting signed data will be written to OutputFile (or OutputStream). TBD:

Verify Method (KMIPClient Component)

Verifies digitally signed data.

Syntax

• C#
• VB.NET

public void Verify(string objectId, string algorithm, string paddingMethod, string hashAlgorithm, bool inputIsHash);

Public Sub Verify(ByVal ObjectId As String, ByVal Algorithm As String, ByVal PaddingMethod As String, ByVal HashAlgorithm As String, ByVal InputIsHash As Boolean)

Remarks

Use this method to verify the integrity of the signature using a server-side key.

Please provide the signature via InputFile (or InputStream) property. For detached signatures, please also provide the data that was signed via DataFile (or DataStream) property. TBD:

Error Event (KMIPClient Component)

Provides information about errors during KMIP operations.

Syntax

• C#
• VB.NET

public event OnErrorHandler OnError;

public delegate void OnErrorHandler(object sender, KMIPClientErrorEventArgs e);

public class KMIPClientErrorEventArgs : EventArgs {
  public int ErrorCode { get; }
  public string Description { get; }
}

Public Event OnError As OnErrorHandler

Public Delegate Sub OnErrorHandler(sender As Object, e As KMIPClientErrorEventArgs)

Public Class KMIPClientErrorEventArgs Inherits EventArgs
  Public ReadOnly Property ErrorCode As Integer
  Public ReadOnly Property Description As String
End Class

Remarks

This event is fired in case of exceptional conditions occured during KMIP operations.

ErrorCode contains an error code and Description contains a textual description of the error.

ExternalSign Event (KMIPClient Component)

Handles remote or external signing initiated by the SignExternal method or other source.

Syntax

• C#
• VB.NET

public event OnExternalSignHandler OnExternalSign;

public delegate void OnExternalSignHandler(object sender, KMIPClientExternalSignEventArgs e);

public class KMIPClientExternalSignEventArgs : EventArgs {
  public string OperationId { get; }
  public string HashAlgorithm { get; }
  public string Pars { get; }
  public string Data { get; }
  public string SignedData { get; set; }
}

Public Event OnExternalSign As OnExternalSignHandler

Public Delegate Sub OnExternalSignHandler(sender As Object, e As KMIPClientExternalSignEventArgs)

Public Class KMIPClientExternalSignEventArgs Inherits EventArgs
  Public ReadOnly Property OperationId As String
  Public ReadOnly Property HashAlgorithm As String
  Public ReadOnly Property Pars As String
  Public ReadOnly Property Data As String
  Public Property SignedData As String
End Class

Remarks

Assign a handler to this event if you need to delegate a low-level signing operation to an external, remote, or custom signing engine. Depending on the settings, the handler will receive a hashed or unhashed value to be signed.

The event handler must pass the value of Data to the signer, obtain the signature, and pass it back to the component via the SignedData parameter.

OperationId provides a comment about the operation and its origin. It depends on the exact component being used, and may be empty. HashAlgorithm specifies the hash algorithm being used for the operation, and Pars contains algorithm-dependent parameters.

The component uses base16 (hex) encoding for the Data, SignedData, and Pars parameters. If your signing engine uses a different input and output encoding, you may need to decode and/or encode the data before and/or after the signing.

A sample MD5 hash encoded in base16: a0dee2a0382afbb09120ffa7ccd8a152 - lower case base16 A0DEE2A0382AFBB09120FFA7CCD8A152 - upper case base16

A sample event handler that uses the .NET RSACryptoServiceProvider class may look like the following: signer.OnExternalSign += (s, e) => { var cert = new X509Certificate2("cert.pfx", "", X509KeyStorageFlags.Exportable); var key = (RSACryptoServiceProvider)cert.PrivateKey; var dataToSign = e.Data.FromBase16String(); var signedData = key.SignHash(dataToSign, "2.16.840.1.101.3.4.2.1"); e.SignedData = signedData.ToBase16String(); };

Notification Event (KMIPClient Component)

This event notifies the application about an underlying control flow event.

Syntax

• C#
• VB.NET

public event OnNotificationHandler OnNotification;

public delegate void OnNotificationHandler(object sender, KMIPClientNotificationEventArgs e);

public class KMIPClientNotificationEventArgs : EventArgs {
  public string EventID { get; }
  public string EventParam { get; }
}

Public Event OnNotification As OnNotificationHandler

Public Delegate Sub OnNotificationHandler(sender As Object, e As KMIPClientNotificationEventArgs)

Public Class KMIPClientNotificationEventArgs Inherits EventArgs
  Public ReadOnly Property EventID As String
  Public ReadOnly Property EventParam As String
End Class

Remarks

The component fires this event to let the application know about some event, occurrence, or milestone in the component. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the component, the exact action it is performing, or the document being processed, one or both may be omitted.

Request Event (KMIPClient Component)

KMIPClient fires this event to notify the user about the request being sent to the KMIP server.

Syntax

• C#
• VB.NET

public event OnRequestHandler OnRequest;

public delegate void OnRequestHandler(object sender, KMIPClientRequestEventArgs e);

public class KMIPClientRequestEventArgs : EventArgs {
  public byte[] RequestData { get; }
}

Public Event OnRequest As OnRequestHandler

Public Delegate Sub OnRequestHandler(sender As Object, e As KMIPClientRequestEventArgs)

Public Class KMIPClientRequestEventArgs Inherits EventArgs
  Public ReadOnly Property RequestData As Byte()
End Class

Remarks

Subscribe to this event to be notified about individual requests sent by the KMIP client to the server.

The RequestData parameter contains the encoded KMIP request. You can alter what is being sent by providing custom request bytes via the SetRequestBytes method.

Response Event (KMIPClient Component)

KMIPClient uses this event to notify the user about the response being received.

Syntax

• C#
• VB.NET

public event OnResponseHandler OnResponse;

public delegate void OnResponseHandler(object sender, KMIPClientResponseEventArgs e);

public class KMIPClientResponseEventArgs : EventArgs {
  public byte[] ResponseData { get; }
}

Public Event OnResponse As OnResponseHandler

Public Delegate Sub OnResponseHandler(sender As Object, e As KMIPClientResponseEventArgs)

Public Class KMIPClientResponseEventArgs Inherits EventArgs
  Public ReadOnly Property ResponseData As Byte()
End Class

Remarks

Subscribe to this event to be notified about KMIP protocol responses that the KMIP client receives from the server.

The ResponseData parameter contains the encoded body of the response. Use SetResponseBytes to alter the response data received before it is processed by the client.

TLSCertNeeded Event (KMIPClient Component)

Fires when a remote TLS party requests a client certificate.

Syntax

• C#
• VB.NET

public event OnTLSCertNeededHandler OnTLSCertNeeded;

public delegate void OnTLSCertNeededHandler(object sender, KMIPClientTLSCertNeededEventArgs e);

public class KMIPClientTLSCertNeededEventArgs : EventArgs {
  public string Host { get; }
  public string CANames { get; }
}

Public Event OnTLSCertNeeded As OnTLSCertNeededHandler

Public Delegate Sub OnTLSCertNeededHandler(sender As Object, e As KMIPClientTLSCertNeededEventArgs)

Public Class KMIPClientTLSCertNeededEventArgs Inherits EventArgs
  Public ReadOnly Property Host As String
  Public ReadOnly Property CANames As String
End Class

Remarks

This event fires to notify the implementation that a remote TLS server has requested a client certificate. The Host parameter identifies the host that makes a request, and the CANames parameter (optional, according to the TLS spec) advises on the accepted issuing CAs.

Use the TLSClientChain property in response to this event to provide the requested certificate. Please make sure the client certificate includes the associated private key. Note that you may set the certificates before the connection without waiting for this event to fire.

This event is preceded by the TLSHandshake event for the given host and, if the certificate was accepted, succeeded by the TLSEstablished event.

TLSCertValidate Event (KMIPClient Component)

This event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance.

Syntax

• C#
• VB.NET

public event OnTLSCertValidateHandler OnTLSCertValidate;

public delegate void OnTLSCertValidateHandler(object sender, KMIPClientTLSCertValidateEventArgs e);

public class KMIPClientTLSCertValidateEventArgs : EventArgs {
  public string ServerHost { get; }
  public string ServerIP { get; }
  public bool Accept { get; set; }
}

Public Event OnTLSCertValidate As OnTLSCertValidateHandler

Public Delegate Sub OnTLSCertValidateHandler(sender As Object, e As KMIPClientTLSCertValidateEventArgs)

Public Class KMIPClientTLSCertValidateEventArgs Inherits EventArgs
  Public ReadOnly Property ServerHost As String
  Public ReadOnly Property ServerIP As String
  Public Property Accept As Boolean
End Class

Remarks

This event is fired during a TLS handshake. Use the TLSServerChain property to access the certificate chain. In general, components may contact a number of TLS endpoints during their work, depending on their configuration.

Accept is assigned in accordance with the outcome of the internal validation check performed by the component, and can be adjusted if needed.

TLSEstablished Event (KMIPClient Component)

Fires when a TLS handshake with Host successfully completes.

Syntax

• C#
• VB.NET

public event OnTLSEstablishedHandler OnTLSEstablished;

public delegate void OnTLSEstablishedHandler(object sender, KMIPClientTLSEstablishedEventArgs e);

public class KMIPClientTLSEstablishedEventArgs : EventArgs {
  public string Host { get; }
  public string Version { get; }
  public string Ciphersuite { get; }
  public byte[] ConnectionId { get; }
  public bool Abort { get; set; }
}

Public Event OnTLSEstablished As OnTLSEstablishedHandler

Public Delegate Sub OnTLSEstablishedHandler(sender As Object, e As KMIPClientTLSEstablishedEventArgs)

Public Class KMIPClientTLSEstablishedEventArgs Inherits EventArgs
  Public ReadOnly Property Host As String
  Public ReadOnly Property Version As String
  Public ReadOnly Property Ciphersuite As String
  Public ReadOnly Property ConnectionId As Byte()
  Public Property Abort As Boolean
End Class

Remarks

The component uses this event to notify the application about a successful completion of a TLS handshake.

The Version, Ciphersuite, and ConnectionId parameters indicate the security parameters of the new connection. Use the Abort parameter if you need to terminate the connection at this stage.

TLSHandshake Event (KMIPClient Component)

Fires when a new TLS handshake is initiated, before the handshake commences.

Syntax

• C#
• VB.NET

public event OnTLSHandshakeHandler OnTLSHandshake;

public delegate void OnTLSHandshakeHandler(object sender, KMIPClientTLSHandshakeEventArgs e);

public class KMIPClientTLSHandshakeEventArgs : EventArgs {
  public string Host { get; }
  public bool Abort { get; set; }
}

Public Event OnTLSHandshake As OnTLSHandshakeHandler

Public Delegate Sub OnTLSHandshakeHandler(sender As Object, e As KMIPClientTLSHandshakeEventArgs)

Public Class KMIPClientTLSHandshakeEventArgs Inherits EventArgs
  Public ReadOnly Property Host As String
  Public Property Abort As Boolean
End Class

Remarks

The component uses this event to notify the application about the start of a new TLS handshake to Host. If the handshake is successful, this event will be followed by the TLSEstablished event. If the server chooses to request a client certificate, the TLSCertNeeded event will also be fired.

TLSPSK Event (KMIPClient Component)

Notifies the application about the PSK key exchange.

Syntax

• C#
• VB.NET

public event OnTLSPSKHandler OnTLSPSK;

public delegate void OnTLSPSKHandler(object sender, KMIPClientTLSPSKEventArgs e);

public class KMIPClientTLSPSKEventArgs : EventArgs {
  public string Host { get; }
  public string Hint { get; }
}

Public Event OnTLSPSK As OnTLSPSKHandler

Public Delegate Sub OnTLSPSKHandler(sender As Object, e As KMIPClientTLSPSKEventArgs)

Public Class KMIPClientTLSPSKEventArgs Inherits EventArgs
  Public ReadOnly Property Host As String
  Public ReadOnly Property Hint As String
End Class

Remarks

The component fires this event to notify the application about the beginning of TLS-PSK key exchange with Host. The Hint parameter may be used by the server to identify the key or service to use. Use the PreSharedKey field of TLSSettings to provide the pre-shared key to the component.

TLSShutdown Event (KMIPClient Component)

Reports the graceful closure of a TLS connection.

Syntax

• C#
• VB.NET

public event OnTLSShutdownHandler OnTLSShutdown;

public delegate void OnTLSShutdownHandler(object sender, KMIPClientTLSShutdownEventArgs e);

public class KMIPClientTLSShutdownEventArgs : EventArgs {
  public string Host { get; }
}

Public Event OnTLSShutdown As OnTLSShutdownHandler

Public Delegate Sub OnTLSShutdownHandler(sender As Object, e As KMIPClientTLSShutdownEventArgs)

Public Class KMIPClientTLSShutdownEventArgs Inherits EventArgs
  Public ReadOnly Property Host As String
End Class

Remarks

This event notifies the application about the closure of an earlier established TLS connection. Note that only graceful connection closures are reported.

Certificate Type

Encapsulates an individual X.509 certificate.

Remarks

This type keeps and provides access to X.509 certificate details.

Fields

Constructors

• C#
• VB.NET

public Certificate(byte[] bytes, int startIndex, int count, string password);

Public Certificate(ByVal Bytes As Byte(), ByVal StartIndex As Integer, ByVal Count As Integer, ByVal Password As String)

Loads the X.509 certificate from a memory buffer. Bytes is a buffer containing the raw certificate data. StartIndex and Count specify the starting position and number of bytes to be read from the buffer, respectively. Password is a password encrypting the certificate.

• C#
• VB.NET

public Certificate(byte[] certBytes, int certStartIndex, int certCount, byte[] keyBytes, int keyStartIndex, int keyCount, string password);

Public Certificate(ByVal CertBytes As Byte(), ByVal CertStartIndex As Integer, ByVal CertCount As Integer, ByVal KeyBytes As Byte(), ByVal KeyStartIndex As Integer, ByVal KeyCount As Integer, ByVal Password As String)

Loads the X.509 certificate from a memory buffer. CertBytes is a buffer containing the raw certificate data. CertStartIndex and CertCount specify the starting position and number of bytes to be read from the buffer, respectively. KeyBytes is a buffer containing the private key data. KeyStartIndex and KeyCount specify the starting position and number of bytes to be read from the buffer, respectively. Password is a password encrypting the certificate.

• C#
• VB.NET

public Certificate(byte[] bytes, int startIndex, int count);

Public Certificate(ByVal Bytes As Byte(), ByVal StartIndex As Integer, ByVal Count As Integer)

Loads the X.509 certificate from a memory buffer. Bytes is a buffer containing the raw certificate data. StartIndex and Count specify the starting position and number of bytes to be read from the buffer, respectively.

• C#
• VB.NET

public Certificate(string path, string password);

Public Certificate(ByVal Path As String, ByVal Password As String)

Loads the X.509 certificate from a file. Path specifies the full path to the file containing the certificate data. Password is a password encrypting the certificate.

• C#
• VB.NET

public Certificate(string certPath, string keyPath, string password);

Public Certificate(ByVal CertPath As String, ByVal KeyPath As String, ByVal Password As String)

Loads the X.509 certificate from a file. CertPath specifies the full path to the file containing the certificate data. KeyPath specifies the full path to the file containing the private key. Password is a password encrypting the certificate.

• C#
• VB.NET

public Certificate(string path);

Public Certificate(ByVal Path As String)

Loads the X.509 certificate from a file. Path specifies the full path to the file containing the certificate data.

• C#
• VB.NET

public Certificate(System.IO.Stream stream);

Public Certificate(ByVal Stream As System.IO.Stream)

Loads the X.509 certificate from a stream. Stream is a stream containing the certificate data.

• C#
• VB.NET

public Certificate(System.IO.Stream stream, string password);

Public Certificate(ByVal Stream As System.IO.Stream, ByVal Password As String)

Loads the X.509 certificate from a stream. Stream is a stream containing the certificate data. Password is a password encrypting the certificate.

• C#
• VB.NET

public Certificate(System.IO.Stream certStream, System.IO.Stream keyStream, string password);

Public Certificate(ByVal CertStream As System.IO.Stream, ByVal KeyStream As System.IO.Stream, ByVal Password As String)

Loads the X.509 certificate from a stream. CertStream is a stream containing the certificate data. KeyStream is a stream containing the private key. Password is a password encrypting the certificate.

• C#
• VB.NET

public Certificate();

Public Certificate()

Creates a new object with default field values.

CRL Type

Represents a Certificate Revocation List.

Remarks

CRLs store information about revoked certificates, i.e., certificates that have been identified as invalid by their issuing certificate authority (CA) for any number of reasons.

Each CRL object lists certificates from a single CA and identifies them by their serial numbers. A CA may or may not publish a CRL, may publish several CRLs, or may publish the same CRL in multiple locations.

Unlike OCSP responses, CRLs only list certificates that have been revoked. They do not list certificates that are still valid.

Fields

Constructors

• C#
• VB.NET

public CRL(byte[] bytes, int startIndex, int count);

Public CRL(ByVal Bytes As Byte(), ByVal StartIndex As Integer, ByVal Count As Integer)

Creates a CRL object from a memory buffer. Bytes is a buffer containing raw (DER) CRL data, StartIndex and Count specify the starting position and the length of the CRL data in the buffer, respectively.

• C#
• VB.NET

public CRL(string location);

Public CRL(ByVal Location As String)

Creates a CRL object by downloading it from a remote location.

• C#
• VB.NET

public CRL(System.IO.Stream stream);

Public CRL(ByVal Stream As System.IO.Stream)

Creates a CRL object from data contained in a stream.

• C#
• VB.NET

public CRL();

Public CRL()

Creates an empty CRL object.

CryptoKey Type

This container represents a cryptographic key.

Remarks

This type is a universal placeholder for cryptographic keys.

Fields

Constructors

• C#
• VB.NET

public CryptoKey();

Public CryptoKey()

Creates an empty crypto key object.

ExternalCrypto Type

Specifies the parameters of external cryptographic calls.

Remarks

External cryptocalls are used in a Distributed Cryptography (DC) subsystem, which allows the delegation of security operations to the remote agent. For instance, it can be used to compute the signature value on the server, while retaining the client's private key locally.

Fields

Constructors

• C#
• VB.NET

public ExternalCrypto();

Public ExternalCrypto()

Creates a new ExternalCrypto object with default field values.

KMIPObject Type

A container representing a KMIP object.

Remarks

KMIPObject represents an object before it is committed to the KMIP server or after it has been read from there. Certificates, certificate requests, keys, and data objects are examples of KMIP objects.

Fields

Constructors

• C#
• VB.NET

public KMIPObject();

Public KMIPObject()

Creates a new KMIP object with the default field values.

• C#
• VB.NET

public KMIPObject(string AObjectId);

Public KMIPObject(ByVal AObjectId As String)

Creates a new KMIP object with the specified field values. Supported object types: otCertificate 0x01 otSymmetricKey 0x02 otPublicKey 0x04 otPrivateKey 0x08 .

OCSPResponse Type

Represents a single OCSP response originating from an OCSP responder.

Remarks

OCSP is a protocol that allows verification of certificate status in real-time, and is an alternative to Certificate Revocation Lists (CRLs).

An OCSP response is a snapshot of the certificate status at a given time.

Fields

Constructors

• C#
• VB.NET

public OCSPResponse(byte[] bytes, int startIndex, int count);

Public OCSPResponse(ByVal Bytes As Byte(), ByVal StartIndex As Integer, ByVal Count As Integer)

Initializes the response from a memory buffer. Bytes is a buffer containing raw OCSP response data, StartIndex and Count specify the starting position and the number of bytes to be read from this buffer.

• C#
• VB.NET

public OCSPResponse(string location);

Public OCSPResponse(ByVal Location As String)

Downloads an OCSP response from a remote location.

• C#
• VB.NET

public OCSPResponse(System.IO.Stream stream);

Public OCSPResponse(ByVal Stream As System.IO.Stream)

Initializes the response with the data from a stream.

• C#
• VB.NET

public OCSPResponse();

Public OCSPResponse()

Creates an empty OCSP response object.

ProxySettings Type

A container for proxy server settings.

Remarks

This type exposes a collection of properties for tuning up the proxy server configuration.

Fields

Constructors

• C#
• VB.NET

public ProxySettings();

Public ProxySettings()

Creates a new ProxySettings object.

SocketSettings Type

A container for the socket settings.

Remarks

This type is a container for socket-layer parameters.

Fields

Constructors

• C#
• VB.NET

public SocketSettings();

Public SocketSettings()

Creates a new SocketSettings object.

TLSConnectionInfo Type

Contains information about a network connection.

Remarks

Use this property to check various details of the network connection. These include the total amounts of data transferred, the availability of TLS, and its parameters.

Fields

Constructors

• C#
• VB.NET

public TLSConnectionInfo();

Public TLSConnectionInfo()

Creates a new TLSConnectionInfo object.

TLSSettings Type

A container for TLS connection settings.

Remarks

The TLS (Transport Layer Security) protocol provides security for information exchanged over insecure connections such as TCP/IP.

Fields