PGPWriter Class

Properties   Methods   Events   Config Settings   Errors  

The PGPWriter class protects data using PGP keys.

Class Name

SecureBlackbox_PGPWriter

Procedural Interface

 secureblackbox_pgpwriter_open();
 secureblackbox_pgpwriter_close($res);
 secureblackbox_pgpwriter_register_callback($res, $id, $function);
 secureblackbox_pgpwriter_get_last_error($res);
 secureblackbox_pgpwriter_get_last_error_code($res);
 secureblackbox_pgpwriter_set($res, $id, $index, $value);
 secureblackbox_pgpwriter_get($res, $id, $index);
 secureblackbox_pgpwriter_do_cleartextsign($res);
 secureblackbox_pgpwriter_do_config($res, $configurationstring);
 secureblackbox_pgpwriter_do_doaction($res, $actionid, $actionparams);
 secureblackbox_pgpwriter_do_encrypt($res);
 secureblackbox_pgpwriter_do_encryptandsign($res);
 secureblackbox_pgpwriter_do_reset($res);
 secureblackbox_pgpwriter_do_sign($res, $detached);

Remarks

PGPWriter lets you encrypt, sign, armor, and compress files and data in accordance with PGP standard.

PGPWriter supports all modern PGP keys and formats, from last-century PGP 2.6.x to the state-of-the art PGP 6. Single- and multi-file, as well as for-your-eyes-only PGP containers are supported.

Important note. Starting with SecureBlackbox 2024, PGPWriter and PGPReader fully support PGPv6 specification. Introduction of PGPv6 comes with certain upgrade of the default security settings used in these components. Although any projects that rely on earlier SecureBlackbox versions are likely to migrate to SecureBlackbox 2024 without any issues, the mentioned upgrade in security defaults may make protected files that your software produces incompatible with the software on the other end (particularly if that software is on the older scale of age).

While every care was taken to preserve interoperability wherever possible, some security settings could not be upgraded without the risk of affecting it. That said, none of the functionality was removed, so if you start encountering compatibility problems after upgrading to SecureBlackbox 2024, there is always a way back to the 'working' settings.

Please see the section at the end of this topic for the summary of differences between SBB 2022 and SBB 2024 in terms of security settings.

Preparing keys

Encryption and signing in PGP is done with asymmetric keys. Keys are normally stored in files called keyrings. More often that not they consist of a pair of files: a public keyring (e.g pubring.pkr) and a secret keyring (secring.skr), although there are exceptions. Sometimes, recipients provide senders with standalone public keys that they want them to encrypt data with.

Whichever form your keyring takes, use PGPKeyring to load it first. It is recommended to load all the keyring files that you have to make sure you have all the keys loaded. PGPKeyring can detect duplicate keys, so don't worry about loading the same key twice - any duplicates will be neatly merged together into one key object.

 
 Copy
  PGPKeyring keyring = new PGPKeyring();
  keyring.ImportFromFile("pubring.pkr");
  keyring.ImportFromFile("secring.skr");

Now that you've loaded the keyring files, it is time to identify the key(s) that you need to use and pass them to PGPWriter. The best way to do it may differ between environments. Among the options available are iterating over the whole Keys collection of the PGPKeyring object, using its Select method to filter keys by UserID, or just using the whole set of keys if loading a standalone key.

Whichever way you choose to select the keys, there are a few considerations that need to be taken into account. First, keep in mind that the Keys collection contains both the primary keys and their subkeys. PGP is very flexible on how the 'key trees' can be formed, which means that keys from different vendors may use different key tree patterns.

The most commonly used key tree pattern is where the primary key is sign-only, and its only subkey is encrypt-only. However, there can be different arrangements: for example, there can be more than one subkey in the key tree, or the primary key can be used for encryption alongside the subkey. Please take extra care to figure out what kind of key tree you are dealing with, and select appropriate keys with that structure in mind.

The following properties of the key objects might be helpful in filtering the keys by their purpose:

• and properties of the key objects provide information on the key algorithm capabilities. If you are looking to encrypt data, a key or subkey with its CanEncrypt set to false can be safely excluded from the candidate list.
• and specify whether the key contains the public or private part of the keypair. If you are looking to sign data, keys with their IsSecret set to false can be discarded, as signing can only be done with private keys.
• specifies the key's expiration date. Expired keys can be ignored. This is often useful where the vendor updates their keys by issuing fresh subkeys while keeping older ones in the key tree.

Now that you've identified the appropriate keys, you can add them to the respective collections of PGPWriter: EncryptingKeys and SigningKeys. However, there is one important catch that you need to keep in mind.

Private PGP keys are typically protected with passwords. To be able to use them, you need to provide the valid password to the component. You can do that in one of the following two ways:

• By assigning the password to property. You can check whether the provided passphrase is valid using the property.
• By subscribing to KeyPassphraseNeeded event and providing the password from within the event handler. This event will be fired for each private key for which no valid password was provided.

Configuring protection

Protection configuration if quite straightforward and encompasses adjustment of the following settings:

• Provide the input data via the InputFile (or InputBytes) property.
• Provide the destination in OutputFile. If no output destination is provided, the output will be generated in OutputBytes.
• Provide the filename for the file being protected in Filename.
• Set EncryptionAlgorithm and HashAlgorithm, as (and if) required.
• Set Compress to true if you would like the input compressed. You can tune up compression further with CompressionAlgorithm and CompressionLevel settings.
• Set Armor if you would like the output to be base64-armored.

Protecting the file

You are all set now. Call the appropriate protection method to proceed with the file protection:

• Encrypt: encrypt the input data with all the public keys provided in EncryptingKeys.
• Sign: sign the input data with all the private keys provided in SigningKeys.
• EncryptAndSign: encrypt the input data with all the public keys provided in EncryptingKeys and sign it with all the private keys provided in SigningKeys.
• ClearTextSign: sign the input data in email-like way with all the private keys provided in SigningKeys. This method only works with textual ASCII data.

 
 Copy
  Writer.InputFile = "C:\files\input.txt";
  Writer.OutputFile = "C:\files\output.pgp";
  Writer.Filename = "input.txt";
  Writer.EncryptionAlgorithm = "AES256";
  Writer.SigningKeys.Add(Keyring.Keys[0]);
  Writer.EncryptingKeys.Add(Keyring.Keys[1]);
  Writer.EncryptAndSign();

Summary of changes in security defaults between SBB 2022 and SBB 2024

Protection type.

While the set of Protection elements stayed the same, the meaning of the elements changed (deflated):

• pptNone: stayed the same
• pptLow in version 2024 corresponds to the protection settings that used to be marked as pptNormal in version 2022.
• pptNormal in version 2024 corresponds to the protection settings that used to be marked as pptHigh in version 2022.
• pptHigh has no equivalent level of protection in version 2022. It corresponds to strong authenticated encryption (AEAD) and KDF introduced in PGP v5 and v6.

Cryptographic algorithms

The default value of HashAlgorithm has changed from SHA1 (SBB 2022) to SHA256 (SBB 2024). The default value of EncryptionAlgorithm changed from CAST5 (SBB 2022) to AES128 (SBB 2024).

This change applies throughout all the PGP components.

UseNewFeatures configuration setting

In SBB 2022 and earlier versions the meaning behind this configuration setting was about enforcing 'new' RFC4880 features, such as MDC packets for authenticated encryption and one-pass signatures.

In SBB 2024, this setting regained its 'new' connotation and applies to PGP v6 features such as AEAD encryption. Use this setting with care as older PGP implementations may struggle to process files protected with PGP v6 features.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

Armor Property (SecureBlackbox_PGPWriter Class)

Specifies whether the data should be armored.

Object Oriented Interface

public function getArmor();
public function setArmor($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 1 );
secureblackbox_pgpwriter_set($res, 1, $value );

Default Value

false

Remarks

Switch this property on to armor the protected data by encoding it in base64 and enveloping with BEGIN and END markings.

Data Type

Boolean

ArmorBoundary Property (SecureBlackbox_PGPWriter Class)

A boundary to put around the base64 armor.

Object Oriented Interface

public function getArmorBoundary();
public function setArmorBoundary($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 2 );
secureblackbox_pgpwriter_set($res, 2, $value );

Default Value

''

Remarks

Use this property to specify the boundary to put around the base64 armor. If set to 'PGP MESSAGE', the armored data will be enveloped with '-----BEGIN PGP MESSAGE-----' and '-----END PGP MESSAGE-----' lines.

This property only makes sense if Armor is set True.

Data Type

String

ArmorHeaders Property (SecureBlackbox_PGPWriter Class)

Additional headers to include with the armored message.

Object Oriented Interface

public function getArmorHeaders();
public function setArmorHeaders($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 3 );
secureblackbox_pgpwriter_set($res, 3, $value );

Default Value

''

Remarks

Use this property to specify additional headers to be included with the armored message.

Assign this property with a multi-line text, with each line being of "header: value" form (without quotes).

Data Type

String

Compress Property (SecureBlackbox_PGPWriter Class)

Whether to compress the data before encrypting it.

Object Oriented Interface

public function getCompress();
public function setCompress($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 4 );
secureblackbox_pgpwriter_set($res, 4, $value );

Default Value

false

Remarks

Set this property to True to compress the data before encryption. Use CompressionAlgorithm and CompressionLevel to tune up compression parameters.

Data Type

Boolean

CompressionAlgorithm Property (SecureBlackbox_PGPWriter Class)

The compression algorithm to use.

Object Oriented Interface

public function getCompressionAlgorithm();
public function setCompressionAlgorithm($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 5 );
secureblackbox_pgpwriter_set($res, 5, $value );

Default Value

'Uncompressed'

Remarks

Use this property to specify the compression algorithm to use before encrypting the data. This property only makes sense if Compress is True.

Data Type

String

CompressionLevel Property (SecureBlackbox_PGPWriter Class)

The compression level to use.

Object Oriented Interface

public function getCompressionLevel();
public function setCompressionLevel($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 6 );
secureblackbox_pgpwriter_set($res, 6, $value );

Default Value

0

Remarks

Use this property to specify the compression level, from 1 (fastest) to 9 (best).

Data Type

Integer

EncryptingKeyCount Property (SecureBlackbox_PGPWriter Class)

The number of records in the EncryptingKey arrays.

Object Oriented Interface

public function getEncryptingKeyCount();
public function setEncryptingKeyCount($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 7 );
secureblackbox_pgpwriter_set($res, 7, $value );

Default Value

0

Remarks

This property controls the size of the following arrays:

• EncryptingKeyHandle
• EncryptingKeyKeyFP
• EncryptingKeyKeyID
• EncryptingKeyUsername

The array indices start at 0 and end at EncryptingKeyCount - 1.

This property is not available at design time.

Data Type

Integer

EncryptingKeyHandle Property (SecureBlackbox_PGPWriter Class)

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Object Oriented Interface

public function getEncryptingKeyHandle($encryptingkeyindex);
public function setEncryptingKeyHandle($encryptingkeyindex, $value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 14 , $encryptingkeyindex);
secureblackbox_pgpwriter_set($res, 14, $value , $encryptingkeyindex);

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation.

 
 Copy
  pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The $encryptingkeyindex parameter specifies the index of the item in the array. The size of the array is controlled by the EncryptingKeyCount property.

This property is not available at design time.

Data Type

Long64

EncryptingKeyKeyFP Property (SecureBlackbox_PGPWriter Class)

The 20-byte fingerprint (hash value) of this key.

Object Oriented Interface

public function getEncryptingKeyKeyFP($encryptingkeyindex);

Procedural Interface

secureblackbox_pgpwriter_get($res, 18 , $encryptingkeyindex);

Default Value

''

Remarks

The 20-byte fingerprint (hash value) of this key.

KeyFP could be used to distinguish two keys with the same KeyID.

The $encryptingkeyindex parameter specifies the index of the item in the array. The size of the array is controlled by the EncryptingKeyCount property.

This property is read-only and not available at design time.

Data Type

String

EncryptingKeyKeyID Property (SecureBlackbox_PGPWriter Class)

Contains a 8-byte key identifier.

Object Oriented Interface

public function getEncryptingKeyKeyID($encryptingkeyindex);

Procedural Interface

secureblackbox_pgpwriter_get($res, 19 , $encryptingkeyindex);

Default Value

''

Remarks

Contains a 8-byte key identifier.

It is quite rare that IDs of two keys collide. If that happens, their fingerprints (KeyFP) can be used for distinguish between the keys. Please note that many PGP implementations show only 4 lowest bytes of the KeyID to the user.

The $encryptingkeyindex parameter specifies the index of the item in the array. The size of the array is controlled by the EncryptingKeyCount property.

This property is read-only and not available at design time.

Data Type

String

EncryptingKeyUsername Property (SecureBlackbox_PGPWriter Class)

Specifies the name of the user bound to this key.

Object Oriented Interface

public function getEncryptingKeyUsername($encryptingkeyindex);

Procedural Interface

secureblackbox_pgpwriter_get($res, 27 , $encryptingkeyindex);

Default Value

''

Remarks

Specifies the name of the user bound to this key.

The PGP username is typically represented with a full name and an email address, but generally can be any non-empty string.

The $encryptingkeyindex parameter specifies the index of the item in the array. The size of the array is controlled by the EncryptingKeyCount property.

This property is read-only and not available at design time.

Data Type

String

EncryptionAlgorithm Property (SecureBlackbox_PGPWriter Class)

A symmetric algorithm to use for data encryption.

Object Oriented Interface

public function getEncryptionAlgorithm();
public function setEncryptionAlgorithm($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 30 );
secureblackbox_pgpwriter_set($res, 30, $value );

Default Value

'AES128'

Remarks

Use this property to specify a symmetric algorithm to use for data encryption.

Data Type

String

ExternalCryptoAsyncDocumentID Property (SecureBlackbox_PGPWriter Class)

Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.

Object Oriented Interface

public function getExternalCryptoAsyncDocumentID();
public function setExternalCryptoAsyncDocumentID($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 31 );
secureblackbox_pgpwriter_set($res, 31, $value );

Default Value

''

Remarks

Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.

Use this property when working with multi-signature DCAuth requests and responses to uniquely identify documents signed within a larger batch. On the completion stage, this value helps the signing component identify the correct signature in the returned batch of responses.

If using batched requests, make sure to set this property to the same value on both the pre-signing (SignAsyncBegin) and completion (SignAsyncEnd) stages.

Data Type

String

ExternalCryptoCustomParams Property (SecureBlackbox_PGPWriter Class)

Custom parameters to be passed to the signing service (uninterpreted).

Object Oriented Interface

public function getExternalCryptoCustomParams();
public function setExternalCryptoCustomParams($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 32 );
secureblackbox_pgpwriter_set($res, 32, $value );

Default Value

''

Remarks

Custom parameters to be passed to the signing service (uninterpreted).

This property is not available at design time.

Data Type

String

ExternalCryptoData Property (SecureBlackbox_PGPWriter Class)

Additional data to be included in the async state and mirrored back by the requestor.

Object Oriented Interface

public function getExternalCryptoData();
public function setExternalCryptoData($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 33 );
secureblackbox_pgpwriter_set($res, 33, $value );

Default Value

''

Remarks

Additional data to be included in the async state and mirrored back by the requestor.

This property is not available at design time.

Data Type

String

ExternalCryptoExternalHashCalculation Property (SecureBlackbox_PGPWriter Class)

Specifies whether the message hash is to be calculated at the external endpoint.

Object Oriented Interface

public function getExternalCryptoExternalHashCalculation();
public function setExternalCryptoExternalHashCalculation($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 34 );
secureblackbox_pgpwriter_set($res, 34, $value );

Default Value

false

Remarks

Specifies whether the message hash is to be calculated at the external endpoint. Please note that this mode is not supported by the DCAuth class.

If set to true, the class will pass a few kilobytes of to-be-signed data from the document to the OnExternalSign event. This only applies when SignExternal() is called.

Data Type

Boolean

ExternalCryptoHashAlgorithm Property (SecureBlackbox_PGPWriter Class)

Specifies the request's signature hash algorithm.

Object Oriented Interface

public function getExternalCryptoHashAlgorithm();
public function setExternalCryptoHashAlgorithm($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 35 );
secureblackbox_pgpwriter_set($res, 35, $value );

Default Value

'SHA256'

Remarks

Specifies the request's signature hash algorithm.

Data Type

String

ExternalCryptoKeyID Property (SecureBlackbox_PGPWriter Class)

The ID of the pre-shared key used for DC request authentication.

Object Oriented Interface

public function getExternalCryptoKeyID();
public function setExternalCryptoKeyID($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 36 );
secureblackbox_pgpwriter_set($res, 36, $value );

Default Value

''

Remarks

The ID of the pre-shared key used for DC request authentication.

Asynchronous DCAuth-driven communication requires that parties authenticate each other with a secret pre-shared cryptographic key. This provides an extra protection layer for the protocol and diminishes the risk of the private key becoming abused by foreign parties. Use this property to provide the pre-shared key identifier, and use ExternalCryptoKeySecret to pass the key itself.

The same KeyID/KeySecret pair should be used on the DCAuth side for the signing requests to be accepted.

Note: The KeyID/KeySecret scheme is very similar to the AuthKey scheme used in various Cloud service providers to authenticate users.

Example:

 
 Copy
  signer.ExternalCrypto.KeyID = "MainSigningKey";
  signer.ExternalCrypto.KeySecret = "abcdef0123456789";

Data Type

String

ExternalCryptoKeySecret Property (SecureBlackbox_PGPWriter Class)

The pre-shared key used for DC request authentication.

Object Oriented Interface

public function getExternalCryptoKeySecret();
public function setExternalCryptoKeySecret($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 37 );
secureblackbox_pgpwriter_set($res, 37, $value );

Default Value

''

Remarks

The pre-shared key used for DC request authentication. This key must be set and match the key used by the DCAuth counterpart for the scheme to work.

Read more about configuring authentication in the ExternalCryptoKeyID topic.

Data Type

String

ExternalCryptoMethod Property (SecureBlackbox_PGPWriter Class)

Specifies the asynchronous signing method.

Object Oriented Interface

public function getExternalCryptoMethod();
public function setExternalCryptoMethod($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 38 );
secureblackbox_pgpwriter_set($res, 38, $value );

Possible Values

PGPWRITER_EXTERNALCRYPTOMETHOD_PKCS1(0), 
PGPWRITER_EXTERNALCRYPTOMETHOD_PKCS7(1)

Default Value

0

Remarks

Specifies the asynchronous signing method. This is typically defined by the DC server capabilities and setup.

Available options:

Data Type

Integer

ExternalCryptoMode Property (SecureBlackbox_PGPWriter Class)

Specifies the external cryptography mode.

Object Oriented Interface

public function getExternalCryptoMode();
public function setExternalCryptoMode($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 39 );
secureblackbox_pgpwriter_set($res, 39, $value );

Possible Values

PGPWRITER_EXTERNALCRYPTOMODE_DEFAULT(0), 
PGPWRITER_EXTERNALCRYPTOMODE_DISABLED(1), 
PGPWRITER_EXTERNALCRYPTOMODE_GENERIC(2), 
PGPWRITER_EXTERNALCRYPTOMODE_DCAUTH(3), 
PGPWRITER_EXTERNALCRYPTOMODE_DCAUTH_JSON(4)

Default Value

0

Remarks

Specifies the external cryptography mode.

Available options:

This property is not available at design time.

Data Type

Integer

ExternalCryptoPublicKeyAlgorithm Property (SecureBlackbox_PGPWriter Class)

Provide the public key algorithm here if the certificate is not available on the pre-signing stage.

Object Oriented Interface

public function getExternalCryptoPublicKeyAlgorithm();
public function setExternalCryptoPublicKeyAlgorithm($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 40 );
secureblackbox_pgpwriter_set($res, 40, $value );

Default Value

''

Remarks

Provide the public key algorithm here if the certificate is not available on the pre-signing stage.

Data Type

String

FileName Property (SecureBlackbox_PGPWriter Class)

Specifies the name of the file being protected.

Object Oriented Interface

public function getFileName();
public function setFileName($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 41 );
secureblackbox_pgpwriter_set($res, 41, $value );

Default Value

''

Remarks

Use this property to set the name of the file being protected, such as 'document.txt'. If Filename is empty or its value is "_CONSOLE", the data will be protected for-your-eyes-only, meaning the decryptor will only be able to read it on their screen, but not save.

Data Type

String

FIPSMode Property (SecureBlackbox_PGPWriter Class)

Reserved.

Object Oriented Interface

public function getFIPSMode();
public function setFIPSMode($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 42 );
secureblackbox_pgpwriter_set($res, 42, $value );

Default Value

false

Remarks

This property is reserved for future use.

Data Type

Boolean

HashAlgorithm Property (SecureBlackbox_PGPWriter Class)

The hash algorithm to use for signing.

Object Oriented Interface

public function getHashAlgorithm();
public function setHashAlgorithm($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 43 );
secureblackbox_pgpwriter_set($res, 43, $value );

Default Value

''

Remarks

Use this property to specify the hash algorithm to use for calculating signatures.

Data Type

String

InputBytes Property (SecureBlackbox_PGPWriter Class)

Use this property to pass the input to class in byte array form.

Object Oriented Interface

public function getInputBytes();
public function setInputBytes($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 44 );
secureblackbox_pgpwriter_set($res, 44, $value );

Remarks

Assign a byte array containing the data to be processed to this property.

This property is not available at design time.

Data Type

Byte Array

InputFile Property (SecureBlackbox_PGPWriter Class)

Provides a filename of a file to process.

Object Oriented Interface

public function getInputFile();
public function setInputFile($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 45 );
secureblackbox_pgpwriter_set($res, 45, $value );

Default Value

''

Remarks

Use this property to provide a path to the file to be encrypted and/or signed.

If you assign this property with a directory name, all the files contained in the directory will be packed into the resulting protected file.

Data Type

String

InputIsText Property (SecureBlackbox_PGPWriter Class)

Whether the input data is text.

Object Oriented Interface

public function getInputIsText();
public function setInputIsText($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 46 );
secureblackbox_pgpwriter_set($res, 46, $value );

Default Value

false

Remarks

Set this property to true to indicate that the supplied data should be treated as text.

Data Type

Boolean

OutputBytes Property (SecureBlackbox_PGPWriter Class)

Use this property to read the output the class object has produced.

Object Oriented Interface

public function getOutputBytes();

Procedural Interface

secureblackbox_pgpwriter_get($res, 47 );

Remarks

Read the contents of this property after the operation has completed to read the produced output. This property will only be set if the OutputFile and OutputStream properties had not been assigned.

This property is read-only and not available at design time.

Data Type

Byte Array

OutputFile Property (SecureBlackbox_PGPWriter Class)

The file where the encrypted and/or signed data will be saved.

Object Oriented Interface

public function getOutputFile();
public function setOutputFile($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 48 );
secureblackbox_pgpwriter_set($res, 48, $value );

Default Value

''

Remarks

Use this property to provide a path to the file where the class should store the encrypted and/or signed data.

Data Type

String

Passphrase Property (SecureBlackbox_PGPWriter Class)

The encryption password.

Object Oriented Interface

public function getPassphrase();
public function setPassphrase($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 49 );
secureblackbox_pgpwriter_set($res, 49, $value );

Default Value

''

Remarks

Use this property to provide the encryption password. If an encryption password is used, no key will be needed to decrypt the data.

Data Type

String

Profile Property (SecureBlackbox_PGPWriter Class)

Specifies a pre-defined profile to apply when creating the signature.

Object Oriented Interface

public function getProfile();
public function setProfile($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 50 );
secureblackbox_pgpwriter_set($res, 50, $value );

Default Value

''

Remarks

Advanced signatures come in many variants, which are often defined by parties that needs to process them or by local standards. SecureBlackbox profiles are sets of pre-defined configurations which correspond to particular signature variants. By specifying a profile, you are pre-configuring the component to make it produce the signature that matches the configuration corresponding to that profile.

Data Type

String

Protection Property (SecureBlackbox_PGPWriter Class)

Specifies a password protection level.

Object Oriented Interface

public function getProtection();
public function setProtection($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 51 );
secureblackbox_pgpwriter_set($res, 51, $value );

Possible Values

PGPWRITER_PROTECTION_NONE(0), 
PGPWRITER_PROTECTION_LOW(1), 
PGPWRITER_PROTECTION_NORMAL(2), 
PGPWRITER_PROTECTION_HIGH(3)

Default Value

0

Remarks

This property specifies the complexity of key derivation function for password-protected documents.

Allowed values:

Data Type

Integer

SigningKeyCount Property (SecureBlackbox_PGPWriter Class)

The number of records in the SigningKey arrays.

Object Oriented Interface

public function getSigningKeyCount();
public function setSigningKeyCount($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 52 );
secureblackbox_pgpwriter_set($res, 52, $value );

Default Value

0

Remarks

This property controls the size of the following arrays:

• SigningKeyHandle
• SigningKeyKeyFP
• SigningKeyKeyID
• SigningKeyPassphrase
• SigningKeyPassphraseValid
• SigningKeyUsername

The array indices start at 0 and end at SigningKeyCount - 1.

This property is not available at design time.

Data Type

Integer

SigningKeyHandle Property (SecureBlackbox_PGPWriter Class)

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Object Oriented Interface

public function getSigningKeyHandle($signingkeyindex);
public function setSigningKeyHandle($signingkeyindex, $value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 59 , $signingkeyindex);
secureblackbox_pgpwriter_set($res, 59, $value , $signingkeyindex);

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation.

 
 Copy
  pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The $signingkeyindex parameter specifies the index of the item in the array. The size of the array is controlled by the SigningKeyCount property.

This property is not available at design time.

Data Type

Long64

SigningKeyKeyFP Property (SecureBlackbox_PGPWriter Class)

The 20-byte fingerprint (hash value) of this key.

Object Oriented Interface

public function getSigningKeyKeyFP($signingkeyindex);

Procedural Interface

secureblackbox_pgpwriter_get($res, 63 , $signingkeyindex);

Default Value

''

Remarks

The 20-byte fingerprint (hash value) of this key.

KeyFP could be used to distinguish two keys with the same KeyID.

The $signingkeyindex parameter specifies the index of the item in the array. The size of the array is controlled by the SigningKeyCount property.

This property is read-only and not available at design time.

Data Type

String

SigningKeyKeyID Property (SecureBlackbox_PGPWriter Class)

Contains a 8-byte key identifier.

Object Oriented Interface

public function getSigningKeyKeyID($signingkeyindex);

Procedural Interface

secureblackbox_pgpwriter_get($res, 64 , $signingkeyindex);

Default Value

''

Remarks

Contains a 8-byte key identifier.

It is quite rare that IDs of two keys collide. If that happens, their fingerprints (KeyFP) can be used for distinguish between the keys. Please note that many PGP implementations show only 4 lowest bytes of the KeyID to the user.

The $signingkeyindex parameter specifies the index of the item in the array. The size of the array is controlled by the SigningKeyCount property.

This property is read-only and not available at design time.

Data Type

String

SigningKeyPassphrase Property (SecureBlackbox_PGPWriter Class)

The key protection password.

Object Oriented Interface

public function getSigningKeyPassphrase($signingkeyindex);
public function setSigningKeyPassphrase($signingkeyindex, $value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 65 , $signingkeyindex);
secureblackbox_pgpwriter_set($res, 65, $value , $signingkeyindex);

Default Value

''

Remarks

The key protection password.

The $signingkeyindex parameter specifies the index of the item in the array. The size of the array is controlled by the SigningKeyCount property.

This property is not available at design time.

Data Type

String

SigningKeyPassphraseValid Property (SecureBlackbox_PGPWriter Class)

Use this property to check whether the specified Passphrase is valid and can be used to unlock the secret key.

Object Oriented Interface

public function getSigningKeyPassphraseValid($signingkeyindex);

Procedural Interface

secureblackbox_pgpwriter_get($res, 66 , $signingkeyindex);

Default Value

false

Remarks

Use this property to check whether the specified SigningKeyPassphrase is valid and can be used to unlock the secret key.

The $signingkeyindex parameter specifies the index of the item in the array. The size of the array is controlled by the SigningKeyCount property.

This property is read-only and not available at design time.

Data Type

Boolean

SigningKeyUsername Property (SecureBlackbox_PGPWriter Class)

Specifies the name of the user bound to this key.

Object Oriented Interface

public function getSigningKeyUsername($signingkeyindex);

Procedural Interface

secureblackbox_pgpwriter_get($res, 72 , $signingkeyindex);

Default Value

''

Remarks

Specifies the name of the user bound to this key.

The PGP username is typically represented with a full name and an email address, but generally can be any non-empty string.

The $signingkeyindex parameter specifies the index of the item in the array. The size of the array is controlled by the SigningKeyCount property.

This property is read-only and not available at design time.

Data Type

String

Timestamp Property (SecureBlackbox_PGPWriter Class)

The date and time of the last modification of the protected data file (in UTC).

Object Oriented Interface

public function getTimestamp();
public function setTimestamp($value);

Procedural Interface

secureblackbox_pgpwriter_get($res, 75 );
secureblackbox_pgpwriter_set($res, 75, $value );

Default Value

''

Remarks

Use this property to set a timestamp for the data being protected.

Data Type

String

ClearTextSign Method (SecureBlackbox_PGPWriter Class)

Creates a cleartext signature over the provided data.

Object Oriented Interface

public function doClearTextSign();

Procedural Interface

secureblackbox_pgpwriter_do_cleartextsign($res);

Remarks

Call this method to create a cleartext signature over the provided data buffer (InputBytes). Only textual data can be signed in cleartext.

Pass the signing key(s) via SigningKeys property.

Config Method (SecureBlackbox_PGPWriter Class)

Sets or retrieves a configuration setting.

Object Oriented Interface

public function doConfig($configurationstring);

Procedural Interface

secureblackbox_pgpwriter_do_config($res, $configurationstring);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

DoAction Method (SecureBlackbox_PGPWriter Class)

Performs an additional action.

Object Oriented Interface

public function doDoAction($actionid, $actionparams);

Procedural Interface

secureblackbox_pgpwriter_do_doaction($res, $actionid, $actionparams);

Remarks

DoAction is a generic method available in every class. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insensitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

Common ActionIDs:

Encrypt Method (SecureBlackbox_PGPWriter Class)

Encrypts data.

Object Oriented Interface

public function doEncrypt();

Procedural Interface

secureblackbox_pgpwriter_do_encrypt($res);

Remarks

Use this method to encrypt input data from a byte array (InputBytes), a file (InputFile) or a stream (InputStream) and get the protected message in another byte array (OutputBytes), or another file (OutputFile), or another stream (OutputStream).

Specify encryption keys in EncryptingKeys property, and/or encryption password via Passphrase property.

EncryptAndSign Method (SecureBlackbox_PGPWriter Class)

Encrypts and signs data.

Object Oriented Interface

public function doEncryptAndSign();

Procedural Interface

secureblackbox_pgpwriter_do_encryptandsign($res);

Remarks

Use this method to encrypt and sign a byte array (InputBytes), a file (InputFile) or a stream (InputStream) and get the protected message in another byte array (OutputBytes), or another file (OutputFile), or another stream (OutputStream).

Specify encryption keys in EncryptingKeys property, and/or encryption password via Passphrase property. Use SigningKeys to provide the signing keys.

Please note that you might need to provide a passphrase to decrypt your signing key. This can be done via KeyPassphraseNeeded event, or by assigning the passphrase to the key object's Passphrase property.

Reset Method (SecureBlackbox_PGPWriter Class)

Resets the class settings.

Object Oriented Interface

public function doReset();

Procedural Interface

secureblackbox_pgpwriter_do_reset($res);

Remarks

Reset is a generic method available in every class.

Sign Method (SecureBlackbox_PGPWriter Class)

Signs data.

Object Oriented Interface

public function doSign($detached);

Procedural Interface

secureblackbox_pgpwriter_do_sign($res, $detached);

Remarks

Use this method to sign a byte array (InputBytes), a file (InputFile) or a stream (InputStream) and get the signed message in another byte array (OutputBytes), or another file (OutputFile), or another stream (OutputStream).

Use SigningKeys to provide the signing keys.

Please note that you might need to provide a passphrase to decrypt your signing key. This can be done via KeyPassphraseNeeded event, or by assigning the passphrase to the key object's Passphrase property.

Error Event (SecureBlackbox_PGPWriter Class)

Information about errors during PGP encryption.

Object Oriented Interface

public function fireError($param);

Procedural Interface

secureblackbox_pgpwriter_register_callback($res, 1, array($this, 'fireError'));

Parameter List

 'errorcode'
 'description'

Remarks

The event is fired in case of exceptional conditions during data encryption or signing.

ErrorCode contains an error code and Description contains a textual description of the error.

ExternalSign Event (SecureBlackbox_PGPWriter Class)

Handles remote or external signing initiated by the SignExternal method or other source.

Object Oriented Interface

public function fireExternalSign($param);

Procedural Interface

secureblackbox_pgpwriter_register_callback($res, 2, array($this, 'fireExternalSign'));

Parameter List

 'operationid'
 'hashalgorithm'
 'pars'
 'data'
 'signeddata'

Remarks

Assign a handler to this event if you need to delegate a low-level signing operation to an external, remote, or custom signing engine. Depending on the settings, the handler will receive a hashed or unhashed value to be signed.

The event handler must pass the value of Data to the signer, obtain the signature, and pass it back to the class via the SignedData parameter.

OperationId provides a comment about the operation and its origin. It depends on the exact class being used, and may be empty. HashAlgorithm specifies the hash algorithm being used for the operation, and Pars contains algorithm-dependent parameters.

The class uses base16 (hex) encoding for the Data, SignedData, and Pars parameters. If your signing engine uses a different input and output encoding, you may need to decode and/or encode the data before and/or after the signing.

A sample MD5 hash encoded in base16: a0dee2a0382afbb09120ffa7ccd8a152 - lower case base16 A0DEE2A0382AFBB09120FFA7CCD8A152 - upper case base16

A sample event handler that uses the .NET RSACryptoServiceProvider class may look like the following:

 
 Copy
signer.OnExternalSign += (s, e) =>
{
       var cert = new X509Certificate2("cert.pfx", "", X509KeyStorageFlags.Exportable);
       var key = (RSACryptoServiceProvider)cert.PrivateKey;

       var dataToSign = e.Data.FromBase16String();
       var signedData = key.SignHash(dataToSign, "2.16.840.1.101.3.4.2.1");
       e.SignedData = signedData.ToBase16String();
};

KeyPassphraseNeeded Event (SecureBlackbox_PGPWriter Class)

Requests a key protection password from the application.

Object Oriented Interface

public function fireKeyPassphraseNeeded($param);

Procedural Interface

secureblackbox_pgpwriter_register_callback($res, 3, array($this, 'fireKeyPassphraseNeeded'));

Parameter List

 'keyid'
 'userid'
 'mainkey'
 'passphrase'
 'skip'

Remarks

The class fires this event to request a secret key passphrase from the application. Note that this event asks for a key protection passphrase rather than a message protection passphrase. The class fires it when it attempts to use a secret key to sign the data.

This event is fired for every protected secret key residing in SigningKeys. KeyID specifies the key for which the password is requested, and UserID identifies its user. MainKey tells whether the key is a master key or a subkey.

The handler should provide password via the Passphrase parameter, or set Skip to True to skip this key.

For each key KeyPassphraseNeeded is called in a loop until the correct password is provided or the maximum number of password attempts reached.

Notification Event (SecureBlackbox_PGPWriter Class)

This event notifies the application about an underlying control flow event.

Object Oriented Interface

public function fireNotification($param);

Procedural Interface

secureblackbox_pgpwriter_register_callback($res, 4, array($this, 'fireNotification'));

Parameter List

 'eventid'
 'eventparam'

Remarks

The class fires this event to let the application know about some event, occurrence, or milestone in the class. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the class, the exact action it is performing, or the document being processed, one or both may be omitted.

Progress Event (SecureBlackbox_PGPWriter Class)

Reports the progress of the decryption operation.

Object Oriented Interface

public function fireProgress($param);

Procedural Interface

secureblackbox_pgpwriter_register_callback($res, 5, array($this, 'fireProgress'));

Parameter List

 'current'
 'total'
 'cancel'

Remarks

The class fires this event repeatedly to report the progress of the file protection operation.

Current indicates the amount of processed data in bytes, and Total is the total number of bytes to be processed. Use Cancel to terminate the protection process.

Config Settings (PGPWriter Class)

PGPWriter Config Settings

Base Config Settings

 
 Copy
PKICache=certificate,crl,ocsp

 
 Copy
PKICachePath=C:\Temp\cache

 
 Copy
Config("XMLRDNDescriptorName[OID]=PrimaryName,Alias1,Alias2");

 
 Copy
Config("XMLRDNDescriptorName[2.5.4.5]=SERIALNUMBER");

 
 Copy
Config("XMLRDNDescriptorName[1.2.840.113549.1.9.1]=E,EMAIL,EMAILADDRESS");

Trappable Errors (PGPWriter Class)

PGPWriter Errors