Bytes
byte[] (read-only)
Default: ""

Returns the raw certificate data in DER format.

CA
bool
Default: False

Indicates whether the certificate has a CA capability. For the certificate to be considered a CA, it must have its Basic Constraints extension set with the CA indicator enabled.

Set this field when generating a new certificate to have its Basic Constraints extension generated automatically.

CAKeyID
byte[] (read-only)
Default: ""

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Authority Key Identifier is a certificate extension which allows identification of certificates belonging to the same issuer, but with different public keys. It is a de-facto standard to include this extension in all certificates to facilitate chain building.

This setting cannot be set when generating a certificate as it always derives from another certificate property. CertificateManager generates this setting automatically if enough information is available to it: for self-signed certificates, this value is copied from the SubjectKeyID setting, and for lower-level certificates, from the parent certificate's subject key ID extension.

CertType
CertTypes (read-only)
Default: 0

Returns the type of the entity contained in the Certificate object.

A Certificate object can contain two types of cryptographic objects: a ready-to-use X.509 certificate, or a certificate request ("an unsigned certificate"). Certificate requests can be upgraded to full certificates by signing them with a CA certificate.

Use the CertificateManager component to load or create new certificate and certificate requests objects.

CRLDistributionPoints
string
Default: ""

Contains a list of locations of CRL distribution points used to check this certificate's validity. The list is taken from the respective certificate extension.

Use this field when generating a certificate to provide a list of CRL endpoints that should be made part of the new certificate.

The endpoints are provided as a list of CRLF-separated URLs. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the location separator.

Curve
string
Default: ""

Specifies the elliptic curve associated with the certificate's public key. This setting only applies to certificates containing EC keys.

Fingerprint
string (read-only)
Default: ""

Contains the fingerprint (a hash imprint) of this certificate.

While there is no formal standard defining what a fingerprint is, a SHA1 hash of the certificate's DER-encoded body is typically used.

FriendlyName
string (read-only)
Default: ""

Contains an associated alias (friendly name) of the certificate. The friendly name is not a property of a certificate: it is maintained by the certificate media rather than being included in its DER representation. Windows certificate stores are one example of media that does support friendly names.

HashAlgorithm
string
Default: ""

Provides means to set the hash algorithm to be used in the subsequent operation on the certificate (such as generation or key signing). It is not a property of a certificate; use SigAlgorithm to find out the hash algorithm that is part of the certificate signature.

Issuer
string (read-only)
Default: ""

The common name of the certificate issuer (CA), typically a company name. This is part of a larger set of credentials available via IssuerRDN.

IssuerRDN
string
Default: ""

A list of Property=Value pairs that uniquely identify the certificate issuer.

Example: /C=US/O=Nationwide CA/CN=Web Certification Authority

KeyAlgorithm
string
Default: "0"

Specifies the public key algorithm of this certificate.

Use the KeyBits, Curve, and PublicKeyBytes fields to get more details about the key the certificate contains.

KeyBits
int (read-only)
Default: 0

Returns the length of the public key in bits.

This value indicates the length of the principal cryptographic parameter of the key, such as the length of the RSA modulus or ECDSA field. The key data returned by the PublicKeyBytes or PrivateKeyBytes field would typically contain auxiliary values, and therefore be longer.

KeyFingerprint
string (read-only)
Default: ""

Returns a SHA1 fingerprint of the public key contained in the certificate.

Note that the key fingerprint is different from the certificate fingerprint accessible via the Fingerprint field. The key fingeprint uniquely identifies the public key, and so can be the same for multiple certificates containing the same key.

KeyUsage
int
Default: 0

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

This value is a bit mask of the following values:

Set this field before generating the certificate to propagate the key usage flags to the new certificate.

KeyValid
bool (read-only)
Default: False

Returns True if the certificate's key is cryptographically valid, and False otherwise.

OCSPLocations
string
Default: ""

Locations of OCSP services that can be used to check this certificate's validity in real time, as recorded by the CA.

Set this field before calling the certificate manager's Generate method to propagate it to the new certificate.

The OCSP locations are provided as a list of CRLF-separated URLs. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the location separator.

OCSPNoCheck
bool
Default: False

Accessor to the value of the certificate's ocsp-no-check extension.

Origin
int (read-only)
Default: 0

Returns the location that the certificate was taken or loaded from.

PolicyIDs
string
Default: ""

Contains identifiers (OIDs) of the applicable certificate policies.

The Certificate Policies extension identifies a sequence of policies under which the certificate has been issued, and which regulate its usage.

Set this field when generating a certificate to propagate the policies information to the new certificate.

The policies are provided as a list of CRLF-separated entries. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the policy element separator.

PrivateKeyBytes
byte[] (read-only)
Default: ""

Returns the certificate's private key in DER-encoded format. It is normal for this field to be empty if the private key is non-exportable, which, for example, is typical for certificates originating from hardware security devices.

PrivateKeyExists
bool (read-only)
Default: False

Indicates whether the certificate has a usable private key associated with it. If it is set to True, the certificate can be used for private key operations, such as signing or decryption.

This field is independent from PrivateKeyBytes, and can be set to True even if the former is empty. This would imply that the private key is non-exportable, but still can be used for cryptographic operations.

PrivateKeyExtractable
bool (read-only)
Default: False

Indicates whether the private key is extractable (exportable).

PublicKeyBytes
byte[] (read-only)
Default: ""

Contains the certificate's public key in DER format.

This typically would contain an ASN.1-encoded public key value. The exact format depends on the type of the public key contained in the certificate.

Qualified
bool (read-only)
Default: False

Indicates whether the certificate is qualified.

This property is set to True if the certificate is confirmed by a Trusted List to be qualified.

QualifiedStatements
QualifiedStatementsTypes
Default: 0

Returns a simplified qualified status of the certificate.

Qualifiers
string (read-only)
Default: ""

A list of qualifiers.

Contains a comma-separated list of qualifier aliases for the certificate, for example QCP-n-qscd,QCWithSSCD.

SelfSigned
bool (read-only)
Default: False

Indicates whether the certificate is self-signed (root) or signed by an external CA.

SerialNumber
byte[]
Default: ""

Returns the certificate's serial number.

The serial number is a binary string that uniquely identifies a certificate among others issued by the same CA. According to the X.509 standard, the (issuer, serial number) pair should be globally unique to facilitate chain building.

SigAlgorithm
string (read-only)
Default: ""

Indicates the algorithm that was used by the CA to sign this certificate.

A signature algorithm typically combines hash and public key algorithms together, such as sha256WithRSAEncryption or ecdsa-with-SHA256.

Source
PKISources (read-only)
Default: 0

Returns the source (location or disposition) of a cryptographic primitive entity, such as a certificate, CRL, or OCSP response.

Subject
string (read-only)
Default: ""

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. This is part of a larger set of credentials available via SubjectRDN.

SubjectAlternativeName
string
Default: ""

Returns or sets the value of the Subject Alternative Name extension of the certificate.

Subject alternative names are used to provide additional names that are impractical to store in the main SubjectRDN field. For example, it is often used to store all the domain names that a TLS certificate is authorized to protect.

The alternative names are provided as a list of CRLF-separated entries. Note that this differs from the behaviour used in earlier product versions, where the "|" character was used as the element separator.

SubjectKeyID
byte[]
Default: ""

Contains a unique identifier of the certificate's cryptographic key.

Subject Key Identifier is a certificate extension which allows a specific public key to be associated with a certificate holder. Typically, subject key identifiers of CA certificates are recorded as respective CA key identifiers in the subordinate certificates that they issue, which facilitates chain building.

The SubjectKeyID and CAKeyID fields of self-signed certificates typically contain identical values, as in that specific case, the issuer and the subject are the same entity.

SubjectRDN
string
Default: ""

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Depending on the purpose of the certificate and the policies of the CA that issued it, the values included in the subject record may differ drastically and contain business or personal names, web URLs, email addresses, and other data.

Example: /C=US/O=Oranges and Apples, Inc./OU=Accounts Receivable/1.2.3.4.5=Value with unknown OID/CN=Margaret Watkins.

Valid
bool (read-only)
Default: False

Indicates whether or not the signature over the certificate or the request is valid and matches the public key contained in the CA certificate/request.

ValidFrom
string
Default: ""

The time point at which the certificate becomes valid, in UTC.

ValidTo
string
Default: ""

The time point at which the certificate expires, in UTC.

AsyncDocumentID
string
Default: ""

Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.

Use this property when working with multi-signature DCAuth requests and responses to uniquely identify documents signed within a larger batch. On the completion stage, this value helps the signing component identify the correct signature in the returned batch of responses.

If using batched requests, make sure to set this property to the same value on both the pre-signing (SignAsyncBegin) and completion (SignAsyncEnd) stages.

CustomParams
string
Default: ""

Custom parameters to be passed to the signing service (uninterpreted).

Data
string
Default: ""

Additional data to be included in the async state and mirrored back by the requestor.

ExternalHashCalculation
bool
Default: False

Specifies whether the message hash is to be calculated at the external endpoint. Please note that this mode is not supported by the DCAuth component.

If set to true, the component will pass a few kilobytes of to-be-signed data from the document to the OnExternalSign event. This only applies when SignExternal() is called.

HashAlgorithm
string
Default: "SHA256"

Specifies the request's signature hash algorithm.

KeyID
string
Default: ""

The ID of the pre-shared key used for DC request authentication.

Asynchronous DCAuth-driven communication requires that parties authenticate each other with a secret pre-shared cryptographic key. This provides an extra protection layer for the protocol and diminishes the risk of the private key becoming abused by foreign parties. Use this property to provide the pre-shared key identifier, and use KeySecret to pass the key itself.

The same KeyID/KeySecret pair should be used on the DCAuth side for the signing requests to be accepted.

Note: The KeyID/KeySecret scheme is very similar to the AuthKey scheme used in various Cloud service providers to authenticate users.

Example: signer.ExternalCrypto.KeyID = "MainSigningKey"; signer.ExternalCrypto.KeySecret = "abcdef0123456789";

KeySecret
string
Default: ""

The pre-shared key used for DC request authentication. This key must be set and match the key used by the DCAuth counterpart for the scheme to work.

Read more about configuring authentication in the KeyID topic.

Method
AsyncSignMethods
Default: 0

Specifies the asynchronous signing method. This is typically defined by the DC server capabilities and setup.

Available options:

Mode
ExternalCryptoModes
Default: 0

Specifies the external cryptography mode.

Available options:

PublicKeyAlgorithm
string
Default: ""

Provide the public key algorithm here if the certificate is not available on the pre-signing stage.

Address
string
Default: ""

Contains the e-mail address in the form of john@doe.com.

DisplayName
string
Default: ""

Contains the friendly name of the user of this address, such as John Doe.

GroupName
string
Default: ""

The name of the group this address belongs to.

ContentSubtype
string
Default: ""

Contains the content subtype of the attachment.

ContentType
string
Default: ""

Contains the content type of the attachment.

CreationDate
string
Default: ""

The creation date.

Data
byte[]
Default: ""

The content of the attachment.

Description
string
Default: ""

Textual description of the attachment.

This property maps to the Content-Description e-mail header field. Although the field is optional, the ability to associate descriptive information with a given body is often desirable. One example is specifying the title of an image using this property.

FileName
string
Default: ""

Specifies the name of the attachment file.

ID
string
Default: ""

Contains the attachment's unique identifier.

ModificationDate
string
Default: ""

Specifies the date and time of the file's last modification.

ReadDate
string
Default: ""

Specifies the file's last read date.

Size
long
Default: 0

The attachment's size in bytes.

AttachmentCount
int (read-only)
Default: 0

Returns the number of attachments in this message.

Bcc
string
Default: ""

The contents of the BCC header field.

The BCC header field contains the addresses of secondary recipients of the message whose addresses are not to be revealed to other recipients of the message. Mail servers remove the BCC header when processing the message and use its value for dispatching the message only.

Cc
string
Default: ""

The value of the CC header field.

The CC field contains the addresses of secondary recipients of the message.

Comments
string
Default: ""

Contains additional information about the message body.

Date
string
Default: ""

The date and time when the message entered the mail delivery system.

This field contains the date and time at which the creator of the message posted the message to the mail delivery system.

The date is returned and accepted in UTC time zone.

DeliveryReceipt
bool
Default: False

Enables delivery notification.

From
string
Default: ""

Contains the value of the From header field.

This field contains the address(es) of the message author(s). If the actual sender is not the author of the message, use Sender to specify the sender separately.

HtmlText
string
Default: ""

The HTML version of the message.

ID
string
Default: ""

The contents of the Message-ID header field.

This field contains a unique identifier that refers to a particular version of this message.

InReplyTo
string
Default: ""

The value of the In-Reply-To header field.

A reply message should have the "In-Reply-To:" header field which may be used to identify the message (or messages) to which the new message is a reply.

Keywords
string
Default: ""

The value of the Keywords header field.

This field can be used to add some important words and phrases that might be useful for the recipient.

Mailer
string (read-only)
Default: ""

The name of the software that was used to send the message.

PlainText
string
Default: ""

The plain text version of the message.

Priority
MailPriorities
Default: 2

Specifies the message priority.

Available options:

ReadReceipt
bool
Default: False

Enables a read notification.

References
string
Default: ""

The value of the References header field.

A reply message should include a "References:" header field which may be used to identify the "conversation thread". If the initial message is a reply itself, the References of the reply contain combined content of its "References:", "InReplyTo:" and "MessageID:" fields, subject to their presence in the original message.

ReplyTo
string
Default: ""

The value of the Reply-To header field.

This field contains the addresses to which the replies to this message should be sent. This field is optional. If not specified, the replies must be sent to the addresses specified in the From field.

ReturnPath
string
Default: ""

The value of the Return-Path header field.

This field contains the address to which this message shall be returned in case of unsuccessful delivery.

Sender
string
Default: ""

The value of the Sender header field.

This field specifies the mailbox of the agent responsible for the actual transmission of this message. If the originator of the message can be indicated by a single mailbox and both the author and the transmitter are identical, the "Sender:" field is deemed excessive and should not be used.

SendTo
string
Default: ""

The value of the To header field.

This field specifies the address(es) of the primary recipient(s) of the message.

Subject
string
Default: ""

Contains the subject field of this message.

ClaimedSigningTime
string
Default: ""

Specifies the signing time from the signer's computer.

Use this property to specify the signature production time. The claimed time is not covered by the signature, may be forfeited or wrong, and as such is usually taken by verifiers for informational purposes only.

Encrypt
bool
Default: False

Whether to encrypt the message.

EncryptionAlgorithm
string
Default: "AES128"

Specifies the encryption algorithm to be used.

HashAlgorithm
string
Default: "SHA256"

Specifies the hash algorithm to be used.

Sign
bool
Default: False

Whether to sign the message.

SignatureFormat
MailSignatureFormats
Default: 0

Specifies the signature format to use for the signed message.

Available options:

SignBeforeEncrypt
bool
Default: True

Specifies the order of encryption and signing operations.

SignMessageHeader
bool
Default: False

Specifies whether to include the message header in the signature calculation.

Category
string
Default: ""

Specifies the string category of the contained value.

This property allows to check or set the category (or type) associated with the contained value. Depending on the format used to load or save the string, the category parameter may or may not be used.

For example, for ASN.1 property lists the category contains the ASN.1 tag of the contained data (OCTETSTRING, UTF8STRING, INTEGER, ...). For basic (name, value) pairs, such as HTTP headers, the category parameter is not used.

Format
int
Default: 0

Specifies the format (encoding) of the value contained in the Value property.

Use this property to check or set the format of the contained value. Remember to provide the actual value in the appropriate format that matches this setting: utils.NameValuePairs[0].Name = "key"; utils.NameValuePairs[0].Format = svfBinary; utils.NameValuePairs[0].Name = "0a1b2c3d4e5f6071";

The following formats are currently supported:

Name
string
Default: ""

The name element in a (name, value) pair.

Value
string
Default: ""

The value element in a (name, value) pair.