CryptoSysPKI Namespace
======================
A .NET interface to CryptoSys PKI.
Classes
-------
| Class | Description |
| ----------------- | ------------------------------------------------------------------------------------------------- |
| [Asn1](#asn1_asn1) | ASN.1 utilities |
| [Cipher](#cipher_cipher) | Generic Block Cipher |
| [Cms](#cms_cms) | Create, read and analyze Cryptographic Message Syntax (CMS) objects. |
| [Cnv](#cnv_cnv) | Character conversion routines |
| [Compr](#compr_compr) | Compression utilities |
| [Ecc](#ecc_ecc) | Elliptic curve cryptography |
| [General](#general_general) | General info about the core DLL and errors returned by it. |
| [Hash](#hash_hash) | Message Digest Hash Functions |
| [HexExtension](#hexextension_hexextension) | Extension methods for hex conversion |
| [Hmac](#hmac_hmac) | Keyed-hash based message authentication code (HMAC) functions |
| [Hpke](#hpke_hpke) | Hybrid Public Key Encryption functions (HPKE) |
| [Kdf](#kdf_kdf) | Key derivation functions (KDF) |
| [Ocsp](#ocsp_ocsp) | Online Certificate Status Protocol (OCSP) |
| [Pbe](#pbe_pbe) | Password-based encryption |
| [Pem](#pem_pem) | PEM file conversion routines |
| [Pfx](#pfx_pfx) | PKCS-12 (PFX) File Functions |
| [Prf](#prf_prf) | Pseudorandom function (PRF) methods. |
| [Pwd](#pwd_pwd) | Password Dialog Functions |
| [Rng](#rng_rng) | Random Number Generator to NIST SP800-90 |
| [Rsa](#rsa_rsa) | RSA Encryption and Public Key Functions |
| [Sig](#sig_sig) | Signature creation and verification |
| [Smime](#smime_smime) | S/MIME utilities |
| [Tdea](#tdea_tdea) | Triple DES Cipher (3DES, TDEA) [deprecated: use Cipher() class with CipherAlgorithm.Tdea instead] |
| [Wipe](#wipe_wipe) | Data Wiping Functions |
| [X509](#x509_x509) | X.509 Certificate Functions |
| [Xof](#xof_xof) | Extendable-output function (XOF) methods. |
Enumerations
------------
| Enumeration | Description |
| ---------------------------- | ---------------------------------------------------------------------------- |
| [AeadAlgorithm](#aeadalgorithm_aeadalgorithm) | Authenticated encryption algorithm. |
| [Asn1.Options](#asn1_options_asn1-options) | Options for ASN.1 methods |
| [Cipher.Opts](#cipher_opts_cipher-opts) | Advanced options |
| [CipherAlgorithm](#cipheralgorithm_cipheralgorithm) | Block Cipher Algorithm |
| [Cms.ComprDataOptions](#cms_comprdataoptions_cms-comprdataoptions) | Advanced options for CMS compressed-data objects |
| [Cms.ContentEncrAlg](#cms_contentencralg_cms-contentencralg) | Content encryption algorithm. |
| [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions) | Advanced options for CMS enveloped-data objects. |
| [Cms.Format](#cms_format_cms-format) | Output format. |
| [Cms.KeyEncrAlgorithm](#cms_keyencralgorithm_cms-keyencralgorithm) | Key encryption algorithm. |
| [Cms.ReadOptions](#cms_readoptions_cms-readoptions) | Options for reading CMS objects. |
| [Cms.SigAlg](#cms_sigalg_cms-sigalg) | Signature algorithm for CMS signed-data objects. |
| [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions) | Advanced options for CMS signed-data objects |
| [Cnv.EncodingConversion](#cnv_encodingconversion_cnv-encodingconversion) | Conversion directions for ByteEncoding. |
| [Cnv.EndianNess](#cnv_endianness_cnv-endianness) | Byte order. |
| [Ecc.CurveName](#ecc_curvename_ecc-curvename) | Supported curve names. |
| [Ecc.Format](#ecc_format_ecc-format) | Format for output files. |
| [Ecc.KeyType](#ecc_keytype_ecc-keytype) | Key type for unencrypted key file. |
| [Ecc.PbeScheme](#ecc_pbescheme_ecc-pbescheme) | Password-based encryption scheme to encrypt the private key file. |
| [EncodingBase](#encodingbase_encodingbase) | Base for encoding methods |
| [HashAlgorithm](#hashalgorithm_hashalgorithm) | Message Digest Hash Algorithm |
| [Hpke.AeadAlg](#hpke_aeadalg_hpke-aeadalg) | AEAD functions supported for HPKE |
| [Hpke.CurveName](#hpke_curvename_hpke-curvename) | Supported ECDH curves for HPKE |
| [Hpke.OutputOpts](#hpke_outputopts_hpke-outputopts) | Options to format or re-encode output. |
| [Kdf.HashAlg](#kdf_hashalg_kdf-hashalg) | Hash algorithms for KDF |
| [Kdf.KdfAlg](#kdf_kdfalg_kdf-kdfalg) | Key derivation functions |
| [Kdf.KeyWrapAlg](#kdf_keywrapalg_kdf-keywrapalg) | Key wrap algorithms for KDF |
| [Mode](#mode_mode) | Cipher Mode |
| [Padding](#padding_padding) | Block Cipher Padding |
| [Pfx.Options](#pfx_options_pfx-options) | Specialist options. |
| [Prf.Alg](#prf_alg_prf-alg) | Pseudorandom function (PRF) algorithm. |
| [Rng.Options](#rng_options_rng-options) | Rng options |
| [Rng.Strength](#rng_strength_rng-strength) | Required security strength for user-prompted entropy |
| [Rsa.AdvOptions](#rsa_advoptions_rsa-advoptions) | Advanced options. |
| [Rsa.EME](#rsa_eme_rsa-eme) | Encoding method for encryption. |
| [Rsa.Format](#rsa_format_rsa-format) | Format for saved RSA key. |
| [Rsa.HashAlg](#rsa_hashalg_rsa-hashalg) | Hash function for OAEP encoding. |
| [Rsa.PbeOptions](#rsa_pbeoptions_rsa-pbeoptions) | Password-based encryption scheme to be used to encrypt the private key file. |
| [Rsa.PublicExponent](#rsa_publicexponent_rsa-publicexponent) | Choices for public exponent (e) |
| [Rsa.XmlOptions](#rsa_xmloptions_rsa-xmloptions) | Options when converting between internal RSA key and XML. |
| [Sig.Encoding](#sig_encoding_sig-encoding) | Encodings for signature output. |
| [Sig.SigOptions](#sig_sigoptions_sig-sigoptions) | Specialist options for signatures. |
| [Sig.VerifyOpts](#sig_verifyopts_sig-verifyopts) | Specialist options for verifying a signature. |
| [SigAlgorithm](#sigalgorithm_sigalgorithm) | Signature algorithm |
| [Smime.Options](#smime_options_smime-options) | Options for S/MIME methods |
| [Wipe.Options](#wipe_options_wipe-options) | Wipe options. |
| [X509.CertOptions](#x509_certoptions_x509-certoptions) | Options to create X.509 certificate. |
| [X509.CrlOptions](#x509_crloptions_x509-crloptions) | Options to create Certificate Revocation List (CRL) |
| [X509.CsrOptions](#x509_csroptions_x509-csroptions) | Options to create PKCS#10 certificate signing request (CSR) |
| [X509.KeyUsageOptions](#x509_keyusageoptions_x509-keyusageoptions) | Options for key usage in certificate |
| [X509.OutputOpts](#x509_outputopts_x509-outputopts) | Options to format or re-encode output. |
| [Xof.Alg](#xof_alg_xof-alg) | eXtendable-Output Function (XOF) algorithm. |
Asn1 Class
==========
ASN.1 utilities
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Asn1**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Asn1
```
The **Asn1** type exposes the following members.
Methods
-------
| Name | Description |
| --------------------- | ------------------------------------------------------------ |
| [TextDump](#asn1_textdump) | Dump details of an ASN.1 formatted data file to a text file. |
| [TextDumpToString](#asn1_textdumptostring) | Dump details of ASN.1 formatted data to a string. |
| [Type](#asn1_type) | Describe the type of ASN.1 data. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Asn1.TextDump Method
====================
Dump details of an ASN.1 formatted data file to a text file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int TextDump(
string outputFile,
string fileOrPEMString,
Asn1.Options options = Asn1.Options.Default
)
```
#### Parameters
##### *outputFile* String
Filename of text file to be created
##### *fileOrPEMString* String
Filename of ASN.1 formatted data file to be analyzed (or a string containing its base64 or PEM representation)
##### *options* [Asn1.Options](#asn1_options_asn1-options) (Optional)
Option flags (optional)
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
See Also
--------
[Asn1 Class](#asn1_asn1)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.ErrorLookup Method
==========================
Return a description of an error code.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ErrorLookup(
int errCode
)
```
#### Parameters
##### *errCode* Int32
Code number
#### Return Value
String
Corresponding error message
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Asn1.TextDumpToString Method
============================
Dump details of ASN.1 formatted data to a string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string TextDumpToString(
string fileOrPEMString,
Asn1.Options options = Asn1.Options.Default
)
```
#### Parameters
##### *fileOrPEMString* String
Filename of ASN.1 formatted data file to be analyzed (or a string containing its base64 or PEM representation)
##### *options* [Asn1.Options](#asn1_options_asn1-options) (Optional)
Option flags: set as zero for defaults.
#### Return Value
String
String containing the output.
Remarks
-------
This function creates a temporary file in the system `TEMP` directory. This file is locked and is automatically deleted after use.
Example
-------
```csharp
// Very simple ASN.1 data encoded in base64
string s = Asn1.TextDumpToString("MAQwAgUA");
Debug.Assert(s.Length > 0, "Asn1.TextDumpToString failed");
Console.WriteLine(s);
/*
30 04 --SEQUENCE/4 bytes
30 02 --SEQUENCE/2 bytes
05 00 --NULL/0 bytes
--(6 bytes) */
// An X.509 certificate file
s = Asn1.TextDumpToString("smallca.cer");
Console.WriteLine(s);
/*
30 81 e0 --SEQUENCE/224 bytes
30 81 9a --SEQUENCE/154 bytes
02 01 --INTEGER/1 bytes
01
30 0d --SEQUENCE/13 bytes
06 09 --OBJECTIDENTIFIER/9 bytes
2a 86 48 86 f7 0d 01 01 05
--sha1WithRSAEncryption (1.2.840.113549.1.1.5)
05 00 --NULL/0 bytes
30 0c --SEQUENCE/12 bytes
31 0a --SET/10 bytes
30 08 --SEQUENCE/8 bytes
06 03 --OBJECTIDENTIFIER/3 bytes
55 04 03
--commonName (2.5.4.3)
13 01 --PRINTABLESTRING/1 bytes
41
--'A'
[===cut===]
30 0d --SEQUENCE/13 bytes
06 09 --OBJECTIDENTIFIER/9 bytes
2a 86 48 86 f7 0d 01 01 05
--sha1WithRSAEncryption (1.2.840.113549.1.1.5)
05 00 --NULL/0 bytes
03 32 --BITSTRING/50 bytes
00 --0 unused bits
01 9a 9b b2 ec b9 cd fd 66 c6 94 5b 2e d6 96 dc
32 87 68 da 5e 6f 2e 5d 5a 7f e6 09 2e 60 8f 8c
45 a5 18 7e 06 1c e9 81 aa ea d6 f2 e3 14 7d 25
91
--(227 bytes) */
```
See Also
--------
[Asn1 Class](#asn1_asn1)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Asn1.Type Method
================
Describe the type of ASN.1 data.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string Type(
string fileOrPEMString
)
```
#### Parameters
##### *fileOrPEMString* String
Filename of ASN.1 formatted data file to be analyzed (or a string containing its base64 or PEM representation)
#### Return Value
String
String containing the name of the type of ASN.1 data or the empty string if not found
Remarks
-------
The output is a string describing the most likely type of the ASN.1-formatted data, or an empty string ("") if the type cannot be determined. The following types are detected:
| Output string value | ASN.1 object type | Reference |
| --------------------------- | ----------------------- | ------------------ |
| EC PRIVATE KEY | ECPrivateKey | [RFC5915] |
| EC PRIVATE KEY | ECPrivateKey | [RFC5915] |
| OCSP REQUEST | OCSPRequest | [RFC6960] |
| OCSP RESPONSE | OCSPResponse | [RFC6960] |
| PKCS1 RSA PRIVATE KEY | RSAPrivateKey | [RFC3447] |
| PKCS1 RSA PUBLIC KEY | RSAPublicKey | [RFC3447] |
| PKCS10 CERTIFICATE REQUEST | CertificationRequest | [RFC2986] |
| PKCS12 PFX | PFX | [RFC7292] |
| PKCS7 CERTIFICATE CHAIN | ContentInfo | [RFC5652] |
| PKCS7/CMS COMPRESSED DATA | ContentInfo | [RFC3274] |
| PKCS7/CMS DATA | ContentInfo | [RFC5652] |
| PKCS7/CMS ENVELOPED DATA | ContentInfo | [RFC5652] |
| CMS AUTH ENVELOPED DATA | ContentInfo | [RFC5083] |
| PKCS7/CMS SIGNED DATA | ContentInfo | [RFC5652] |
| PKCS8 ENCRYPTED PRIVATE KEY | EncryptedPrivateKeyInfo | [RFC5208][RFC5958] |
| PKCS8 PRIVATE KEY INFO | PrivateKeyInfo | [RFC5208][RFC5958] |
| PKCS8 ONE ASYMMETRIC KEY | OneAsymmetricKey | [RFC5958] |
| PUBLIC KEY INFO | SubjectPublicKeyInfo | [RFC3279][RFC5480] |
| X509 CERTIFICATE | Certificate | [RFC5280] |
| X509 CRL | CertificateList | [RFC5280] |
Note that these descriptions are not necessarily those used as labels for PEM formatted files defined in [RFC7468].
Example
-------
```csharp
Console.WriteLine("Print type names of various ASN.1 data files...");
string fname, s;
fname = "smallca.cer";
s = Asn1.Type(fname);
Console.WriteLine("Asn1.Type('" + fname + "')=" + s);
// Asn1.Type('smallca.cer')=X509 CERTIFICATE
fname = "AlicePrivRSASign.p8e";
s = Asn1.Type(fname);
Console.WriteLine("Asn1.Type('" + fname + "')=" + s);
// Asn1.Type('AlicePrivRSASign.p8e')=PKCS8 ENCRYPTED PRIVATE KEY
```
See Also
--------
[Asn1 Class](#asn1_asn1)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher Class
============
Generic Block Cipher
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Cipher**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Cipher
```
The **Cipher** type exposes the following members.
Methods
-------
| Name | Description |
| ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
| [BlockBytes](#cipher_blockbytes) | Return the block size in bytes for a given cipher algorithm. |
| [Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode)](#cipher_decrypt-byte-byte-byte-cipheralgorithm-mode) | Decrypt data block in byte array. |
| [Decrypt(String, String, String, CipherAlgorithm, Mode)](#cipher_decrypt-string-string-string-cipheralgorithm-mode) | Decrypt data block as hex-encoded string. |
| [Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_decrypt-byte-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Decrypt data in a byte array using the specified block cipher algorithm, mode and padding. |
| [Decrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_decrypt-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Decrypt hex-encoded data using specified block cipher algorithm, mode and padding. |
| [DecryptAEAD(Byte[], Byte[], Byte[], AeadAlgorithm)](#cipher_decryptaead-byte-byte-byte-aeadalgorithm) | Decrypt data using the AES-GCM authenticated encryption algorithm. |
| [DecryptAEAD(Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts)](#cipher_decryptaead-byte-byte-byte-byte-aeadalgorithm-cipher-opts) | Decrypt data using the AES-GCM authenticated encryption algorithm with AAD and options. |
| [Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode)](#cipher_encrypt-byte-byte-byte-cipheralgorithm-mode) | Encrypt data block in byte array. |
| [Encrypt(String, String, String, CipherAlgorithm, Mode)](#cipher_encrypt-string-string-string-cipheralgorithm-mode) | Encrypt data block as hex-encoded string. |
| [Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_encrypt-byte-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Encrypt data in a byte array using the specified block cipher algorithm, mode and padding. |
| [Encrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_encrypt-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Encrypt hex-encoded data using specified block cipher algorithm, mode and padding. |
| [EncryptAEAD(Byte[], Byte[], Byte[], AeadAlgorithm)](#cipher_encryptaead-byte-byte-byte-aeadalgorithm) | Encrypt data using the AES-GCM authenticated encryption algorithm. |
| [EncryptAEAD(Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts)](#cipher_encryptaead-byte-byte-byte-byte-aeadalgorithm-cipher-opts) | Encrypt data using the AES-GCM authenticated encryption algorithm with AAD and options. |
| [FileDecrypt(String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_filedecrypt-string-string-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Decrypt a file. |
| [FileDecrypt(String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_filedecrypt-string-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Decrypt a file passing key and IV as hex strings. |
| [FileEncrypt(String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_fileencrypt-string-string-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Encrypt a file. |
| [FileEncrypt(String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_fileencrypt-string-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Encrypt a file passing key and IV as hex strings. |
| [KeyBytes](#cipher_keybytes) | Return the key size in bytes for a given cipher algorithm. |
| [KeyUnwrap](#cipher_keyunwrap) | Unwrap (decrypt) key material with a key-encryption key. |
| [KeyWrap](#cipher_keywrap) | Wrap (encrypt) key material with a key-encryption key. |
| [Pad(Byte[], CipherAlgorithm, Padding)](#cipher_pad-byte-cipheralgorithm-padding) | Pad byte array to correct length for ECB and CBC encryption. |
| [Pad(String, CipherAlgorithm, Padding)](#cipher_pad-string-cipheralgorithm-padding) | Pad hex-encoded string to correct length for ECB and CBC encryption. |
| [Unpad(Byte[], CipherAlgorithm, Padding)](#cipher_unpad-byte-cipheralgorithm-padding) | Remove padding from an encryption block. |
| [Unpad(String, CipherAlgorithm, Padding)](#cipher_unpad-string-cipheralgorithm-padding) | Remove padding from a hex-encoded encryption block. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.BlockBytes Method
========================
Return the block size in bytes for a given cipher algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int BlockBytes(
CipherAlgorithm alg
)
```
#### Parameters
##### *alg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher algorithm
#### Return Value
Int32
Block size in bytes
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode) Method
====================================================================
Decrypt data block in byte array.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
| **Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode)** | Decrypt data block in byte array. |
| [Decrypt(String, String, String, CipherAlgorithm, Mode)](#cipher_decrypt-string-string-string-cipheralgorithm-mode) | Decrypt data block as hex-encoded string. |
| [Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_decrypt-byte-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Decrypt data in a byte array using the specified block cipher algorithm, mode and padding. |
| [Decrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_decrypt-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Decrypt hex-encoded data using specified block cipher algorithm, mode and padding. |
Syntax
------
```csharp
public static byte[] Decrypt(
byte[] input,
byte[] key,
byte[] iv,
CipherAlgorithm cipherAlg,
Mode mode
)
```
#### Parameters
##### *input* Byte[]
Input data to be decrypted
##### *key* Byte[]
Key of exact length for block cipher algorithm
##### *iv* Byte[]
Initialization Vector (IV) of exactly the block size or `null` for ECB mode
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher algorithm
##### *mode* [Mode](#mode_mode)
Cipher mode
#### Return Value
Byte[]
Decrypted data in byte array or empty array on error
Remarks
-------
For ECB and CBC modes, input data length **must** be an exact multiple of the block length.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Decrypt(String, String, String, CipherAlgorithm, Mode) Method
====================================================================
Decrypt data block as hex-encoded string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
| [Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode)](#cipher_decrypt-byte-byte-byte-cipheralgorithm-mode) | Decrypt data block in byte array. |
| **Decrypt(String, String, String, CipherAlgorithm, Mode)** | Decrypt data block as hex-encoded string. |
| [Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_decrypt-byte-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Decrypt data in a byte array using the specified block cipher algorithm, mode and padding. |
| [Decrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_decrypt-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Decrypt hex-encoded data using specified block cipher algorithm, mode and padding. |
Syntax
------
```csharp
public static string Decrypt(
string inputHex,
string keyHex,
string ivHex,
CipherAlgorithm cipherAlg,
Mode mode
)
```
#### Parameters
##### *inputHex* String
Hex-encoded input data
##### *keyHex* String
Hex-encoded key representing exact key length
##### *ivHex* String
Hex-encoded IV representing exact block length or `""` for ECB mode
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher Algorithm
##### *mode* [Mode](#mode_mode)
Cipher Mode
#### Return Value
String
Decrypted plaintext in hex-encoded string or empty string on error
Remarks
-------
For ECB and CBC modes, input data length **must** represent an exact multiple of the block length.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts) Method
==========================================================================================
Decrypt data in a byte array using the specified block cipher algorithm, mode and padding.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
| [Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode)](#cipher_decrypt-byte-byte-byte-cipheralgorithm-mode) | Decrypt data block in byte array. |
| [Decrypt(String, String, String, CipherAlgorithm, Mode)](#cipher_decrypt-string-string-string-cipheralgorithm-mode) | Decrypt data block as hex-encoded string. |
| **Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)** | Decrypt data in a byte array using the specified block cipher algorithm, mode and padding. |
| [Decrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_decrypt-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Decrypt hex-encoded data using specified block cipher algorithm, mode and padding. |
Syntax
------
```csharp
public static byte[] Decrypt(
byte[] input,
byte[] key,
byte[] iv,
CipherAlgorithm cipherAlg,
Mode mode,
Padding pad = Padding.Default,
Cipher.Opts opts = Cipher.Opts.Default
)
```
#### Parameters
##### *input* Byte[]
Input data to be decrypted
##### *key* Byte[]
Key of exact length for block cipher algorithm
##### *iv* Byte[]
Initialization Vector (IV) of exactly the block size, or `null` for ECB mode or if IV is prefixed.
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher algorithm
##### *mode* [Mode](#mode_mode)
Cipher mode
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use
##### *opts* [Cipher.Opts](#cipher_opts_cipher-opts) (Optional)
Advanced options. Use [Cipher.Opts.PrefixIV](#cipher_opts_cipher-opts-prefixiv) to expect the IV to be prepended to the input.
#### Return Value
Byte[]
Decrypted plaintext in byte array or empty array on error
Remarks
-------
Default padding is `Pkcs5` for ECB and CBC mode and `NoPad` for all other modes. It is an error if the specified padding is not found after decryption.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Decrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts) Method
==========================================================================================
Decrypt hex-encoded data using specified block cipher algorithm, mode and padding.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
| [Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode)](#cipher_decrypt-byte-byte-byte-cipheralgorithm-mode) | Decrypt data block in byte array. |
| [Decrypt(String, String, String, CipherAlgorithm, Mode)](#cipher_decrypt-string-string-string-cipheralgorithm-mode) | Decrypt data block as hex-encoded string. |
| [Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_decrypt-byte-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Decrypt data in a byte array using the specified block cipher algorithm, mode and padding. |
| **Decrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)** | Decrypt hex-encoded data using specified block cipher algorithm, mode and padding. |
Syntax
------
```csharp
public static string Decrypt(
string inputHex,
string keyHex,
string ivHex,
CipherAlgorithm cipherAlg,
Mode mode,
Padding pad = Padding.Default,
Cipher.Opts opts = Cipher.Opts.Default
)
```
#### Parameters
##### *inputHex* String
Hex-encoded input data
##### *keyHex* String
Hex-encoded key representing exact key length
##### *ivHex* String
Hex-encoded IV representing exact block length, or `""` for ECB mode or if IV is prefixed.
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher Algorithm
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use
##### *opts* [Cipher.Opts](#cipher_opts_cipher-opts) (Optional)
Advanced options. Use [Cipher.Opts.PrefixIV](#cipher_opts_cipher-opts-prefixiv) to expect the IV to be prepended to the input.
#### Return Value
String
Decrypted plaintex in hex-encoded string or empty string on error
Remarks
-------
Input data may be any even number of hex characters, but not zero. Default padding is `Pkcs5` for ECB and CBC mode and `NoPad` for all other modes.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.DecryptAEAD(Byte[], Byte[], Byte[], AeadAlgorithm) Method
================================================================
Decrypt data using the AES-GCM authenticated encryption algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ---------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| **DecryptAEAD(Byte[], Byte[], Byte[], AeadAlgorithm)** | Decrypt data using the AES-GCM authenticated encryption algorithm. |
| [DecryptAEAD(Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts)](#cipher_decryptaead-byte-byte-byte-byte-aeadalgorithm-cipher-opts) | Decrypt data using the AES-GCM authenticated encryption algorithm with AAD and options. |
Syntax
------
```csharp
public static byte[] DecryptAEAD(
byte[] input,
byte[] key,
byte[] iv,
AeadAlgorithm aeadAlg
)
```
#### Parameters
##### *input* Byte[]
Input data to be decrypted.
##### *key* Byte[]
Key of exact length for algorithm (16, 24 or 32 bytes).
##### *iv* Byte[]
Initialization Vector (IV) (aka nonce) exactly 12 bytes long.
##### *aeadAlg* [AeadAlgorithm](#aeadalgorithm_aeadalgorithm)
Authenticated encryption algorithm.
#### Return Value
Byte[]
Plaintext in a byte array, or empty array on error (an empty array may also be the correct result - check [General.ErrorCode](#general_general-errorcode) for details).
Remarks
-------
The input must include the 16-byte tag appended to the ciphertext. The output will be exactly 16 bytes shorter than the input. In all cases the IV must be exactly 12 bytes (96 bits) and the tag must be exactly 16 bytes (128 bits).
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.ErrorCode Method
========================
Return the [error code](#general_error-code) of the first error that occurred when calling the last function.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int ErrorCode()
```
#### Return Value
Int32
Error code
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.DecryptAEAD(Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts) Method
=====================================================================================
Decrypt data using the AES-GCM authenticated encryption algorithm with AAD and options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| [DecryptAEAD(Byte[], Byte[], Byte[], AeadAlgorithm)](#cipher_decryptaead-byte-byte-byte-aeadalgorithm) | Decrypt data using the AES-GCM authenticated encryption algorithm. |
| **DecryptAEAD(Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts)** | Decrypt data using the AES-GCM authenticated encryption algorithm with AAD and options. |
Syntax
------
```csharp
public static byte[] DecryptAEAD(
byte[] input,
byte[] key,
byte[] iv,
byte[] aad,
AeadAlgorithm aeadAlg,
Cipher.Opts opts
)
```
#### Parameters
##### *input* Byte[]
Input data to be decrypted.
##### *key* Byte[]
Key of exact length for algorithm (16, 24 or 32 bytes).
##### *iv* Byte[]
Initialization Vector (IV) (aka nonce) exactly 12 bytes long, if not provided in input.
##### *aad* Byte[]
Additional authenticated data (optional) - set as `null` to ignore.
##### *aeadAlg* [AeadAlgorithm](#aeadalgorithm_aeadalgorithm)
Authenticated encryption algorithm.
##### *opts* [Cipher.Opts](#cipher_opts_cipher-opts)
Advanced options. Use [Cipher.Opts.PrefixIV](#cipher_opts_cipher-opts-prefixiv) to expect the IV to be prepended at the start of the input.
#### Return Value
Byte[]
Plaintext in a byte array, or empty array on error (an empty array may also be the correct result - check [General.ErrorCode](#general_general-errorcode) for details).
Remarks
-------
The input must include the 16-byte tag appended to the ciphertext and may include a 12-byte prefixed IV. The output will either be exactly 16 bytes shorter than the input, or exactly 28 bytes shorter if the `Cipher.Opts.PrefixIV` option is used. In all cases the IV must be exactly 12 bytes (96 bits) and the tag must be exactly 16 bytes (128 bits). If additional authentication data (AAD) was provided during encryption then the exact same AAD data must be provided here.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode) Method
====================================================================
Encrypt data block in byte array.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
| **Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode)** | Encrypt data block in byte array. |
| [Encrypt(String, String, String, CipherAlgorithm, Mode)](#cipher_encrypt-string-string-string-cipheralgorithm-mode) | Encrypt data block as hex-encoded string. |
| [Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_encrypt-byte-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Encrypt data in a byte array using the specified block cipher algorithm, mode and padding. |
| [Encrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_encrypt-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Encrypt hex-encoded data using specified block cipher algorithm, mode and padding. |
Syntax
------
```csharp
public static byte[] Encrypt(
byte[] input,
byte[] key,
byte[] iv,
CipherAlgorithm cipherAlg,
Mode mode
)
```
#### Parameters
##### *input* Byte[]
Input data to be encrypted
##### *key* Byte[]
Key of exact length for block cipher algorithm
##### *iv* Byte[]
Initialization Vector (IV) of exactly the block size or `null` for ECB mode
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher algorithm
##### *mode* [Mode](#mode_mode)
Cipher mode
#### Return Value
Byte[]
Ciphertext in byte array or empty array on error
Remarks
-------
For ECB and CBC modes, input data length **must** be an exact multiple of the block length.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Encrypt(String, String, String, CipherAlgorithm, Mode) Method
====================================================================
Encrypt data block as hex-encoded string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
| [Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode)](#cipher_encrypt-byte-byte-byte-cipheralgorithm-mode) | Encrypt data block in byte array. |
| **Encrypt(String, String, String, CipherAlgorithm, Mode)** | Encrypt data block as hex-encoded string. |
| [Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_encrypt-byte-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Encrypt data in a byte array using the specified block cipher algorithm, mode and padding. |
| [Encrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_encrypt-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Encrypt hex-encoded data using specified block cipher algorithm, mode and padding. |
Syntax
------
```csharp
public static string Encrypt(
string inputHex,
string keyHex,
string ivHex,
CipherAlgorithm cipherAlg,
Mode mode
)
```
#### Parameters
##### *inputHex* String
Hex-encoded input data
##### *keyHex* String
Hex-encoded key representing exact key length
##### *ivHex* String
Hex-encoded IV representing exact block length or `""` for ECB mode
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher algorithm
##### *mode* [Mode](#mode_mode)
Cipher mode
#### Return Value
String
Ciphertext in hex-encoded string or empty string on error
Remarks
-------
For ECB and CBC modes, input data length **must** be an exact multiple of the block length.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts) Method
==========================================================================================
Encrypt data in a byte array using the specified block cipher algorithm, mode and padding.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
| [Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode)](#cipher_encrypt-byte-byte-byte-cipheralgorithm-mode) | Encrypt data block in byte array. |
| [Encrypt(String, String, String, CipherAlgorithm, Mode)](#cipher_encrypt-string-string-string-cipheralgorithm-mode) | Encrypt data block as hex-encoded string. |
| **Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)** | Encrypt data in a byte array using the specified block cipher algorithm, mode and padding. |
| [Encrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_encrypt-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Encrypt hex-encoded data using specified block cipher algorithm, mode and padding. |
Syntax
------
```csharp
public static byte[] Encrypt(
byte[] input,
byte[] key,
byte[] iv,
CipherAlgorithm cipherAlg,
Mode mode,
Padding pad = Padding.Default,
Cipher.Opts opts = Cipher.Opts.Default
)
```
#### Parameters
##### *input* Byte[]
Input data to be encrypted
##### *key* Byte[]
Key of exact length for block cipher algorithm
##### *iv* Byte[]
Initialization Vector (IV) of exactly the block size or `null` for ECB mode.
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher algorithm
##### *mode* [Mode](#mode_mode)
Cipher mode
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use
##### *opts* [Cipher.Opts](#cipher_opts_cipher-opts) (Optional)
Advanced options. Use [Cipher.Opts.PrefixIV](#cipher_opts_cipher-opts-prefixiv) to prepend the IV to the output.
#### Return Value
Byte[]
Ciphertext in byte array or empty array on error
Remarks
-------
Default padding is `Pkcs5` for ECB and CBC mode and `NoPad` for all other modes.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Encrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts) Method
==========================================================================================
Encrypt hex-encoded data using specified block cipher algorithm, mode and padding.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
| [Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode)](#cipher_encrypt-byte-byte-byte-cipheralgorithm-mode) | Encrypt data block in byte array. |
| [Encrypt(String, String, String, CipherAlgorithm, Mode)](#cipher_encrypt-string-string-string-cipheralgorithm-mode) | Encrypt data block as hex-encoded string. |
| [Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_encrypt-byte-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Encrypt data in a byte array using the specified block cipher algorithm, mode and padding. |
| **Encrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)** | Encrypt hex-encoded data using specified block cipher algorithm, mode and padding. |
Syntax
------
```csharp
public static string Encrypt(
string inputHex,
string keyHex,
string ivHex,
CipherAlgorithm cipherAlg,
Mode mode,
Padding pad = Padding.Default,
Cipher.Opts opts = Cipher.Opts.Default
)
```
#### Parameters
##### *inputHex* String
Hex-encoded input data
##### *keyHex* String
Hex-encoded key representing exact key length
##### *ivHex* String
Hex-encoded IV representing exact block length or `""` for ECB mode
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher Algorithm
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use (optional)
##### *opts* [Cipher.Opts](#cipher_opts_cipher-opts) (Optional)
Advanced options. Use [Cipher.Opts.PrefixIV](#cipher_opts_cipher-opts-prefixiv) to prepend the IV to the output.
#### Return Value
String
Encrypted ciphertext in hex-encoded string or empty string on error
Remarks
-------
Input data may be any even number of hex characters, but not zero. Default padding is `Pkcs5` for ECB and CBC mode and `NoPad` for all other modes.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.EncryptAEAD(Byte[], Byte[], Byte[], AeadAlgorithm) Method
================================================================
Encrypt data using the AES-GCM authenticated encryption algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ---------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| **EncryptAEAD(Byte[], Byte[], Byte[], AeadAlgorithm)** | Encrypt data using the AES-GCM authenticated encryption algorithm. |
| [EncryptAEAD(Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts)](#cipher_encryptaead-byte-byte-byte-byte-aeadalgorithm-cipher-opts) | Encrypt data using the AES-GCM authenticated encryption algorithm with AAD and options. |
Syntax
------
```csharp
public static byte[] EncryptAEAD(
byte[] input,
byte[] key,
byte[] iv,
AeadAlgorithm aeadAlg
)
```
#### Parameters
##### *input* Byte[]
Input data to be encrypted.
##### *key* Byte[]
Key of exact length for algorithm (16, 24 or 32 bytes).
##### *iv* Byte[]
Initialization Vector (IV) (aka nonce) exactly 12 bytes long.
##### *aeadAlg* [AeadAlgorithm](#aeadalgorithm_aeadalgorithm)
Authenticated encryption algorithm.
#### Return Value
Byte[]
Ciphertext with tag appended in a byte array, or empty array on error.
Remarks
-------
The output will be exactly 16 bytes longer than the input.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.EncryptAEAD(Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts) Method
=====================================================================================
Encrypt data using the AES-GCM authenticated encryption algorithm with AAD and options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| [EncryptAEAD(Byte[], Byte[], Byte[], AeadAlgorithm)](#cipher_encryptaead-byte-byte-byte-aeadalgorithm) | Encrypt data using the AES-GCM authenticated encryption algorithm. |
| **EncryptAEAD(Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts)** | Encrypt data using the AES-GCM authenticated encryption algorithm with AAD and options. |
Syntax
------
```csharp
public static byte[] EncryptAEAD(
byte[] input,
byte[] key,
byte[] iv,
byte[] aad,
AeadAlgorithm aeadAlg,
Cipher.Opts opts
)
```
#### Parameters
##### *input* Byte[]
Input data to be encrypted.
##### *key* Byte[]
Key of exact length for algorithm (16, 24 or 32 bytes).
##### *iv* Byte[]
Initialization Vector (IV) (aka nonce) exactly 12 bytes long.
##### *aad* Byte[]
Additional authenticated data (optional) - set as `null` to ignore.
##### *aeadAlg* [AeadAlgorithm](#aeadalgorithm_aeadalgorithm)
Authenticated encryption algorithm.
##### *opts* [Cipher.Opts](#cipher_opts_cipher-opts)
Advanced options. Use [Cipher.Opts.PrefixIV](#cipher_opts_cipher-opts-prefixiv) to prepend the 12-byte IV to the output
#### Return Value
Byte[]
Ciphertext with tag appended in a byte array, or empty array on error.
Remarks
-------
The output will either be exactly 16 bytes longer than the input, or exactly 28 bytes longer if `Cipher.Opts.PrefixIV` is used.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.FileDecrypt(String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts) Method
======================================================================================================
Decrypt a file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------------------- | ------------------------------------------------- |
| **FileDecrypt(String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)** | Decrypt a file. |
| [FileDecrypt(String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_filedecrypt-string-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Decrypt a file passing key and IV as hex strings. |
Syntax
------
```csharp
public static int FileDecrypt(
string fileOut,
string fileIn,
byte[] key,
byte[] iv,
CipherAlgorithm cipherAlg,
Mode mode,
Padding pad = Padding.Default,
Cipher.Opts opts = Cipher.Opts.Default
)
```
#### Parameters
##### *fileOut* String
Name of output file to be created or overwritten
##### *fileIn* String
Name of input file
##### *key* Byte[]
Key of of exact length for block cipher algorithm
##### *iv* Byte[]
Initialization Vector (IV) of exactly the block size, or `null` for ECB mode or if IV is prefixed.
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher Algorithm
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use (optional, ECB and CBC modes only, default=`Pkcs5`)
##### *opts* [Cipher.Opts](#cipher_opts_cipher-opts) (Optional)
Advanced options. Use [Cipher.Opts.PrefixIV](#cipher_opts_cipher-opts-prefixiv) to expect the IV to be prepended to the input.
#### Return Value
Int32
0 if successful or non-zero [error code](#general_error-code)
Remarks
-------
`fileOut` and `fileIn` must **not** be the same
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.FileDecrypt(String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts) Method
======================================================================================================
Decrypt a file passing key and IV as hex strings.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------------------- | ------------------------------------------------- |
| [FileDecrypt(String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_filedecrypt-string-string-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Decrypt a file. |
| **FileDecrypt(String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)** | Decrypt a file passing key and IV as hex strings. |
Syntax
------
```csharp
public static int FileDecrypt(
string fileOut,
string fileIn,
string keyHex,
string ivHex,
CipherAlgorithm cipherAlg,
Mode mode,
Padding pad = Padding.Default,
Cipher.Opts opts = Cipher.Opts.Default
)
```
#### Parameters
##### *fileOut* String
Name of output file to be created or overwritten
##### *fileIn* String
Name of input file, in binary format.
##### *keyHex* String
Hex-encoded key of exact length
##### *ivHex* String
Hex-encoded IV, or `""` for ECB mode or if IV is prefixed.
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher Algorithm
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use (optional, ECB and CBC modes only, default=`Pkcs5`)
##### *opts* [Cipher.Opts](#cipher_opts_cipher-opts) (Optional)
Advanced options. Use [Cipher.Opts.PrefixIV](#cipher_opts_cipher-opts-prefixiv) to expect the IV to be prepended to the input.
#### Return Value
Int32
0 if successful or non-zero [error code](#general_error-code)
Remarks
-------
`fileOut` and `fileIn` must **not** be the same. The output file is in binary format.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.FileEncrypt(String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts) Method
======================================================================================================
Encrypt a file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------------------- | ------------------------------------------------- |
| **FileEncrypt(String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)** | Encrypt a file. |
| [FileEncrypt(String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_fileencrypt-string-string-string-string-cipheralgorithm-mode-padding-cipher-opts) | Encrypt a file passing key and IV as hex strings. |
Syntax
------
```csharp
public static int FileEncrypt(
string fileOut,
string fileIn,
byte[] key,
byte[] iv,
CipherAlgorithm cipherAlg,
Mode mode,
Padding pad = Padding.Default,
Cipher.Opts opts = Cipher.Opts.Default
)
```
#### Parameters
##### *fileOut* String
Name of output file to be created or overwritten
##### *fileIn* String
Name of input file
##### *key* Byte[]
Key of of exact length for block cipher algorithm
##### *iv* Byte[]
Initialization Vector (IV) of exactly the block size or `null` for ECB mode
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher Algorithm
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use (optional, ECB and CBC modes only, default=`Pkcs5`)
##### *opts* [Cipher.Opts](#cipher_opts_cipher-opts) (Optional)
Advanced options. Use [Cipher.Opts.PrefixIV](#cipher_opts_cipher-opts-prefixiv) to prepend the IV to the output.
#### Return Value
Int32
0 if successful or non-zero [error code](#general_error-code)
Remarks
-------
`fileOut` and `fileIn` must **not** be the same
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.FileEncrypt(String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts) Method
======================================================================================================
Encrypt a file passing key and IV as hex strings.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------------------- | ------------------------------------------------- |
| [FileEncrypt(String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)](#cipher_fileencrypt-string-string-byte-byte-cipheralgorithm-mode-padding-cipher-opts) | Encrypt a file. |
| **FileEncrypt(String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)** | Encrypt a file passing key and IV as hex strings. |
Syntax
------
```csharp
public static int FileEncrypt(
string fileOut,
string fileIn,
string keyHex,
string ivHex,
CipherAlgorithm cipherAlg,
Mode mode,
Padding pad = Padding.Default,
Cipher.Opts opts = Cipher.Opts.Default
)
```
#### Parameters
##### *fileOut* String
Name of output file to be created or overwritten
##### *fileIn* String
Name of input file, in binary format.
##### *keyHex* String
Hex-encoded key of exact length
##### *ivHex* String
Hex-encoded IV or `""` for ECB mode
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher Algorithm
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use (optional, ECB and CBC modes only, default=`Pkcs5`)
##### *opts* [Cipher.Opts](#cipher_opts_cipher-opts) (Optional)
Advanced options. Use [Cipher.Opts.PrefixIV](#cipher_opts_cipher-opts-prefixiv) to prepend the IV to the output.
#### Return Value
Int32
0 if successful or non-zero [error code](#general_error-code)
Remarks
-------
`fileOut` and `fileIn` must **not** be the same. The output file is in binary format.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.KeyBytes Method
======================
Return the key size in bytes for a given cipher algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int KeyBytes(
CipherAlgorithm alg
)
```
#### Parameters
##### *alg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Cipher algorithm
#### Return Value
Int32
Key size in bytes
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.KeyUnwrap Method
=======================
Unwrap (decrypt) key material with a key-encryption key.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] KeyUnwrap(
byte[] data,
byte[] kek,
CipherAlgorithm cipherAlg
)
```
#### Parameters
##### *data* Byte[]
Wrapped key
##### *kek* Byte[]
Key encryption key
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Block cipher to use for wrapping
#### Return Value
Byte[]
Unwrapped key material (or empty array on error)
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.KeyWrap Method
=====================
Wrap (encrypt) key material with a key-encryption key.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] KeyWrap(
byte[] data,
byte[] kek,
CipherAlgorithm cipherAlg
)
```
#### Parameters
##### *data* Byte[]
Key material to be wrapped
##### *kek* Byte[]
Key encryption key
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Block cipher to use for wrapping
#### Return Value
Byte[]
Wrapped key (or empty array on error)
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Pad(Byte[], CipherAlgorithm, Padding) Method
===================================================
Pad byte array to correct length for ECB and CBC encryption.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------ | -------------------------------------------------------------------- |
| **Pad(Byte[], CipherAlgorithm, Padding)** | Pad byte array to correct length for ECB and CBC encryption. |
| [Pad(String, CipherAlgorithm, Padding)](#cipher_pad-string-cipheralgorithm-padding) | Pad hex-encoded string to correct length for ECB and CBC encryption. |
Syntax
------
```csharp
public static byte[] Pad(
byte[] input,
CipherAlgorithm cipherAlg,
Padding pad = Padding.Pkcs5
)
```
#### Parameters
##### *input* Byte[]
Data to be padded
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Block cipher being used
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use (default is PKCS#5/#7)
#### Return Value
Byte[]
Padded data in byte array
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Pad(String, CipherAlgorithm, Padding) Method
===================================================
Pad hex-encoded string to correct length for ECB and CBC encryption.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------ | -------------------------------------------------------------------- |
| [Pad(Byte[], CipherAlgorithm, Padding)](#cipher_pad-byte-cipheralgorithm-padding) | Pad byte array to correct length for ECB and CBC encryption. |
| **Pad(String, CipherAlgorithm, Padding)** | Pad hex-encoded string to correct length for ECB and CBC encryption. |
Syntax
------
```csharp
public static string Pad(
string inputHex,
CipherAlgorithm cipherAlg,
Padding pad = Padding.Pkcs5
)
```
#### Parameters
##### *inputHex* String
Hex-encoded data to be padded
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Block cipher being used
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use (default is PKCS#5/#7)
#### Return Value
String
Padded data in hex-encoded string
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Unpad(Byte[], CipherAlgorithm, Padding) Method
=====================================================
Remove padding from an encryption block.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| -------------------------------------------- | --------------------------------------------------- |
| **Unpad(Byte[], CipherAlgorithm, Padding)** | Remove padding from an encryption block. |
| [Unpad(String, CipherAlgorithm, Padding)](#cipher_unpad-string-cipheralgorithm-padding) | Remove padding from a hex-encoded encryption block. |
Syntax
------
```csharp
public static byte[] Unpad(
byte[] input,
CipherAlgorithm cipherAlg,
Padding pad = Padding.Pkcs5
)
```
#### Parameters
##### *input* Byte[]
Padded data
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Block cipher being used
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use (default is PKCS#5/#7)
#### Return Value
Byte[]
Unpadded data in byte array.
Remarks
-------
Unless `pad` is `NoPad`, the unpadded output is always shorter than the padded input. An error is indicated by returning the original data. If the output length equals the input length, then error.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Unpad(String, CipherAlgorithm, Padding) Method
=====================================================
Remove padding from a hex-encoded encryption block.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| -------------------------------------------- | --------------------------------------------------- |
| [Unpad(Byte[], CipherAlgorithm, Padding)](#cipher_unpad-byte-cipheralgorithm-padding) | Remove padding from an encryption block. |
| **Unpad(String, CipherAlgorithm, Padding)** | Remove padding from a hex-encoded encryption block. |
Syntax
------
```csharp
public static string Unpad(
string inputHex,
CipherAlgorithm cipherAlg,
Padding pad = Padding.Pkcs5
)
```
#### Parameters
##### *inputHex* String
Hex-encoded padded data
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Block cipher being used
##### *pad* [Padding](#padding_padding) (Optional)
Padding method to use (default is PKCS#5/#7)
#### Return Value
String
Unpadded data in hex-encoded string.
Remarks
-------
Unless `pad` is `NoPad`, the unpadded output is always shorter than the padded input. An error is indicated by returning the original data. If the output length equals the input length, then error.
See Also
--------
[Cipher Class](#cipher_cipher)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms Class
=========
Create, read and analyze Cryptographic Message Syntax (CMS) objects.
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Cms**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Cms
```
The **Cms** type exposes the following members.
Methods
-------
| Name | Description |
| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
| [GetSigDataDigest](#cms_getsigdatadigest) | Extract the message digest from a signed-data CMS object file and verify the signature. |
| [GetSigHashAlgorithm](#cms_getsighashalgorithm) | Find ID of message digest hash algorithm used to make signature. |
| [MakeComprData](#cms_makecomprdata) | Create a new CMS compressed-data file (.p7z) from an existing input file. |
| [MakeDetachedSig](#cms_makedetachedsig) | Create a "detached signature" CMS signed-data object file from a **message digest** of the content (advanced algorithms). |
| [MakeEnvData(String, String, String, CipherAlgorithm, Cms.EnvDataOptions)](#cms_makeenvdata-string-string-string-cipheralgorithm-cms-envdataoptions) | Create a CMS enveloped-data object (default recipient parameters). |
| [MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)](#cms_makeenvdata-string-string-string-cipheralgorithm-cms-keyencralgorithm-hashalgorithm-cms-envdataoptions-kdf-kdfalg-kdf-keywrapalg-string-int32-cms-contentencralg) | Create a CMS enveloped-data object (advanced options). |
| [MakeEnvDataFromBytes](#cms_makeenvdatafrombytes) | Create a CMS enveloped-data object from data in a byte array. |
| [MakeEnvDataFromString(String, String, String, CipherAlgorithm, Cms.EnvDataOptions)](#cms_makeenvdatafromstring-string-string-string-cipheralgorithm-cms-envdataoptions) | Create a CMS enveloped-data object from an ASCII string (default recipient parameters). |
| [MakeEnvDataFromString(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)](#cms_makeenvdatafromstring-string-string-string-cipheralgorithm-cms-keyencralgorithm-hashalgorithm-cms-envdataoptions-kdf-kdfalg-kdf-keywrapalg-string-int32-cms-contentencralg) | Create a CMS enveloped-data object from an ASCII string (advanced options). |
| [MakeSigData(String, String, String, String, Cms.SigAlg, Cms.SigDataOptions)](#cms_makesigdata-string-string-string-string-cms-sigalg-cms-sigdataoptions) | Create a CMS object of type SignedData from an input data file (advanced options including RSA-PSS). |
| [MakeSigData(String, String, String, String, HashAlgorithm, Cms.SigDataOptions)](#cms_makesigdata-string-string-string-string-hashalgorithm-cms-sigdataoptions) | Create a CMS object of type SignedData from an input data file using RSASSA-PKCS1V1_5 with options. |
| [MakeSigDataFromBytes](#cms_makesigdatafrombytes) | Create a CMS object of type SignedData from an array of bytes. |
| [MakeSigDataFromPseudo](#cms_makesigdatafrompseudo) | Create a SignedData object from a "pseudo" object. |
| [MakeSigDataFromSigValue](#cms_makesigdatafromsigvalue) | Create a CMS object of type SignedData using a pre-computed signature (advanced algorithms). |
| [MakeSigDataFromString(String, String, String, String, Cms.SigAlg, Cms.SigDataOptions)](#cms_makesigdatafromstring-string-string-string-string-cms-sigalg-cms-sigdataoptions) | Create a CMS object of type SignedData from an input string (advanced options including RSA-PSS). |
| [MakeSigDataFromString(String, String, String, String, HashAlgorithm, Cms.SigDataOptions)](#cms_makesigdatafromstring-string-string-string-string-hashalgorithm-cms-sigdataoptions) | Create a CMS object of type SignedData from an input string using RSASSA-PKCS1V1_5 with options. |
| [QueryEnvData](#cms_queryenvdata) | Query a CMS enveloped-data object file for selected information. |
| [QuerySigData](#cms_querysigdata) | Query a CMS signed-data object for selected information. |
| [ReadComprData](#cms_readcomprdata) | Read and extract the decompressed contents of a CMS compressed-data file. |
| [ReadEnvDataToBytes](#cms_readenvdatatobytes) | Read and decrypt a CMS enveloped-data object to a byte array. |
| [ReadEnvDataToFile](#cms_readenvdatatofile) | Read and decrypt a CMS enveloped-data object to a file. |
| [ReadEnvDataToString](#cms_readenvdatatostring) | Read and decrypt a CMS enveloped-data object to a string. |
| [ReadSigDataToBytes](#cms_readsigdatatobytes) | Read the content from a CMS signed-data object directly into a byte array. |
| [ReadSigDataToFile](#cms_readsigdatatofile) | Read the content from a CMS signed-data object file. |
| [ReadSigDataToString](#cms_readsigdatatostring) | Read the content from a CMS signed-data object directly into a string. |
| [VerifySigData](#cms_verifysigdata) | Verify the signature and content of a signed-data CMS object file. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.GetSigDataDigest Method
===========================
Extract the message digest from a signed-data CMS object file and verify the signature.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string GetSigDataDigest(
string inputFile,
string certFile
)
```
#### Parameters
##### *inputFile* String
name of file containing CMS signed-data object
##### *certFile* String
an (optional) X.509 certificate file to be used to identify the signer
#### Return Value
String
Hash value in hex format or an empty string if error
Remarks
-------
If no certificate is given, it will use the first valid SignerInfo and certificate pair it finds in the SignedData. RSASSA-PKCS1V1_5 only.
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.GetSigHashAlgorithm Method
==============================
Find ID of message digest hash algorithm used to make signature.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int GetSigHashAlgorithm(
string inputFile,
string certFile
)
```
#### Parameters
##### *inputFile* String
name of file containing CMS signed-data object
##### *certFile* String
an (optional) X.509 certificate file to be used to identify the signer
#### Return Value
Int32
0=SHA-1, 1=MD5, 2=MD2, 3=SHA-256, 4=SHA-384, 5=SHA-512, 6=SHA-224; or a negative [error code](#general_error-code)
Remarks
-------
This method returns an integer ID number. Alternatively, use `Cms.QuerySigData(inputFile, "digestAlgorithm")` to get the name directly as a string, e.g. `"sha1"`. See [QuerySigData(String, String)](#cms_querysigdata)
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeComprData Method
========================
Create a new CMS compressed-data file (.p7z) from an existing input file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeComprData(
string outputFile,
string inputFile
)
```
#### Parameters
##### *outputFile* String
Output file to be created
##### *inputFile* String
Input data file
#### Return Value
Int32
Zero if successful; otherwise it returns a non-zero [error code](#general_error-code)
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeDetachedSig Method
==========================
Create a "detached signature" CMS signed-data object file from a **message digest** of the content (advanced algorithms).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeDetachedSig(
string outputFile,
string hexDigest,
string certList,
string privateKey,
HashAlgorithm hashAlg = HashAlgorithm.Sha1,
Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)
```
#### Parameters
##### *outputFile* String
name of output file to be created
##### *hexDigest* String
string containing message digest in hex format
##### *certList* String
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
##### *privateKey* String
Private key data for the sender.
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm) (Optional)
Message digest algorithm to be used in signature [default=SHA-1]
##### *advOptions* [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions) (Optional)
Advanced option flags. See [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions).
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
Remarks
-------
RSASSA-PKCS1V1_5 only.
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeEnvData(String, String, String, CipherAlgorithm, Cms.EnvDataOptions) Method
===================================================================================
Create a CMS enveloped-data object (default recipient parameters).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ |
| **MakeEnvData(String, String, String, CipherAlgorithm, Cms.EnvDataOptions)** | Create a CMS enveloped-data object (default recipient parameters). |
| [MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)](#cms_makeenvdata-string-string-string-cipheralgorithm-cms-keyencralgorithm-hashalgorithm-cms-envdataoptions-kdf-kdfalg-kdf-keywrapalg-string-int32-cms-contentencralg) | Create a CMS enveloped-data object (advanced options). |
Syntax
------
```csharp
public static int MakeEnvData(
string outputFile,
string inputFile,
string certList,
CipherAlgorithm cipherAlg,
Cms.EnvDataOptions advOptions
)
```
#### Parameters
##### *outputFile* String
Name of output file to be created.
##### *inputFile* String
Input data file.
##### *certList* String
List of recipient X.509 certificate filename(s), separated by semi-colons (;). Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Content encryption algorithm [default=AES128-CBC].
##### *advOptions* [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions)
Advanced options. See [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions).
#### Return Value
Int32
Number of successful recipients or a negative [error code](#general_error-code).
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg) Method
=======================================================================================================================================================================================
Create a CMS enveloped-data object (advanced options).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ |
| [MakeEnvData(String, String, String, CipherAlgorithm, Cms.EnvDataOptions)](#cms_makeenvdata-string-string-string-cipheralgorithm-cms-envdataoptions) | Create a CMS enveloped-data object (default recipient parameters). |
| **MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)** | Create a CMS enveloped-data object (advanced options). |
Syntax
------
```csharp
public static int MakeEnvData(
string outputFile,
string inputFile,
string certList,
CipherAlgorithm cipherAlg = ,
Cms.KeyEncrAlgorithm keyEncrAlg = Cms.KeyEncrAlgorithm.Default,
HashAlgorithm hashAlg = HashAlgorithm.Sha1,
Cms.EnvDataOptions advOptions = Cms.EnvDataOptions.None,
Kdf.KdfAlg kdfAlg = Kdf.KdfAlg.X963,
Kdf.KeyWrapAlg keyWrapAlg = Kdf.KeyWrapAlg.Default,
string keyString = "",
int count = 0,
Cms.ContentEncrAlg contEncrAlg = Cms.ContentEncrAlg.Aes128
)
```
#### Parameters
##### *outputFile* String
Name of output file to be created.
##### *inputFile* String
Input data file.
##### *certList* String
List of one or more recipient X.509 certificate filenames, separated by semicolons (;). A certificate's representation in base64 or as a PEM string may be used instead of a filename. Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).
Special cases: Set as `"type=@pwri"` to create a single recipientInfo of the `PasswordRecipientInfo` (pwri) type; or set as `"type=@kekri,keyid="` to create a single recipientInfo of the `KEKRecipientInfo` (kekri) type. See Remarks.
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm) (Optional)
Content encryption algorithm [default=ignored]. Deprecated: use `contEncrAlg`. (This parameter will be removed in a future update)
##### *keyEncrAlg* [Cms.KeyEncrAlgorithm](#cms_keyencralgorithm_cms-keyencralgorithm) (Optional)
Key encryption algorithm for ktri type [default=RSAES-PKCS-v1_5)]
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm) (Optional)
Hash function where applicable. Must be one of the SHA-* family [default=SHA-1; SHA-256 for RSA-KEM]
##### *advOptions* [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions) (Optional)
Advanced options. See [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions).
##### *kdfAlg* [Kdf.KdfAlg](#kdf_kdfalg_kdf-kdfalg) (Optional)
Key derivation function (KDF) for ECDH key agreement scheme (where applicable)
##### *keyWrapAlg* [Kdf.KeyWrapAlg](#kdf_keywrapalg_kdf-keywrapalg) (Optional)
Key wrap algorithm for ECDH key agreement scheme or kekri type (default=match content encryption algorithm)
##### *keyString* String (Optional)
(formerly `ukmString`) Use to pass optional additional user key material (ukm) for KDF where KeyAgreement (kari) type is used. Or use to pass the password for a pwri type or the key encryption key (KEK) for a kekri type. Either pass a plain ASCII string, e.g. `"abc"` or use the format `"#x"` to pass a string of arbitrary octet values, e.g. `"#xdeadbeef01"` to pass the 5 bytes `0xde,0xad,0xbe,0xef,0x01`. Required for pwri and kekri types.
##### *count* Int32 (Optional)
Optional iteration count for KDF in pwri type (default=4096) or tag length for AuthEnvelopedData (in range 12-16, default=16). Otherwise ignored.
##### *contEncrAlg* [Cms.ContentEncrAlg](#cms_contentencralg_cms-contentencralg) (Optional)
Preferred way to specify content encryption algorithm with more options. Takes precedence over `cipherAlg`. [default=AES128-CBC]
#### Return Value
Int32
Number of successful recipients or a negative [error code](#general_error-code).
Remarks
-------
The output is a file containing a CMS EnvelopedData object or AuthEnvelopedData object. New in [v22.0] use the preferred `contEncrAlg` parameter to specify the content-encryption algorithm rather than `cipherAlg`. If a list of certificates is passed in `certList`, the recipientInfo type is set automatically depending on the public key found in each certificate, one for each certificate. If the public key is RSA (`rsaEncryption`) then the key transport technique (ktri) will be used for that particular recipientInfo. If the public key is a supported ECC key, then the standard ECDH ephemeral-static key agreement technique (kari) will be used as per [RFC5753] and [RFC8418].
Alternatively, use key encryption option [Cms.KeyEncrAlgorithm.Rsa_Kem](#cms_keyencralgorithm_cms-keyencralgorithm-rsa_kem) with an RSA public key, and the RSA-KEM algorithm using KEMRecipientInfo will be used for key encryption.
If `certList` is set to `"type=@pwri"` then a single recipientInfo will be created of PasswordRecipientInfo type (pwri). The password must be passed in the `keyString` parameter. The parameters keyEncrAlg, kdfAlg and keyWrapAlg are ignored in this case. If `certList` is set to `"type=@kekri,keyid="` then a single recipientInfo will be created of KEKRecipientInfo type (kekri). The key encryption key (KEK) must be passed in the `keyString` parameter. The parameters keyEncrAlg, hashAlg and kdfAlg are ignored in this case.
Example
-------
```csharp
// Create an enveloped CMS object (ktri type) to Bob using Bob's RSA key
n = Cms.MakeEnvData("cms2bob_aes128.p7m", "excontent.txt", "BobRSASignByCarl.cer", CipherAlgorithm.Aes128, Cms.KeyEncrAlgorithm.Rsa_Oaep);
// Create an enveloped CMS object (kekri type) using a previously distributed symmetric key-encryption key (KEK)
n = Cms.MakeEnvData("cms_envdata_kekri.p7m", "excontent.txt", "type=@kekri,keyid=ourcommonkey", CipherAlgorithm.Aes256,
hashAlg: HashAlgorithm.Sha256, keyWrapAlg:Kdf.KeyWrapAlg.Aes128_wrap, keyString: "#x0123456789ABCDEFF0E1D2C3B4A59687");
```
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeEnvDataFromBytes Method
===============================
Create a CMS enveloped-data object from data in a byte array.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeEnvDataFromBytes(
string outputFile,
byte[] inputData,
string certList,
CipherAlgorithm cipherAlg = ,
Cms.KeyEncrAlgorithm keyEncrAlg = Cms.KeyEncrAlgorithm.Default,
HashAlgorithm hashAlg = HashAlgorithm.Sha1,
Cms.EnvDataOptions advOptions = Cms.EnvDataOptions.None,
Kdf.KdfAlg kdfAlg = Kdf.KdfAlg.X963,
Kdf.KeyWrapAlg keyWrapAlg = Kdf.KeyWrapAlg.Default,
string keyString = "",
int count = 0,
Cms.ContentEncrAlg contEncrAlg = Cms.ContentEncrAlg.Aes128
)
```
#### Parameters
##### *outputFile* String
Output file to be created
##### *inputData* Byte[]
Input data.
##### *certList* String
List of one or more recipient X.509 certificate filenames, separated by semicolons (;). A certificate's representation in base64 or as a PEM string may be used instead of a filename. Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).
Special cases: Set as `"type=@pwri"` to create a single recipientInfo of the `PasswordRecipientInfo` (pwri) type; or set as `"type=@kekri,keyid="` to create a single recipientInfo of the `KEKRecipientInfo` (kekri) type. See Remarks.
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm) (Optional)
Content encryption algorithm [default=ignored]. Deprecated: use `contEncrAlg`. (This parameter will be removed in a future update)
##### *keyEncrAlg* [Cms.KeyEncrAlgorithm](#cms_keyencralgorithm_cms-keyencralgorithm) (Optional)
Key encryption algorithm for ktri type [default=RSAES-PKCS-v1_5)]
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm) (Optional)
Hash function where applicable. Must be one of the SHA-* family [default=SHA-1; SHA-256 for RSA-KEM]
##### *advOptions* [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions) (Optional)
Advanced options. See [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions).
##### *kdfAlg* [Kdf.KdfAlg](#kdf_kdfalg_kdf-kdfalg) (Optional)
Key derivation function (KDF) (where applicable)
##### *keyWrapAlg* [Kdf.KeyWrapAlg](#kdf_keywrapalg_kdf-keywrapalg) (Optional)
Key wrap algorithm for ECDH key agreement scheme or kekri type (default=match content encryption algorithm)
##### *keyString* String (Optional)
(formerly `ukmString`) Use to pass optional additional user key material (ukm) for KDF where KeyAgreement (kari) type or RSA-KEM is used. Or use to pass the password for a pwri type or the key encryption key (KEK) for a kekri type. Either pass a plain ASCII string, e.g. `"abc"` or use the format `"#x"` to pass a string of arbitrary octet values, e.g. `"#xdeadbeef01"` to pass the 5 bytes `0xde,0xad,0xbe,0xef,0x01`. Required for pwri and kekri types.
##### *count* Int32 (Optional)
Optional iteration count for KDF in pwri type (default=4096) or tag length for AuthEnvelopedData (in range 12-16, default=16). Otherwise ignored.
##### *contEncrAlg* [Cms.ContentEncrAlg](#cms_contentencralg_cms-contentencralg) (Optional)
Alternative way to specify content encryption algorithm with more options. Takes precedence over `cipherAlg`. [default=AES128-CBC]
#### Return Value
Int32
Number of successful recipients or negative [error code](#general_error-code)
Remarks
-------
See remarks for [MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)](#cms_makeenvdata-string-string-string-cipheralgorithm-cms-keyencralgorithm-hashalgorithm-cms-envdataoptions-kdf-kdfalg-kdf-keywrapalg-string-int32-cms-contentencralg)
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeEnvDataFromString(String, String, String, CipherAlgorithm, Cms.EnvDataOptions) Method
=============================================================================================
Create a CMS enveloped-data object from an ASCII string (default recipient parameters).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| **MakeEnvDataFromString(String, String, String, CipherAlgorithm, Cms.EnvDataOptions)** | Create a CMS enveloped-data object from an ASCII string (default recipient parameters). |
| [MakeEnvDataFromString(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)](#cms_makeenvdatafromstring-string-string-string-cipheralgorithm-cms-keyencralgorithm-hashalgorithm-cms-envdataoptions-kdf-kdfalg-kdf-keywrapalg-string-int32-cms-contentencralg) | Create a CMS enveloped-data object from an ASCII string (advanced options). |
Syntax
------
```csharp
public static int MakeEnvDataFromString(
string outputFile,
string inputData,
string certList,
CipherAlgorithm cipherAlg,
Cms.EnvDataOptions advOptions
)
```
#### Parameters
##### *outputFile* String
Output file to be created
##### *inputData* String
Input data string, expected plain ASCII text.
##### *certList* String
List of recipient X.509 certificate filename(s), separated by semi-colons (;). Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Content encryption algorithm [default=Triple DES]
##### *advOptions* [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions)
Advanced options. See [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions).
#### Return Value
Int32
Number of successful recipients or negative [error code](#general_error-code)
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeEnvDataFromString(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg) Method
=================================================================================================================================================================================================
Create a CMS enveloped-data object from an ASCII string (advanced options).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------- |
| [MakeEnvDataFromString(String, String, String, CipherAlgorithm, Cms.EnvDataOptions)](#cms_makeenvdatafromstring-string-string-string-cipheralgorithm-cms-envdataoptions) | Create a CMS enveloped-data object from an ASCII string (default recipient parameters). |
| **MakeEnvDataFromString(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)** | Create a CMS enveloped-data object from an ASCII string (advanced options). |
Syntax
------
```csharp
public static int MakeEnvDataFromString(
string outputFile,
string inputData,
string certList,
CipherAlgorithm cipherAlg = ,
Cms.KeyEncrAlgorithm keyEncrAlg = Cms.KeyEncrAlgorithm.Default,
HashAlgorithm hashAlg = HashAlgorithm.Sha1,
Cms.EnvDataOptions advOptions = Cms.EnvDataOptions.None,
Kdf.KdfAlg kdfAlg = Kdf.KdfAlg.X963,
Kdf.KeyWrapAlg keyWrapAlg = Kdf.KeyWrapAlg.Default,
string keyString = "",
int count = 0,
Cms.ContentEncrAlg contEncrAlg = Cms.ContentEncrAlg.Aes128
)
```
#### Parameters
##### *outputFile* String
Output file to be created
##### *inputData* String
Input data string, expected plain ASCII text.
##### *certList* String
List of recipient X.509 certificate filename(s), separated by semi-colons (;). Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).
Special cases: Set as `"type=@pwri"` to create a single recipientInfo of the `PasswordRecipientInfo` type (pwri); or set as `"type=@kekri,keyid="` to create a single recipientInfo of the `KEKRecipientInfo` type (kekri). See Remarks.
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm) (Optional)
Content encryption algorithm [default=ignored]. Deprecated: use `contEncrAlg`. (This parameter will be removed in a future update)
##### *keyEncrAlg* [Cms.KeyEncrAlgorithm](#cms_keyencralgorithm_cms-keyencralgorithm) (Optional)
Key encryption algorithm [default=`rsaEncryption`)]
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm) (Optional)
Hash function where applicable. Must be one of the SHA-* family [default=SHA-1; SHA-256 for RSA-KEM]
##### *advOptions* [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions) (Optional)
Advanced options. See [Cms.EnvDataOptions](#cms_envdataoptions_cms-envdataoptions).
##### *kdfAlg* [Kdf.KdfAlg](#kdf_kdfalg_kdf-kdfalg) (Optional)
Key derivation function (KDF) for ECDH key agreement scheme (where applicable)
##### *keyWrapAlg* [Kdf.KeyWrapAlg](#kdf_keywrapalg_kdf-keywrapalg) (Optional)
Key wrap algorithm for ECDH key agreement scheme (default=match content encryption algorithm)
##### *keyString* String (Optional)
(formerly `ukmString`) Use to pass optional additional user key material (ukm) for KDF where KeyAgreement (kari) type or RSA-KEM is used. Or use to pass the password for a pwri type or the key encryption key (KEK) for a kekri type. Either pass a plain ASCII string, e.g. `"abc"` or use the format `"#x"` to pass a string of arbitrary octet values, e.g. `"#xdeadbeef01"` to pass the 5 bytes `0xde,0xad,0xbe,0xef,0x01`. Optional for kari types but required for pwri and kekri types.
##### *count* Int32 (Optional)
Optional iteration count for KDF in pwri type (default=4096) or tag length for AuthEnvelopedData (in range 12-16, default=16). Otherwise ignored.
##### *contEncrAlg* [Cms.ContentEncrAlg](#cms_contentencralg_cms-contentencralg) (Optional)
Alternative way to specify content encryption algorithm with more options. Takes precedence over `cipherAlg`. [default=AES128-CBC]
#### Return Value
Int32
Number of successful recipients or negative [error code](#general_error-code)
Remarks
-------
See remarks for [MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)](#cms_makeenvdata-string-string-string-cipheralgorithm-cms-keyencralgorithm-hashalgorithm-cms-envdataoptions-kdf-kdfalg-kdf-keywrapalg-string-int32-cms-contentencralg)
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeSigData(String, String, String, String, Cms.SigAlg, Cms.SigDataOptions) Method
======================================================================================
Create a CMS object of type SignedData from an input data file (advanced options including RSA-PSS).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ----------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| **MakeSigData(String, String, String, String, Cms.SigAlg, Cms.SigDataOptions)** | Create a CMS object of type SignedData from an input data file (advanced options including RSA-PSS). |
| [MakeSigData(String, String, String, String, HashAlgorithm, Cms.SigDataOptions)](#cms_makesigdata-string-string-string-string-hashalgorithm-cms-sigdataoptions) | Create a CMS object of type SignedData from an input data file using RSASSA-PKCS1V1_5 with options. |
Syntax
------
```csharp
public static int MakeSigData(
string outputFile,
string inputFile,
string certList,
string privateKey,
Cms.SigAlg sigAlg,
Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)
```
#### Parameters
##### *outputFile* String
name of output file to be created
##### *inputFile* String
name of file containing message data to be signed
##### *certList* String
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
##### *privateKey* String
private key data for the sender
##### *sigAlg* [Cms.SigAlg](#cms_sigalg_cms-sigalg)
Signature algorithm.
##### *advOptions* [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions) (Optional)
Advanced option flags. See [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions).
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
Example
-------
```csharp
StringBuilder sbPrivateKey = Rsa.ReadPrivateKey("AlicePrivRSASign.p8e", "password");
string fnameOutput = "BasicSignByAlice.bin";
string fnameInput = "excontent.txt";
string fnameCert = "AliceRSASignByCarl.cer";
int n = Cms.MakeSigData(fnameOutput, fnameInput, fnameCert, sbPrivateKey.ToString(), Cms.SigAlg.Default, 0);
```
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeSigData(String, String, String, String, HashAlgorithm, Cms.SigDataOptions) Method
=========================================================================================
Create a CMS object of type SignedData from an input data file using RSASSA-PKCS1V1_5 with options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ---------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| [MakeSigData(String, String, String, String, Cms.SigAlg, Cms.SigDataOptions)](#cms_makesigdata-string-string-string-string-cms-sigalg-cms-sigdataoptions) | Create a CMS object of type SignedData from an input data file (advanced options including RSA-PSS). |
| **MakeSigData(String, String, String, String, HashAlgorithm, Cms.SigDataOptions)** | Create a CMS object of type SignedData from an input data file using RSASSA-PKCS1V1_5 with options. |
Syntax
------
```csharp
public static int MakeSigData(
string outputFile,
string inputFile,
string certList,
string privateKey,
HashAlgorithm hashAlg = HashAlgorithm.Sha1,
Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)
```
#### Parameters
##### *outputFile* String
name of output file to be created
##### *inputFile* String
name of file containing message data to be signed
##### *certList* String
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
##### *privateKey* String
private key data for the sender
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm) (Optional)
Message digest algorithm to be used in signature [default=SHA-1].
##### *advOptions* [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions) (Optional)
Advanced option flags. See [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions).
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
Remarks
-------
RSASSA-PKCS1V1_5 only.
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeSigDataFromBytes Method
===============================
Create a CMS object of type SignedData from an array of bytes.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeSigDataFromBytes(
string outputFile,
byte[] inputData,
string certList,
string privateKey,
Cms.SigAlg sigAlg,
Cms.SigDataOptions advOptions
)
```
#### Parameters
##### *outputFile* String
name of output file to be created.
##### *inputData* Byte[]
message data to be signed in a byte array.
##### *certList* String
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
##### *privateKey* String
Private key data for the sender.
##### *sigAlg* [Cms.SigAlg](#cms_sigalg_cms-sigalg)
Signature algorithm.
##### *advOptions* [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions)
Advanced option flags. See [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions).
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeSigDataFromPseudo Method
================================
Create a SignedData object from a "pseudo" object.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeSigDataFromPseudo(
string outputFile,
string inputPseudoFile,
byte[] sigValue,
Cms.Format format = Cms.Format.Default
)
```
#### Parameters
##### *outputFile* String
Name of output file to be created.
##### *inputPseudoFile* String
Input "pseudo" file with dummy placeholder signature.
##### *sigValue* Byte[]
Signature value computed by external service.
##### *format* [Cms.Format](#cms_format_cms-format) (Optional)
Output format (default = binary)
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
Remarks
-------
RSASSA-PKCS1V1_5 only.
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeSigDataFromSigValue Method
==================================
Create a CMS object of type SignedData using a pre-computed signature (advanced algorithms).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeSigDataFromSigValue(
string outputFile,
byte[] sigValue,
byte[] contentData,
string certList,
HashAlgorithm hashAlg = HashAlgorithm.Sha1,
Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)
```
#### Parameters
##### *outputFile* String
name of output file to be created
##### *sigValue* Byte[]
signature value
##### *contentData* Byte[]
string containing content data that has been signed
##### *certList* String
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm) (Optional)
Message digest algorithm to be used in signature [default=SHA-1]
##### *advOptions* [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions) (Optional)
Advanced option flags. See [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions).
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
Remarks
-------
RSASSA-PKCS1V1_5 only.
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeSigDataFromString(String, String, String, String, Cms.SigAlg, Cms.SigDataOptions) Method
================================================================================================
Create a CMS object of type SignedData from an input string (advanced options including RSA-PSS).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |
| **MakeSigDataFromString(String, String, String, String, Cms.SigAlg, Cms.SigDataOptions)** | Create a CMS object of type SignedData from an input string (advanced options including RSA-PSS). |
| [MakeSigDataFromString(String, String, String, String, HashAlgorithm, Cms.SigDataOptions)](#cms_makesigdatafromstring-string-string-string-string-hashalgorithm-cms-sigdataoptions) | Create a CMS object of type SignedData from an input string using RSASSA-PKCS1V1_5 with options. |
Syntax
------
```csharp
public static int MakeSigDataFromString(
string outputFile,
string inputData,
string certList,
string privateKey,
Cms.SigAlg sigAlg,
Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)
```
#### Parameters
##### *outputFile* String
name of output file to be created
##### *inputData* String
string containing message data to be signed
##### *certList* String
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
##### *privateKey* String
private key data for the sender
##### *sigAlg* [Cms.SigAlg](#cms_sigalg_cms-sigalg)
Signature algorithm.
##### *advOptions* [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions) (Optional)
Advanced option flags. See [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions).
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.MakeSigDataFromString(String, String, String, String, HashAlgorithm, Cms.SigDataOptions) Method
===================================================================================================
Create a CMS object of type SignedData from an input string using RSASSA-PKCS1V1_5 with options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| -------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |
| [MakeSigDataFromString(String, String, String, String, Cms.SigAlg, Cms.SigDataOptions)](#cms_makesigdatafromstring-string-string-string-string-cms-sigalg-cms-sigdataoptions) | Create a CMS object of type SignedData from an input string (advanced options including RSA-PSS). |
| **MakeSigDataFromString(String, String, String, String, HashAlgorithm, Cms.SigDataOptions)** | Create a CMS object of type SignedData from an input string using RSASSA-PKCS1V1_5 with options. |
Syntax
------
```csharp
public static int MakeSigDataFromString(
string outputFile,
string inputData,
string certList,
string privateKey,
HashAlgorithm hashAlg = HashAlgorithm.Sha1,
Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)
```
#### Parameters
##### *outputFile* String
name of output file to be created
##### *inputData* String
string containing message data to be signed
##### *certList* String
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
##### *privateKey* String
private key data for the sender
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm) (Optional)
Message digest algorithm to be used in signature [default=SHA-1]
##### *advOptions* [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions) (Optional)
Advanced option flags. See [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions).
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
Remarks
-------
RSASSA-PKCS1V1_5 only.
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.QueryEnvData Method
=======================
Query a CMS enveloped-data object file for selected information.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string QueryEnvData(
string inputFile,
string query
)
```
#### Parameters
##### *inputFile* String
file containing CMS enveloped-data object
##### *query* String
Query string (case insensitive)
#### Return Value
String
String containing the result or an empty string if not found or error.
Remarks
-------
Valid queries are:
| `"version"` | envelopedData CMSVersion (`edVer`) value, e.g. `"0"`. |
| ------------------------------ | ---------------------------------------------------------------- |
| `"recipientInfoVersion"` | recipientInfo version (`riVer`) value. |
| `"recipientInfoType"` | Type of recipientInfo, e.g. `ktri`, `kari`, ... |
| `"CountOfRecipientInfos"` | Number of RecipientInfos included in the data. |
| `"recipientIssuerName"` | Distinguished Name of recipient's certificate issuer. |
| `"recipientSerialNumber"` | serialNumber of recipient's certificate in hex format |
| `"keyEncryptionAlgorithm"` | keyEncryptionAlgorithm, e.g. `"rsaEncryption"`. |
| `"keyEncryptionFlags"` | Bit flags used for the key encryption algorithm (ktri only). |
| `"SizeOfEncryptedKey"` | Size (in bytes) of the EncryptedKey. |
| `"encryptedKey"` | EncryptedKey value encoded in hex. |
| `"oaepParams"` | Parameters used for RSA-OAEP (if applicable). |
| `"keyWrapAlgorithm"` | Key wrap algorithm, e.g. `"aes128-wrap"` (kari and kekri only). |
| `"originatorKeyAlgorithm"` | OriginatorPublicKey algorithm, e.g. `"ecPublicKey"` (kari only). |
| `"originatorPublicKey"` | OriginatorPublicKey publicKey value encoded in hex (kari only). |
| `"keyid"` | keyIdentifier for KEKRecipientInfo (kekri) type. |
| `"contentEncryptionAlgorithm"` | contentEncryptionAlgorithm, e.g. `"des-EDE3-CBC"`. |
| `"SizeOfEncryptedContent"` | Size (in bytes) of the EncryptedContent. |
| `"encryptedContent"` | EncryptedContent encoded in hex. |
| `"iv"` | Initialization vector encoded in hex. |
By default, the function queries the first recipientInfo in the file. To query the Nth recipientInfo append `"/N"` to the query string, e.g. `"recipientInfoVersion/2"` to find the version number of the second recipientInfo in the file.
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.QuerySigData Method
=======================
Query a CMS signed-data object for selected information.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string QuerySigData(
string inputFile,
string query
)
```
#### Parameters
##### *inputFile* String
file containing CMS signed-data object
##### *query* String
Query string (case insensitive)
#### Return Value
String
String containing the result or an empty string if not found or error.
Remarks
-------
Valid queries are:
| `"version"` | signedData version (sdVer) value, e.g. `"1"`. |
| -------------------------- | -------------------------------------------------------------------------- |
| `"eContentType"` | ContentType of the EncapsulatedContentInfo, e.g. `"data"`. |
| `"HASeContent"` | "1" if eContent is present; "0" if not. |
| `"CountOfCertificates"` | Number of certificates included in the data. |
| `"CountOfSignerInfos"` | Number of SignerInfos included in the data. |
| `"signerInfoVersion"` | signerInfo version (siVer) value. |
| `"digestAlgorithm"` | digestAlgorithm, e.g. `"sha1"`. |
| `"signatureAlgorithm"` | signatureAlgorithm, e.g. `"rsaEncryption"`. |
| `"signatureValue"` | Signature value encoded in hex. |
| `"HASsignedAttributes"` | "1" if signedAttributes (authenticatedAttributes) are present; "0" if not. |
| `"DigestOfSignedAttrs"` | Computed digest over signed attributes, if present, using digestAlgorithm. |
| `"DigestOfeContent"` | Computed digest over eContent, if present, using digestAlgorithm. |
| `"signingTime"` | signingTime attribute in format `"2005-12-31 23:30:59"` |
| `"messageDigest"` | messageDigest attribute in hexadecimal format, if present |
| `"pssParams"` | Parameters used for RSA-PSS (if applicable). |
| `"HASsigningCertificate"` | "1" if an ESS signingCertificate is present; "0" if not. |
| `"signingCertHash"` | certHash value of ESS signing certificate, if present, encoded in hex. |
| `"HASalgorithmProtection"` | "1" if a cmsAlgorithmProtection attribute is present; "0" if not. |
By default, the function queries the first signerInfo in the file. To query the Nth signerInfo append `"/N"` to the query string, e.g. `"signerInfoVersion/2"` to find the version number of the second signerInfo in the file.
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.ReadComprData Method
========================
Read and extract the decompressed contents of a CMS compressed-data file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int ReadComprData(
string outputFile,
string inputFile,
Cms.ComprDataOptions opts
)
```
#### Parameters
##### *outputFile* String
Output file to be created
##### *inputFile* String
Input data file
##### *opts* [Cms.ComprDataOptions](#cms_comprdataoptions_cms-comprdataoptions)
Options [default=inflate contents]
#### Return Value
Int32
If successful the return value is the number of bytes in the output file; otherwise it returns a non-zero [error code](#general_error-code)
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.ReadEnvDataToBytes Method
=============================
Read and decrypt a CMS enveloped-data object to a byte array.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] ReadEnvDataToBytes(
string inputFile,
string x509File,
string privateKey
)
```
#### Parameters
##### *inputFile* String
Name of file containing CMS enveloped-data object (binary or base64-encoded) or the data as a base64 or PEM string.
##### *x509File* String
(optional) filename of the recipient's X.509 certificate.
##### *privateKey* String
Internal representation of private key.
#### Return Value
Byte[]
Decrypted content in a byte array, or empty array on error.
Example
-------
```csharp
// Read in content to a byte array
byte[] b = Cms.ReadEnvDataToBytes(inputFile, "", privateKey);
// Convert to a .NET string (assuming UTF-8 encoded)
string s = System.Text.Encoding.UTF8.GetString(b);
```
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.ReadEnvDataToFile Method
============================
Read and decrypt a CMS enveloped-data object to a file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int ReadEnvDataToFile(
string outputFile,
string inputFile,
string x509File,
string privateKey,
Cms.ReadOptions opts = Cms.ReadOptions.None
)
```
#### Parameters
##### *outputFile* String
Name of output file to be created.
##### *inputFile* String
Name of file containing CMS enveloped-data object (binary or base64-encoded) or the data as a base64 or PEM string.
##### *x509File* String
(optional) filename of the recipient's X.509 certificate.
##### *privateKey* String
Internal representation of private key.
##### *opts* [Cms.ReadOptions](#cms_readoptions_cms-readoptions) (Optional)
Use [Cms.ReadOptions](#cms_readoptions_cms-readoptions) for faster handling of large files (binary only).
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code).
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.ReadEnvDataToString Method
==============================
Read and decrypt a CMS enveloped-data object to a string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ReadEnvDataToString(
string inputFile,
string x509File,
string privateKey
)
```
#### Parameters
##### *inputFile* String
Name of file containing CMS enveloped-data object (binary or base64-encoded) or the data as a base64 or PEM string.
##### *x509File* String
(optional) filename of the recipient's X.509 certificate
##### *privateKey* String
Internal representation of private key.
#### Return Value
String
Decrypted content in a string or empty string on error.
Remarks
-------
Use this only when the decrypted text is known to be plain ASCII text, otherwise use [ReadEnvDataToBytes](#cms_readenvdatatobytes).
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.ReadSigDataToBytes Method
=============================
Read the content from a CMS signed-data object directly into a byte array.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] ReadSigDataToBytes(
string inputFile
)
```
#### Parameters
##### *inputFile* String
Name of file containing CMS signed-data object (binary or base64-encoded) or the data as a base64 or PEM string.
#### Return Value
Byte[]
Byte array containing the content or a zero-length array if error.
Remarks
-------
Use this if the content contains non-ASCII characters, e.g. UTF-8 encoded.
Example
-------
```csharp
// Read in content to a byte array
byte[] b = Cms.ReadSigDataToBytes(inputFile);
// Convert to a .NET string (assumed UTF-8 encoded)
string s = System.Text.Encoding.UTF8.GetString(b);
```
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.ReadSigDataToFile Method
============================
Read the content from a CMS signed-data object file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int ReadSigDataToFile(
string outputFile,
string inputFile,
Cms.ReadOptions opts = Cms.ReadOptions.None
)
```
#### Parameters
##### *outputFile* String
file to receive content
##### *inputFile* String
Name of file containing CMS signed-data object (binary or base64-encoded) or the data as a base64 or PEM string.
##### *opts* [Cms.ReadOptions](#cms_readoptions_cms-readoptions) (Optional)
Option flags: set as zero for defaults.
#### Return Value
Int32
If successful, the return value is a positive number indicating the number of bytes in the content; otherwise it returns a negative [error code](#general_error-code).
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.ReadSigDataToString Method
==============================
Read the content from a CMS signed-data object directly into a string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ReadSigDataToString(
string inputFile
)
```
#### Parameters
##### *inputFile* String
Name of file containing CMS signed-data object (binary or base64-encoded) or the data as a base64 or PEM string.
#### Return Value
String
String containing the content or an empty string if error
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.VerifySigData Method
========================
Verify the signature and content of a signed-data CMS object file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int VerifySigData(
string inputFile,
string certFile = "",
string hexDigest = "",
Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)
```
#### Parameters
##### *inputFile* String
file containing CMS signed-data object
##### *certFile* String (Optional)
an (optional) X.509 certificate file of the signer
##### *hexDigest* String (Optional)
(optional) digest of eContent to be verified (use for "detached-signature" form)
##### *advOptions* [Cms.SigDataOptions](#cms_sigdataoptions_cms-sigdataoptions) (Optional)
Use for `BigFile` option, otherwise ignored
#### Return Value
Int32
Zero if successfully verified; otherwise it returns a non-zero [error code](#general_error-code)
See Also
--------
[Cms Class](#cms_cms)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv Class
=========
Character conversion routines
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Cnv**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Cnv
```
The **Cnv** type exposes the following members.
Methods
-------
| Name | Description |
| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
| [Base64Filter](#cnv_base64filter) | Filter non-base64 characters from a string. |
| [Base64FromHex](#cnv_base64fromhex) | Convert hexadecimal-encoded data into base64-encoded data. |
| [ByteEncoding](#cnv_byteencoding) | Convert encoding of byte array between UTF-8 and Latin-1. |
| [CheckUTF8](#cnv_checkutf8) | Check that a byte array contains only valid UTF-8 encoded characters. |
| [CheckUTF8File](#cnv_checkutf8file) | Check that a file contains only valid UTF-8 encoded characters. |
| [FromBase58](#cnv_frombase58) | Convert a base58-encoded string to an equivalent array of 8-bit unsigned integers. |
| [FromBase64](#cnv_frombase64) | Convert a base64-encoded string to an equivalent array of 8-bit unsigned integers. |
| [FromHex](#cnv_fromhex) | Convert the specified string representation of a value consisting of hexadecimal (base 16) digits to an equivalent array of 8-bit unsigned integers. |
| [HexFilter](#cnv_hexfilter) | Filter non-hexadecimal characters from a string. |
| [HexFromBase64](#cnv_hexfrombase64) | Convert base64-encoded data into hexadecimal-encoded data. |
| [NumFromBytes](#cnv_numfrombytes) | Convert the leftmost four bytes of an array to an unsigned 32-bit integer. |
| [NumToBytes](#cnv_numtobytes) | Convert a 32-bit integer to an array of 4 bytes. |
| [ReverseBytes](#cnv_reversebytes) | Reverse the order of a byte array. |
| [ShortPathName](#cnv_shortpathname) | Retrieve the Windows short path form of the specified path. |
| [StringFromBase64](#cnv_stringfrombase64) | Convert a base64-encoded string into a text string. |
| [StringFromHex](#cnv_stringfromhex) | Convert a hexadecimal-encoded string into a text string. |
| [ToBase58](#cnv_tobase58) | Convert 8-bit binary data to equivalent base58-encoded string format. |
| [ToBase64(Byte[])](#cnv_tobase64-byte) | Convert 8-bit binary data to equivalent base64-encoded string format. |
| [ToBase64(String)](#cnv_tobase64-string) | Convert a string of ANSI characters to equivalent base64-encoded string format. |
| [ToHex(Byte[])](#cnv_tohex-byte) | Convert 8-bit binary data to equivalent hexadecimal string format. |
| [ToHex(String)](#cnv_tohex-string) | Converts a string of ANSI characters to equivalent hexadecimal string format |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.Base64Filter Method
=======================
Filter non-base64 characters from a string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string Base64Filter(
string s
)
```
#### Parameters
##### *s* String
String to be filtered
#### Return Value
String
Filtered string
Remarks
-------
Valid base64 characters are [0-9A-Za-z+/=]
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.Base64FromHex Method
========================
Convert hexadecimal-encoded data into base64-encoded data.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string Base64FromHex(
string s
)
```
#### Parameters
##### *s* String
Hex-encoded data
#### Return Value
String
Base64-encoded data
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.ByteEncoding Method
=======================
Convert encoding of byte array between UTF-8 and Latin-1.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] ByteEncoding(
byte[] data,
Cnv.EncodingConversion direction
)
```
#### Parameters
##### *data* Byte[]
Input data to be converted
##### *direction* [Cnv.EncodingConversion](#cnv_encodingconversion_cnv-encodingconversion)
Direction of conversion
#### Return Value
Byte[]
Converted data (or empty array on error)
Remarks
-------
Converting UTF-8 from Latin-1 assumes the input is from the 8-bit Latin-1 character set and so will always produce output that is valid UTF-8. However, for Latin-1 from UTF-8, the input must contain a valid sequence of UTF-8-encoded bytes and this must be convertible to a single-byte character set, or an error will be returned.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.CheckUTF8 Method
====================
Check that a byte array contains only valid UTF-8 encoded characters.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int CheckUTF8(
byte[] b
)
```
#### Parameters
##### *b* Byte[]
input byte array to check
#### Return Value
Int32
Zero if the encoded bytes is invalid UTF-8, or a positive number if the input contains valid UTF-8 data, where the value of the number indicates the nature of the encoded characters:
| 0 | Not valid UTF-8 |
| - | ----------------------------------------------------------------------------------------------------------------- |
| 1 | Valid UTF-8, all chars are 7-bit ASCII |
| 2 | Valid UTF-8, contains at least one multi-byte character equivalent to 8-bit ANSI |
| 3 | Valid UTF-8, contains at least one multi-byte character that cannot be represented in a single-byte character set |
Remarks
-------
'Overlong' UTF-8 sequences and illegal surrogates are rejected as invalid.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.CheckUTF8File Method
========================
Check that a file contains only valid UTF-8 encoded characters.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int CheckUTF8File(
string fileName
)
```
#### Parameters
##### *fileName* String
name of file to check
#### Return Value
Int32
Zero if the encoded bytes is invalid UTF-8, or a positive number if the input contains valid UTF-8 data, where the value of the number indicates the nature of the encoded characters:
| 0 | Not valid UTF-8 |
| - | ----------------------------------------------------------------------------------------------------------------- |
| 1 | Valid UTF-8, all chars are 7-bit ASCII |
| 2 | Valid UTF-8, contains at least one multi-byte character equivalent to 8-bit ANSI |
| 3 | Valid UTF-8, contains at least one multi-byte character that cannot be represented in a single-byte character set |
Remarks
-------
'Overlong' UTF-8 sequences and illegal surrogates are rejected as invalid.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.FromBase58 Method
=====================
Convert a base58-encoded string to an equivalent array of 8-bit unsigned integers.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] FromBase58(
string s
)
```
#### Parameters
##### *s* String
Base58-encoded data
#### Return Value
Byte[]
Data as array of bytes
Remarks
-------
This uses the "Bitcoin" scheme of base58 encoding where the leading character '1' is reserved for representing an entire leading zero byte.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.FromBase64 Method
=====================
Convert a base64-encoded string to an equivalent array of 8-bit unsigned integers.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] FromBase64(
string s
)
```
#### Parameters
##### *s* String
Base64-encoded data
#### Return Value
Byte[]
Binary data in byte array, or an empty array on error.
Remarks
-------
Whitespace characters are ignored, but other non-base64 characters will cause an error.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.FromHex Method
==================
Convert the specified string representation of a value consisting of hexadecimal (base 16) digits to an equivalent array of 8-bit unsigned integers.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] FromHex(
string s
)
```
#### Parameters
##### *s* String
Hex-encoded string
#### Return Value
Byte[]
Binary data in byte array, or an empty array on error.
Remarks
-------
Whitespace and ASCII punctuation characters are ignored, but other non-hex characters will cause an error.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.HexFilter Method
====================
Filter non-hexadecimal characters from a string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string HexFilter(
string s
)
```
#### Parameters
##### *s* String
Input string to be filtered
#### Return Value
String
Filtered string
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.HexFromBase64 Method
========================
Convert base64-encoded data into hexadecimal-encoded data.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string HexFromBase64(
string s
)
```
#### Parameters
##### *s* String
Base64-encoded data
#### Return Value
String
Hex-encoded data
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.NumFromBytes Method
=======================
Convert the leftmost four bytes of an array to an unsigned 32-bit integer.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static uint NumFromBytes(
byte[] b,
Cnv.EndianNess endn = Cnv.EndianNess.BigEndian
)
```
#### Parameters
##### *b* Byte[]
Byte array to be converted
##### *endn* [Cnv.EndianNess](#cnv_endianness_cnv-endianness) (Optional)
Byte order
#### Return Value
UInt32
Integer value
Remarks
-------
An array shorter than 4 bytes will be padded on the right with zeros
Example
-------
```csharp
byte[] b = new byte[4] { 0xde, 0xad, 0xbe, 0xef };
uint nb = Cnv.NumFromBytes(b, Cnv.EndianNess.BigEndian);
Console.WriteLine("0x" + nb.ToString("x8")); // 0xdeadbeef
uint nl = Cnv.NumFromBytes(b, Cnv.EndianNess.LittleEndian);
Console.WriteLine("0x" + nl.ToString("x8")); // 0xefbeadde
```
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.NumToBytes Method
=====================
Convert a 32-bit integer to an array of 4 bytes.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] NumToBytes(
uint n,
Cnv.EndianNess endn = Cnv.EndianNess.BigEndian
)
```
#### Parameters
##### *n* UInt32
Integer to be converted
##### *endn* [Cnv.EndianNess](#cnv_endianness_cnv-endianness) (Optional)
Byte order
#### Return Value
Byte[]
Byte array containing representation of integer in given order
Example
-------
```csharp
byte[] bb = Cnv.NumToBytes(0xdeadbeef, Cnv.EndianNess.BigEndian);
Console.WriteLine(Cnv.ToHex(bb)); // DEADBEEF
byte[] bl = Cnv.NumToBytes(0xdeadbeef, Cnv.EndianNess.LittleEndian);
Console.WriteLine(Cnv.ToHex(bl)); // EFBEADDE
```
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.ReverseBytes Method
=======================
Reverse the order of a byte array.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] ReverseBytes(
byte[] data
)
```
#### Parameters
##### *data* Byte[]
Input data to be reversed
#### Return Value
Byte[]
Byte array in reverse order
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.ShortPathName Method
========================
Retrieve the Windows short path form of the specified path.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ShortPathName(
string pathName
)
```
#### Parameters
##### *pathName* String
File path name.
#### Return Value
String
Windows short path name of file or the empty string if file does not exist.
Remarks
-------
Windows platforms only. The file path must exist. The short path name is guaranteed to be ASCII.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.StringFromBase64 Method
===========================
Convert a base64-encoded string into a text string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string StringFromBase64(
string s
)
```
#### Parameters
##### *s* String
Base64-encoded data
#### Return Value
String
String value
Remarks
-------
Uses the 'Default' encoding for the system's current ANSI code page. This assumes the user knows the resulting characters are all printable.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.StringFromHex Method
========================
Convert a hexadecimal-encoded string into a text string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string StringFromHex(
string s
)
```
#### Parameters
##### *s* String
Hex-encoded data
#### Return Value
String
String value
Remarks
-------
Uses the 'Default' encoding for the system's current ANSI code page, usually code page 1252 (similar to Latin-1). This assumes the user knows the resulting characters are all printable.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.ToBase58 Method
===================
Convert 8-bit binary data to equivalent base58-encoded string format.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ToBase58(
byte[] binaryData
)
```
#### Parameters
##### *binaryData* Byte[]
binary data
#### Return Value
String
Base58-encoded string
Remarks
-------
This uses the "Bitcoin" scheme of base58 encoding where the leading character '1' is reserved for representing an entire leading zero byte.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.ToBase64(Byte[]) Method
===========================
Convert 8-bit binary data to equivalent base64-encoded string format.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------- | ------------------------------------------------------------------------------- |
| **ToBase64(Byte[])** | Convert 8-bit binary data to equivalent base64-encoded string format. |
| [ToBase64(String)](#cnv_tobase64-string) | Convert a string of ANSI characters to equivalent base64-encoded string format. |
Syntax
------
```csharp
public static string ToBase64(
byte[] binaryData
)
```
#### Parameters
##### *binaryData* Byte[]
binary data
#### Return Value
String
Base64-encoded string
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.ToBase64(String) Method
===========================
Convert a string of ANSI characters to equivalent base64-encoded string format.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------- | ------------------------------------------------------------------------------- |
| [ToBase64(Byte[])](#cnv_tobase64-byte) | Convert 8-bit binary data to equivalent base64-encoded string format. |
| **ToBase64(String)** | Convert a string of ANSI characters to equivalent base64-encoded string format. |
Syntax
------
```csharp
public static string ToBase64(
string s
)
```
#### Parameters
##### *s* String
String of data to be encoded
#### Return Value
String
Base64-encoded data
Remarks
-------
Uses the 'Default' encoding for the system's current ANSI code page
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.ToHex(Byte[]) Method
========================
Convert 8-bit binary data to equivalent hexadecimal string format.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------ | ---------------------------------------------------------------------------- |
| **ToHex(Byte[])** | Convert 8-bit binary data to equivalent hexadecimal string format. |
| [ToHex(String)](#cnv_tohex-string) | Converts a string of ANSI characters to equivalent hexadecimal string format |
Syntax
------
```csharp
public static string ToHex(
byte[] binaryData
)
```
#### Parameters
##### *binaryData* Byte[]
binary data in byte array
#### Return Value
String
Hex-encoded string.
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.ToHex(String) Method
========================
Converts a string of ANSI characters to equivalent hexadecimal string format
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------ | ---------------------------------------------------------------------------- |
| [ToHex(Byte[])](#cnv_tohex-byte) | Convert 8-bit binary data to equivalent hexadecimal string format. |
| **ToHex(String)** | Converts a string of ANSI characters to equivalent hexadecimal string format |
Syntax
------
```csharp
public static string ToHex(
string s
)
```
#### Parameters
##### *s* String
String of data to be encoded
#### Return Value
String
Hex-encoded data
Remarks
-------
Uses the 'Default' encoding for the system's current ANSI code page
See Also
--------
[Cnv Class](#cnv_cnv)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Compr Class
===========
Compression utilities
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Compr**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Compr
```
The **Compr** type exposes the following members.
Methods
-------
| Name | Description |
| --------------- | --------------------------------------- |
| [Compress](#compr_compress) | Compress data using zlib compression. |
| [Uncompress](#compr_uncompress) | Uncompress data using zlib compression. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Compr.Compress Method
=====================
Compress data using zlib compression.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] Compress(
byte[] data
)
```
#### Parameters
##### *data* Byte[]
Data to be compressed.
#### Return Value
Byte[]
Compressed data, or an empty array on error.
See Also
--------
[Compr Class](#compr_compr)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Compr.Uncompress Method
=======================
Uncompress data using zlib compression.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] Uncompress(
byte[] data
)
```
#### Parameters
##### *data* Byte[]
Compressed data to be uncompressed.
#### Return Value
Byte[]
Uncompressed data, or an empty array on error.
Remarks
-------
An empty array may also be returned if the original data was the empty array itself.
See Also
--------
[Compr Class](#compr_compr)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc Class
=========
Elliptic curve cryptography
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Ecc**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Ecc
```
The **Ecc** type exposes the following members.
Methods
-------
| Name | Description |
| ------------------------- | ---------------------------------------------------------------------------------------------- |
| [DHSharedSecret](#ecc_dhsharedsecret) | Compute EC Diffie-Hellman (ECDH) shared secret. |
| [KeyHashCode](#ecc_keyhashcode) | Compute the hash code of an "internal" ECC public or private key string. |
| [MakeKeys](#ecc_makekeys) | Generate an EC public/private key pair and save as two key files. |
| [PublicKeyFromPrivate](#ecc_publickeyfromprivate) | Convert an internal EC private key string into an internal EC public key string. |
| [QueryKey](#ecc_querykey) | Query an EC key string for selected information. |
| [ReadKeyByCurve](#ecc_readkeybycurve) | Read an EC key from its hexadecimal representation with options for safe curves. |
| [ReadPrivateKey](#ecc_readprivatekey) | Read from a file or string containing an EC private key into an "internal" private key string. |
| [ReadPublicKey](#ecc_readpublickey) | Read from a file or string containing an EC public key into an "internal" public key string. |
| [SaveEncKey](#ecc_saveenckey) | Save an internal EC private key string to an encrypted private key file. |
| [SaveKey](#ecc_savekey) | Save an internal EC key string (public or private) to an unencrypted key file. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.DHSharedSecret Method
=========================
Compute EC Diffie-Hellman (ECDH) shared secret.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] DHSharedSecret(
string ourIntPrivateKey,
string theirIntPublicKey
)
```
#### Parameters
##### *ourIntPrivateKey* String
Our own private key in ephemeral "internal" form.
##### *theirIntPublicKey* String
Other party's public key in "internal" form.
#### Return Value
Byte[]
The Diffie-Hellman shared secret.
See Also
--------
[Ecc Class](#ecc_ecc)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.KeyHashCode Method
======================
Compute the hash code of an "internal" ECC public or private key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int KeyHashCode(
string intKeyString
)
```
#### Parameters
##### *intKeyString* String
Internal key string
#### Return Value
Int32
A 32-bit hash code for the key, or zero on error.
Remarks
-------
Should be the same for a matching private and public key.
See Also
--------
[Ecc Class](#ecc_ecc)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.MakeKeys Method
===================
Generate an EC public/private key pair and save as two key files.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeKeys(
string publicKeyfile,
string privateKeyFile,
Ecc.CurveName curveName,
string password,
Ecc.PbeScheme pbes = Ecc.PbeScheme.Default,
string paramString = "",
Ecc.Format fileFormat = Ecc.Format.Default
)
```
#### Parameters
##### *publicKeyfile* String
name of public key file to be created
##### *privateKeyFile* String
name of encrypted private key file to be created
##### *curveName* [Ecc.CurveName](#ecc_curvename_ecc-curvename)
name of elliptic curve
##### *password* String
password to be used for the encrypted key file.
##### *pbes* [Ecc.PbeScheme](#ecc_pbescheme_ecc-pbescheme) (Optional)
(optional) Password-based encryption scheme to encrypt private key [default = `pbeWithSHAAnd3-KeyTripleDES-CBC`]
##### *paramString* String (Optional)
Optional parameters. A set of attribute name=value pairs separated by a semicolon ";" (see remarks).
##### *fileFormat* [Ecc.Format](#ecc_format_ecc-format) (Optional)
(optional) Format to save file [default = DER binary]
#### Return Value
Int32
Zero if successful or non-zero [error code](#general_error-code)
Remarks
-------
Valid name-value pairs for `paramString` are:
| **count**=integer | To set the iteration count used in the PBKDF2 method, e.g. `"count=5000;"` [default=2048]. |
| ------------------ | -------------------------------------------------------------------------------------------------------------- |
| **prf**=hmac-name | To change the HMAC algorithm used in the PBKDF2 method, e.g. `"prf=hmacwithSHA256;"` [default=`hmacwithSHA1`]. |
| **rngseed**=string | To add some user-supplied entropy for the key generation process, e.g. `"rngseed=pqrrr1234xyz;"`. |
Valid values for hmac-name are one of `{hmacWithSHA1, hmacWithSHA224, hmacWithSHA256, hmacWithSHA384, hmacWithSHA512}`.
Example
-------
```csharp
// All default settings...
n = Ecc.MakeKeys(pubkeyfile, prikeyfile, Ecc.CurveName.Prime192v1, "password");
// With specialist options...
n = Ecc.MakeKeys(pubkeyfile, prikeyfile, Ecc.CurveName.Prime192v1, "password",
Ecc.PbeScheme.Pbe_Pbkdf2_aes128_CBC, "count=3999;prf=hmacWithSha256", Ecc.Format.PEM);
```
See Also
--------
[Ecc Class](#ecc_ecc)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.PublicKeyFromPrivate Method
===============================
Convert an internal EC private key string into an internal EC public key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string PublicKeyFromPrivate(
string internalKey
)
```
#### Parameters
##### *internalKey* String
the private key as an internal key string
#### Return Value
String
The public key in ephemeral "internal" representation, or the empty string on error
See Also
--------
[Ecc Class](#ecc_ecc)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.QueryKey Method
===================
Query an EC key string for selected information.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string QueryKey(
string internalKey,
string query
)
```
#### Parameters
##### *internalKey* String
containing the key as an internal key string
##### *query* String
Query string (case insensitive)
#### Return Value
String
String containing the result or an empty string if not found or error.
Remarks
-------
Valid queries are:
| `"curveName"` | Name of the curve. |
| -------------- | ---------------------------------------- |
| `"keyBits"` | Number of bits in the key. |
| `"isPrivate"` | "1" if key is a private key; "0" if not. |
| `"privateKey"` | Value of the private key in hex format. |
| `"publicKey"` | Value of the public key in hex format. |
See Also
--------
[Ecc Class](#ecc_ecc)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.ReadKeyByCurve Method
=========================
Read an EC key from its hexadecimal representation with options for safe curves.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ReadKeyByCurve(
string hexKey,
Ecc.CurveName curveName,
Ecc.KeyType keyType = Ecc.KeyType.Default
)
```
#### Parameters
##### *hexKey* String
hexadecimal representation of the key, private or public
##### *curveName* [Ecc.CurveName](#ecc_curvename_ecc-curvename)
name of the elliptic curve
##### *keyType* [Ecc.KeyType](#ecc_keytype_ecc-keytype) (Optional)
(optional) Specify `PrivateKey` or `PublicKey` (safe curves Ed25519 and X25519 only, otherwise ignored)
#### Return Value
String
The key in ephemeral "internal" representation, or the empty string on error
Remarks
-------
The safe curves Ed25519 and X25519 have the same length for both private and public keys, so, for these safe curves, you **must** specify whether the key value represents a public or a private key.
See Also
--------
[Ecc Class](#ecc_ecc)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.ReadPrivateKey Method
=========================
Read from a file or string containing an EC private key into an "internal" private key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static StringBuilder ReadPrivateKey(
string keyFileOrString,
string password = ""
)
```
#### Parameters
##### *keyFileOrString* String
Name of private key file or a PEM String containing the key
##### *password* String (Optional)
Password for private key, if encrypted; or `""` if not
#### Return Value
StringBuilder
StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error
Remarks
-------
This returns a StringBuilder, not a string, to allow secure wiping. Use sb.ToString() to obtain a string. Use [Wipe.String(sb)](#wipe_wipe-string-sb) to clear.
See Also
--------
[Ecc Class](#ecc_ecc)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Wipe.String Method
==================
Zeroise a StringBuilder.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static bool String(
StringBuilder sb
)
```
#### Parameters
##### *sb* StringBuilder
StringBuilder to be wiped
#### Return Value
Boolean
`true` if successful; `false` if fails
Remarks
-------
NB You can't wipe an ordinary string as they are immutable in C#, so store any sensitive string data in a StringBuilder.
Example
-------
```csharp
StringBuilder sbPrivateKey = Rsa.ReadPrivateKey("BobPrivRSAEncrypt.p8e", "password");
Console.WriteLine("Before Wipe.String, sbPrivateKey contains {0} characters.", sbPrivateKey.Length);
Wipe.String(sbPrivateKey);
Console.WriteLine("After Wipe.String, sbPrivateKey = [{0}]", sbPrivateKey.ToString());
// Before Wipe.String, sbPrivateKey contains 848 characters.
// After Wipe.String, sbPrivateKey = []
```
See Also
--------
[Wipe Class](#wipe_wipe)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.ReadPublicKey Method
========================
Read from a file or string containing an EC public key into an "internal" public key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static StringBuilder ReadPublicKey(
string keyFileOrString
)
```
#### Parameters
##### *keyFileOrString* String
Name of public key file or a PEM String containing the key
#### Return Value
StringBuilder
StringBuilder containing an internal representation of the public key; or an empty StringBuilder if error
Remarks
-------
This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.
See Also
--------
[Ecc Class](#ecc_ecc)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.SaveEncKey Method
=====================
Save an internal EC private key string to an encrypted private key file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int SaveEncKey(
string outputFile,
string internalKey,
string password,
Ecc.PbeScheme pbes,
string paramString,
Ecc.Format fileFormat
)
```
#### Parameters
##### *outputFile* String
name of key file to be created
##### *internalKey* String
the private key in an internal key string
##### *password* String
the password to be used for the encrypted key file
##### *pbes* [Ecc.PbeScheme](#ecc_pbescheme_ecc-pbescheme)
Password-based encryption scheme to encrypt private key [default = `pbeWithSHAAnd3-KeyTripleDES-CBC`]
##### *paramString* String
Optional parameters. A set of attribute name=value pairs separated by a semicolon ";" (see remarks). Set as `""` for defaults.
##### *fileFormat* [Ecc.Format](#ecc_format_ecc-format)
Format to save file [default = DER binary]
#### Return Value
Int32
Zero if successful or non-zero [error code](#general_error-code)
Remarks
-------
Valid name-value pairs for `paramString` are:
| **count**=integer | To set the iteration count used in the PBKDF2 method, e.g. `"count=5000;"` [default=2048]. |
| ----------------- | -------------------------------------------------------------------------------------------------------------- |
| **prf**=hmac-name | To change the HMAC algorithm used in the PBKDF2 method, e.g. `"prf=hmacwithSHA256;"` [default=`hmacwithSHA1`]. |
Valid values for hmac-name are one of `{hmacWithSHA1, hmacWithSHA224, hmacWithSHA256, hmacWithSHA384, hmacWithSHA512}`.
See Also
--------
[Ecc Class](#ecc_ecc)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.SaveKey Method
==================
Save an internal EC key string (public or private) to an unencrypted key file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int SaveKey(
string outputFile,
string internalKey,
Ecc.KeyType keyType = Ecc.KeyType.Default,
Ecc.Format fileFormat = Ecc.Format.Default
)
```
#### Parameters
##### *outputFile* String
Name of key file to be created
##### *internalKey* String
the private or public EC key in an internal key string
##### *keyType* [Ecc.KeyType](#ecc_keytype_ecc-keytype) (Optional)
Key structure for private key (ignored for public)
##### *fileFormat* [Ecc.Format](#ecc_format_ecc-format) (Optional)
Format to save file [default = DER binary]
#### Return Value
Int32
If successful, the return value is zero; otherwise it returns a nonzero [error code](#general_error-code)
See Also
--------
[Ecc Class](#ecc_ecc)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General Class
=============
General info about the core DLL and errors returned by it.
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.General**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class General
```
The **General** type exposes the following members.
Methods
-------
| Name | Description |
| ----------------------- | ------------------------------------------------------------------------------------------- |
| [CompileTime](#general_compiletime) | Return date and time the core CryptoSys PKI DLL was last compiled. |
| [ErrorCode](#general_general-errorcode) | Return the [error code](#general_error-code) of the first error that occurred when calling the last function. |
| [ErrorLookup](#general_error-code) | Return a description of an error code. |
| [FormatErrorMessage](#general_formaterrormessage) | Return an error message string for the last error. |
| [LastError](#general_lasterror) | Retrieve the last error message set by the toolkit. |
| [LicenceType](#general_licencetype) | Return licence type. |
| [ModuleInfo](#general_moduleinfo) | Get additional information about the core DLL module. |
| [ModuleName](#general_modulename) | Return full path name of core CryptoSys PKI DLL module. |
| [NetVersion](#general_netversion) | Return the version of this .NET module. |
| [Platform](#general_platform) | Return the platform the core DLL was compiled for. |
| [PowerUpTests](#general_poweruptests) | Perform FIPS-140-2 start-up tests. |
| [Version](#general_version) | Return the release version of the core CryptoSys PKI DLL as an integer value. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.CompileTime Method
==========================
Return date and time the core CryptoSys PKI DLL was last compiled.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string CompileTime()
```
#### Return Value
String
Date and time string
Example
-------
```csharp
string s = CryptoSysPKI.General.CompileTime();
Console.WriteLine("CompileTime={0}", s);
```
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.FormatErrorMessage Method
=================================
Return an error message string for the last error.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string FormatErrorMessage(
int errCode = 0,
string userMsg = ""
)
```
#### Parameters
##### *errCode* Int32 (Optional)
Error code returned by last call (optional)
##### *userMsg* String (Optional)
Optional message string
#### Return Value
String
Error message as a string `Error (errCode) ...`
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.LastError Method
========================
Retrieve the last error message set by the toolkit.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string LastError()
```
#### Return Value
String
Final error message from last call (may be empty)
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.LicenceType Method
==========================
Return licence type.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static char LicenceType()
```
#### Return Value
Char
D=Developer T=Trial
Example
-------
```csharp
char ch = CryptoSysPKI.General.LicenceType();
Console.WriteLine("LicenceType={0}", ch);
```
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.ModuleInfo Method
=========================
Get additional information about the core DLL module.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ModuleInfo()
```
#### Return Value
String
Additional information, e.g. "Licensed Developer Edition".
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.ModuleName Method
=========================
Return full path name of core CryptoSys PKI DLL module.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ModuleName()
```
#### Return Value
String
File name.
Remarks
-------
If using the Win32 DLL in the system folder on a 64-bit system, Windows will return `"C:\WINDOWS\SYSTEM32\diCrPKI.dll"` when the DLL file path is actually `"C:\WINDOWS\SYSWOW64\diCrPKI.dll"`. Use [General.Platform()](#general_platform) to find out exactly which DLL is being used.
Example
-------
```csharp
string s = CryptoSysPKI.General.ModuleName();
Console.WriteLine("ModuleName={0}", s);
```
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.NetVersion Method
=========================
Return the version of this .NET module.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string NetVersion()
```
#### Return Value
String
Version string, e.g. `"20.1.0"`
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.Platform Method
=======================
Return the platform the core DLL was compiled for.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string Platform()
```
#### Return Value
String
`"Win32"` or `"X64"`
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.PowerUpTests Method
===========================
Perform FIPS-140-2 start-up tests.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int PowerUpTests()
```
#### Return Value
Int32
Zero on success
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
General.Version Method
======================
Return the release version of the core CryptoSys PKI DLL as an integer value.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int Version()
```
#### Return Value
Int32
Version number in form Major * 10000 + Minor * 100 + Release. For example, version 3.10.1 would return 31001.
Example
-------
```csharp
int n = CryptoSysPKI.General.Version();
Console.WriteLine("Version={0}", n);
```
See Also
--------
[General Class](#general_general)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hash Class
==========
Message Digest Hash Functions
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Hash**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Hash
```
The **Hash** type exposes the following members.
Methods
-------
| Name | Description |
| -------------------- | --------------------------------------------------------------------------------------------------------- |
| [BytesFromBytes](#hash_bytesfrombytes) | Create hash digest in byte format of byte input. |
| [BytesFromFile](#hash_bytesfromfile) | Create hash digest of a binary file. |
| [Double](#hash_double) | Create double hash, i.e. hash of hash, in byte format of byte input. |
| [HexFromBytes](#hash_hexfrombytes) | Create hash digest in hex format of byte input. |
| [HexFromFile](#hash_hexfromfile) | Create hash digest in hex format of a binary file. |
| [HexFromHex](#hash_hexfromhex) | Create hash digest in hex format of hex-encoded input. |
| [HexFromString](#hash_hexfromstring) | Create hash digest in hex format of string input. |
| [HexFromTextFile](#hash_hexfromtextfile) | Create hash digest in hex format of a text file, treating CR-LF (0x13, 0x10) pairs as a single LF (0x10). |
| [Length](#hash_length) | Return length of message digest output in bytes. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hash.BytesFromBytes Method
==========================
Create hash digest in byte format of byte input.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] BytesFromBytes(
byte[] message,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *message* Byte[]
Message data in byte format
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
Byte[]
Message digest in byte format
Example
-------
```csharp
byte[] m = { 0x61, 0x62, 0x63 }; // "abc" in byte array
byte[] h = Hash.BytesFromBytes(m, HashAlgorithm.Sha256);
Console.WriteLine("SHA-256(b'abc')=\n" + h.ToHex());
// BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD
```
See Also
--------
[Hash Class](#hash_hash)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hash.BytesFromFile Method
=========================
Create hash digest of a binary file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] BytesFromFile(
string fileName,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *fileName* String
Name of file containing message data
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
Byte[]
Message digest in byte format
See Also
--------
[Hash Class](#hash_hash)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hash.Double Method
==================
Create double hash, i.e. hash of hash, in byte format of byte input.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] Double(
byte[] message,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *message* Byte[]
Message data in byte format
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
Byte[]
Message digest `HASH(HASH(m))` in byte format
See Also
--------
[Hash Class](#hash_hash)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hash.HexFromBytes Method
========================
Create hash digest in hex format of byte input.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string HexFromBytes(
byte[] message,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *message* Byte[]
Message data in byte format
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
String
Message digest in hex-encoded format
Example
-------
```csharp
byte[] m = { 0x61, 0x62, 0x63 }; // "abc" in byte array
string s = Hash.HexFromBytes(m, HashAlgorithm.Sha256);
Console.WriteLine("SHA-256(b'abc')=\n" + s);
// ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
```
See Also
--------
[Hash Class](#hash_hash)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hash.HexFromFile Method
=======================
Create hash digest in hex format of a binary file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string HexFromFile(
string fileName,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *fileName* String
Name of file containing message data
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
String
Message digest in hex-encoded format
See Also
--------
[Hash Class](#hash_hash)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hash.HexFromHex Method
======================
Create hash digest in hex format of hex-encoded input.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string HexFromHex(
string messageHex,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *messageHex* String
Message data in hex-encoded format
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
String
Message digest in hex-encoded format
Example
-------
```csharp
string m = "616263"; // "abc" encoded in a hex string
string s = Hash.HexFromHex(m, HashAlgorithm.Sha256);
Console.WriteLine("SHA-256('abc')=\n" + s);
// ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
```
See Also
--------
[Hash Class](#hash_hash)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hash.HexFromString Method
=========================
Create hash digest in hex format of string input.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string HexFromString(
string message,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *message* String
Message data string
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
String
Message digest in hex-encoded format
Example
-------
```csharp
string m = "abc";
string s = Hash.HexFromString(m, HashAlgorithm.Sha256);
Console.WriteLine("SHA-256('abc')=\n" + s);
// ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
```
See Also
--------
[Hash Class](#hash_hash)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hash.HexFromTextFile Method
===========================
Create hash digest in hex format of a text file, treating CR-LF (0x13, 0x10) pairs as a single LF (0x10).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string HexFromTextFile(
string fileName,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *fileName* String
Name of file containing message data
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
String
Message digest in hex format
Remarks
-------
This should give the same message digest of a text file on both Unix and Windows systems.
See Also
--------
[Hash Class](#hash_hash)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hash.Length Method
==================
Return length of message digest output in bytes.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int Length(
HashAlgorithm hashAlg
)
```
#### Parameters
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm
#### Return Value
Int32
Length of the hash function output in bytes.
Example
-------
```csharp
HashAlgorithm alg = HashAlgorithm.Sha256;
Console.WriteLine("len({0})={1}", alg.ToString(), Hash.Length(alg));
// len(Sha256)=32
```
See Also
--------
[Hash Class](#hash_hash)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
HexExtension Class
==================
Extension methods for hex conversion
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.HexExtension**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static class HexExtension
```
The **HexExtension** type exposes the following members.
Methods
-------
| Name | Description |
| ------------ | ---------------------------------- |
| [FromHex](#hexextension_fromhex) | Decode a hex-encoded string |
| [ToHex](#hexextension_tohex) | Encode a byte array in hexadecimal |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
HexExtension.FromHex Method
===========================
Decode a hex-encoded string
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] FromHex(
this string s
)
```
#### Parameters
##### *s* String
Input string of hex characters
#### Return Value
Byte[]
Decoded byte array
#### Usage Note
In Visual Basic and C#, you can call this method as an instance method on any object of type String. When you use instance method syntax to call this method, omit the first parameter. For more information, see [Extension Methods (Visual Basic)](https://docs.microsoft.com/dotnet/visual-basic/programming-guide/language-features/procedures/extension-methods) or [Extension Methods (C# Programming Guide)](https://docs.microsoft.com/dotnet/csharp/programming-guide/classes-and-structs/extension-methods).
Example
-------
```csharp
byte[] b = "00010203".FromHex();
// { 0x00, 0x01, 0x02, 0x03 };
```
See Also
--------
[HexExtension Class](#hexextension_hexextension)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
HexExtension.ToHex Method
=========================
Encode a byte array in hexadecimal
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ToHex(
this byte[] b
)
```
#### Parameters
##### *b* Byte[]
Input byte array
#### Return Value
String
Hex-encoded string
#### Usage Note
In Visual Basic and C#, you can call this method as an instance method on any object of type Byte[]. When you use instance method syntax to call this method, omit the first parameter. For more information, see [Extension Methods (Visual Basic)](https://docs.microsoft.com/dotnet/visual-basic/programming-guide/language-features/procedures/extension-methods) or [Extension Methods (C# Programming Guide)](https://docs.microsoft.com/dotnet/csharp/programming-guide/classes-and-structs/extension-methods).
Example
-------
```csharp
byte[] b = { 0x00, 0x01, 0x02, 0x03 };
string s = b.ToHex(); // 00010203
```
See Also
--------
[HexExtension Class](#hexextension_hexextension)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hmac Class
==========
Keyed-hash based message authentication code (HMAC) functions
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Hmac**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Hmac
```
The **Hmac** type exposes the following members.
Methods
-------
| Name | Description |
| ------------------- | ---------------------------------------------------------------------- |
| [BytesFromBytes](#hmac_bytesfrombytes) | Create a keyed-hash HMAC in byte format from byte input. |
| [HexFromBytes](#hmac_hexfrombytes) | Create a keyed-hash HMAC in hex-encoded format from byte input. |
| [HexFromHex](#hmac_hexfromhex) | Create a keyed-hash HMAC in hex-encoded format from hex-encoded input. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hmac.BytesFromBytes Method
==========================
Create a keyed-hash HMAC in byte format from byte input.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] BytesFromBytes(
byte[] message,
byte[] key,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *message* Byte[]
Message to be signed in byte format
##### *key* Byte[]
Key in byte format
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
Byte[]
HMAC in byte format
Example
-------
```csharp
Console.WriteLine("HMAC Test case 4 from RFC 2202 and RFC 4231...");
// Test case 4 from RFC 2202 and RFC 4231
// key = 0x0102030405060708090a0b0c0d0e0f10111213141516171819
// key_len 25
// data = 0xcd repeated 50 times
// data_len = 50
int i;
byte[] key = new byte[25];
for (i = 0; i < 25; i++)
key[i] = (byte)(i + 1);
byte[] msg = new byte[50];
for (i = 0; i < 50; i++)
msg[i] = 0xcd;
// Compute HMAC-SHA-256
byte[] b = Hmac.BytesFromBytes(msg, key, HashAlgorithm.Sha256);
Console.WriteLine("HMAC-SHA-256(50(0xcd), 0x0102..19)=\n{0}", Cnv.ToHex(b));
// 82558A389A443C0EA4CC819899F2083A85F0FAA3E578F8077A2E3FF46729665B
```
See Also
--------
[Hmac Class](#hmac_hmac)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hmac.HexFromBytes Method
========================
Create a keyed-hash HMAC in hex-encoded format from byte input.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string HexFromBytes(
byte[] message,
byte[] key,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *message* Byte[]
Message to be signed in byte format
##### *key* Byte[]
Key in byte format
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
String
HMAC in hex-encoded format
Example
-------
```csharp
// Hmac of with input in hex format
string s = Hmac.HexFromHex("4869205468657265", "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", HashAlgorithm.Sha256);
Console.WriteLine("HMAC-SHA-256('Hi There', (0x0b)*20)=\n{0}", s);
// b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7
```
See Also
--------
[Hmac Class](#hmac_hmac)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hmac.HexFromHex Method
======================
Create a keyed-hash HMAC in hex-encoded format from hex-encoded input.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string HexFromHex(
string messageHex,
string keyHex,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *messageHex* String
Message to be signed in hex-encoded format
##### *keyHex* String
Key in hex-encoded format
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used
#### Return Value
String
HMAC in hex-encoded format
See Also
--------
[Hmac Class](#hmac_hmac)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hpke Class
==========
Hybrid Public Key Encryption functions (HPKE)
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Hpke**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Hpke
```
The **Hpke** type exposes the following members.
Methods
-------
| Name | Description |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------- |
| [DerivePrivateKey](#hpke_deriveprivatekey) | Derive an EC private key in a deterministic manner from input keying material using the DeriveKeyPair algorithm in RFC9180. |
| [LabeledExpand](#hpke_labeledexpand) | Compute the output of the LabeledExpand function as defined in RFC9180. |
| [LabeledExtract](#hpke_labeledextract) | Compute the output of the LabeledExtract function as defined in RFC9180. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hpke.DerivePrivateKey Method
============================
Derive an EC private key in a deterministic manner from input keying material using the DeriveKeyPair algorithm in RFC9180.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string DerivePrivateKey(
byte[] ikm,
Hpke.CurveName curveName,
Hpke.OutputOpts opts = Hpke.OutputOpts.Default
)
```
#### Parameters
##### *ikm* Byte[]
Input key material (ikm). This must have length in bytes at least as long as the key to be produced.
##### *curveName* [Hpke.CurveName](#hpke_curvename_hpke-curvename)
Curve name
##### *opts* [Hpke.OutputOpts](#hpke_outputopts_hpke-outputopts) (Optional)
Output options (default=internal key format)
#### Return Value
String
Derived private key in string form or an empty string on error.
Remarks
-------
By default the key is output as an ephemeral "internal" key string, which can be used directly with [Ecc.SaveKey](#ecc_ecc-savekey), [Ecc.SaveEncKey](#ecc_ecc-saveenckey), [Ecc.PublicKeyFromPrivate](#ecc_ecc-publickeyfromprivate), [Ecc.DHSharedSecret](#ecc_ecc-dhsharedsecret) and [Ecc.QueryKey](#ecc_ecc-querykey). If `opts` is set to `OutputOpts.KeyAsHex` then the key is output in serialized hexadecimal form in the same manner as the test vectors in [RFC9180] (without the clamping). The KDF to be used is fixed by the EC curve group as follows:
| EC curve | KDF |
| -------- | ----------- |
| P-256 | HKDF-SHA256 |
| P-384 | HKDF-SHA384 |
| P-521 | HKDF-SHA512 |
| X25519 | HKDF-SHA256 |
| X448 | HKDF-SHA512 |
Example
-------
```csharp
string ikmhex = "7268600d403fce431561aef583ee1613527cff655c1343f29812e66706df3234";
string skhex = Hpke.DerivePrivateKey(Cnv.FromHex(ikmhex), Hpke.CurveName.X25519, Hpke.OutputOpts.KeyAsHex);
// 52c4a758a802cd8b936eceea314432798d5baf2d7e9235dc084ab1b9cfa2f736
```
See Also
--------
[Hpke Class](#hpke_hpke)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hpke.LabeledExpand Method
=========================
Compute the output of the LabeledExpand function as defined in RFC9180.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] LabeledExpand(
int numBytes,
byte[] prk,
string label,
byte[] info,
Hpke.CurveName curveName,
Hpke.AeadAlg aeadAlg = Hpke.AeadAlg.None
)
```
#### Parameters
##### *numBytes* Int32
Required number of bytes (L) of output keying material.
##### *prk* Byte[]
Pseudorandom key (prk)
##### *label* String
Label string
##### *info* Byte[]
Byte string info
##### *curveName* [Hpke.CurveName](#hpke_curvename_hpke-curvename)
ECDH curve used in scheme
##### *aeadAlg* [Hpke.AeadAlg](#hpke_aeadalg_hpke-aeadalg) (Optional)
AEAD encryption algorithm used in the scheme or 0 (default) to indicate KDF is being used inside a KEM algorithm.
#### Return Value
Byte[]
L bytes of output keying material.
Remarks
-------
The `LabeledExpand` function is defined in section 4 of [RFC9180]. It uses the "expand" stage of the HKDF function [RFC5869]. The ECDH curve group used in the scheme must be specified, which automatically fixes the KDF and associated HMAC algorithm to be used.
Example
-------
```csharp
int Nk = 16;
// key = LabeledExpand(secret, 'key', key_schedule_context, Nk)
byte[] key = Hpke.LabeledExpand(Nk, Cnv.FromHex("12fff91991e93b48de37e7daddb52981084bd8aa64289c3788471d9a9712f397"), "key",
Cnv.FromHex("00725611c9d98c07c03f60095cd32d400d8347d45ed67097bbad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637abb05449"),
Hpke.CurveName.X25519, Hpke.AeadAlg.Aes_128_Gcm);
// 4531685d41d65f03dc48f6b8302c05b0
```
See Also
--------
[Hpke Class](#hpke_hpke)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hpke.LabeledExtract Method
==========================
Compute the output of the LabeledExtract function as defined in RFC9180.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] LabeledExtract(
byte[] salt,
string label,
byte[] ikm,
Hpke.CurveName curveName,
Hpke.AeadAlg aeadAlg = Hpke.AeadAlg.None
)
```
#### Parameters
##### *salt* Byte[]
Byte string salt
##### *label* String
Label string
##### *ikm* Byte[]
Input keying material (ikm)
##### *curveName* [Hpke.CurveName](#hpke_curvename_hpke-curvename)
ECDH curve used in scheme
##### *aeadAlg* [Hpke.AeadAlg](#hpke_aeadalg_hpke-aeadalg) (Optional)
AEAD encryption algorithm used in the scheme or 0 (default) to indicate KDF is being used inside a KEM algorithm.
#### Return Value
Byte[]
A pseudorandom key of fixed length Nh bytes.
Remarks
-------
The `LabeledExtract` function is defined in section 4 of [RFC9180]. It uses the "extract" stage of the HKDF function [RFC5869] and outputs a fixed value of bytes equal to the length (Nh) of the underlying HMAC function used by the KDF algorithm. The ECDH curve group used in the scheme must be specified, which automatically fixes the KDF and associated HMAC algorithm to be used.
Example
-------
```csharp
// Used inside KEM
string ikmhex = "7268600d403fce431561aef583ee1613527cff655c1343f29812e66706df3234";
Console.WriteLine(Cnv.ToHex(Hpke.LabeledExtract(null, "dkp_prk", Cnv.FromHex(ikmhex), Hpke.CurveName.X25519)));
// 7B8BFE1D6F3D0CB45C585E133299C64AC998BF46CAF2DC13BA874F23413EC23A
// Used outside KEM
Console.WriteLine(Cnv.ToHex(Hpke.LabeledExtract(null, "psk_id_hash", null, Hpke.CurveName.X25519, Hpke.AeadAlg.Aes_128_Gcm)));
// 725611C9D98C07C03F60095CD32D400D8347D45ED67097BBAD50FC56DA742D07
```
See Also
--------
[Hpke Class](#hpke_hpke)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Kdf Class
=========
Key derivation functions (KDF)
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Kdf**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Kdf
```
The **Kdf** type exposes the following members.
Methods
-------
| Name | Description |
| ----------- | ----------------------------------------------------------------------------------------------------------- |
| [Bytes](#kdf_bytes) | Generate a key-encryption key (KEK) from input keying material (IKM) using a key derivation function (KDF). |
| [ForCms](#kdf_forcms) | Generate a key-encryption key (KEK) for ECDH key exchange in a CMS EnvelopedData object. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Kdf.Bytes Method
================
Generate a key-encryption key (KEK) from input keying material (IKM) using a key derivation function (KDF).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] Bytes(
int dkLen,
byte[] ikm,
Kdf.KdfAlg kdfAlg = Kdf.KdfAlg.X963,
Kdf.HashAlg hashAlg = Kdf.HashAlg.Sha1,
byte[] sharedInfo = null,
string paramString = ""
)
```
#### Parameters
##### *dkLen* Int32
Required length of output key material in bytes.
##### *ikm* Byte[]
Input key material/shared secret.
##### *kdfAlg* [Kdf.KdfAlg](#kdf_kdfalg_kdf-kdfalg) (Optional)
Key derivation function to use.
##### *hashAlg* [Kdf.HashAlg](#kdf_hashalg_kdf-hashalg) (Optional)
Hash algorithm to use with the key derivation function (default is SHA-1)
##### *sharedInfo* Byte[] (Optional)
SharedInfo (optional)
##### *paramString* String (Optional)
Optional parameters. Set as `""` for defaults. Pass attribute-value `salt=` to set the optional salt parameter for the HKDF algorithm, e.g. `"salt=606162636465666768696a6b6c6d6e6f;"`
#### Return Value
Byte[]
Output key material (KEK).
Example
-------
```csharp
// [RFC 5869] A.1. Test Case 1 Basic test case with SHA-256
int nbytes = 42;
byte[] zz = "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b".FromHex();
byte [] info = "f0f1f2f3f4f5f6f7f8f9".FromHex();
byte[] kek = Kdf.Bytes(nbytes, zz, Kdf.KdfAlg.Hkdf, Kdf.HashAlg.Sha256, info, "salt=000102030405060708090a0b0c");
Console.WriteLine("KEK={0}", Cnv.ToHex(kek));
// KEK=3CB25F25FAACD57A90434F64D0362F2A2D2D0A90CF1A5A4C5DB02D56ECC4C5BF34007208D5B887185865
```
See Also
--------
[Kdf Class](#kdf_kdf)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Kdf.ForCms Method
=================
Generate a key-encryption key (KEK) for ECDH key exchange in a CMS EnvelopedData object.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] ForCms(
byte[] zz,
Kdf.KeyWrapAlg keyWrapAlg,
Kdf.KdfAlg kdfAlg = Kdf.KdfAlg.X963,
Kdf.HashAlg hashAlg = Kdf.HashAlg.Sha1,
byte[] ukm = null
)
```
#### Parameters
##### *zz* Byte[]
Input key material/shared secret value (denoted variously as ZZ/Z/K/IKM)
##### *keyWrapAlg* [Kdf.KeyWrapAlg](#kdf_keywrapalg_kdf-keywrapalg)
Key wrap algorithm (required, cannot be Default)
##### *kdfAlg* [Kdf.KdfAlg](#kdf_kdfalg_kdf-kdfalg) (Optional)
Key derivation function to use.
##### *hashAlg* [Kdf.HashAlg](#kdf_hashalg_kdf-hashalg) (Optional)
Hash algorithm to use with the key derivation function (default is SHA-1)
##### *ukm* Byte[] (Optional)
Optional user key material (ukm)
#### Return Value
Byte[]
Output key material (KEK).
Remarks
-------
This is a specialist function using the key definition algorithms described in [RFC5753] and [RFC8418] when used for key agreement with ECDH in a CMS EnvelopedData object. The key-encryption key is derived using the ECC-CMS-SharedInfo type, described in section 7.2 of [RFC5753].
See Also
--------
[Kdf Class](#kdf_kdf)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ocsp Class
==========
Online Certificate Status Protocol (OCSP)
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Ocsp**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Ocsp
```
The **Ocsp** type exposes the following members.
Methods
-------
| Name | Description |
| ----------------- | -------------------------------------------------------------------------------------------------------------------- |
| [MakeRequest](#ocsp_makerequest) | Create an Online Certification Status Protocol (OCSP) request as a base64 string. |
| [ReadResponse](#ocsp_readresponse) | Read a response to an Online Certification Status Protocol (OCSP) request and outputs the main results in text form. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ocsp.MakeRequest Method
=======================
Create an Online Certification Status Protocol (OCSP) request as a base64 string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string MakeRequest(
string issuerCert,
string certFileOrSerialNumber,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *issuerCert* String
name of issuer's X.509 certificate file (or base64 representation)
##### *certFileOrSerialNumber* String
either the name of X.509 certificate file to be checked or its serial number in hexadecimal format preceded by #x
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to be used [default = SHA-1]
#### Return Value
String
A base64 string suitable for an OCSP request to an Online Certificate Status Manager or an empty string on error.
Remarks
-------
The issuer's X.509 certficate must be specified. The certificate to be checked can either be specified directly as a filename or as a serialNumber in hexadecimal format preceded by "#x", e.g. "#x01deadbeef". If the latter format is used, it must be in hexadecimal format, so the serial number 10 would be passed as "#x0a". It is an error (NO_MATCH_ERROR) if the issuer's name of the certificate to be checked does not match the subject name of the issuer's certificate.
See Also
--------
[Ocsp Class](#ocsp_ocsp)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ocsp.ReadResponse Method
========================
Read a response to an Online Certification Status Protocol (OCSP) request and outputs the main results in text form.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ReadResponse(
string responseFile,
string issuerCert
)
```
#### Parameters
##### *responseFile* String
name of the file containing the response data in BER format.
##### *issuerCert* String
(optional) name of issuer's X.509 certificate file (or base64 representation)
#### Return Value
String
A text string outlining the main results in the response data or an empty string on error.
Remarks
-------
Note that a revoked certificate will still result in a "Successful response", so check the CertStatus. The issuer's X.509 certficate `issuerCert` is optional. If provided, it will be used to check the signature on the OCSP reponse and and an error will result if the signature is not valid. **CAUTION:** For some CAs (e.g. VeriSign) the key used to sign the OCSP response is not the same as the key in the issuer's certificate, so specifying the issuer's certificate in this case will result in a signature error. If you can separately obtain the certificate used to sign the OCSP response, then specify this as the `issuerCert`; otherwise leave as the empty string `""`.
See Also
--------
[Ocsp Class](#ocsp_ocsp)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pbe Class
=========
Password-based encryption
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Pbe**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Pbe
```
The **Pbe** type exposes the following members.
Methods
-------
| Name | Description |
| ------------------------------------------------------- | ---------------------------------------------------------------------------------------- |
| [Kdf2(Int32, Byte[], Byte[], Int32, HashAlgorithm)](#pbe_kdf2-int32-byte-byte-int32-hashalgorithm) | Derive a key of any length from a password using the PBKDF2 algorithm from PKCS #5 v2.1. |
| [Kdf2(Int32, String, String, Int32, HashAlgorithm)](#pbe_kdf2-int32-string-string-int32-hashalgorithm) | Derive a key in hex format of any length from a password with the salt in hex format. |
| [Scrypt(Int32, Byte[], Byte[], Int32, Int32, Int32)](#pbe_scrypt-int32-byte-byte-int32-int32-int32) | Derives a key of any length from a password using the SCRYPT algorithm. |
| [Scrypt(Int32, String, String, Int32, Int32, Int32)](#pbe_scrypt-int32-string-string-int32-int32-int32) | Derives a key in hex format from a password with the salt in hex format |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pbe.Kdf2(Int32, Byte[], Byte[], Int32, HashAlgorithm) Method
============================================================
Derive a key of any length from a password using the PBKDF2 algorithm from PKCS #5 v2.1.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------ | ---------------------------------------------------------------------------------------- |
| **Kdf2(Int32, Byte[], Byte[], Int32, HashAlgorithm)** | Derive a key of any length from a password using the PBKDF2 algorithm from PKCS #5 v2.1. |
| [Kdf2(Int32, String, String, Int32, HashAlgorithm)](#pbe_kdf2-int32-string-string-int32-hashalgorithm) | Derive a key in hex format of any length from a password with the salt in hex format. |
Syntax
------
```csharp
public static byte[] Kdf2(
int dkLen,
byte[] pwdBytes,
byte[] salt,
int count,
HashAlgorithm hashAlg = HashAlgorithm.Sha1
)
```
#### Parameters
##### *dkLen* Int32
Required length of key in bytes
##### *pwdBytes* Byte[]
Password in byte format
##### *salt* Byte[]
Salt in byte format
##### *count* Int32
Iteration count
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm) (Optional)
Hash algorithm to use in HMAC PRF (default is SHA-1)
#### Return Value
Byte[]
Key in byte[] format
Example
-------
```csharp
// Use PBKDF2 with SHA-256 hash function to derive 192-bit key
// convert password string to bytes
byte[] pwd = System.Text.Encoding.Default.GetBytes("password");
// make a salt
byte[] salt = new byte[] { 0x78, 0x57, 0x8e, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
int n = 24;
byte[] key = Pbe.Kdf2(n, pwd, salt, 2048, HashAlgorithm.Sha256);
Console.WriteLine("Key({0})={1}", n * 8, key.ToHex());
// Key(192)=97B5A91D35AF542324881315C4F849E327C4707D1BC9D322
```
See Also
--------
[Pbe Class](#pbe_pbe)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pbe.Kdf2(Int32, String, String, Int32, HashAlgorithm) Method
============================================================
Derive a key in hex format of any length from a password with the salt in hex format.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------ | ---------------------------------------------------------------------------------------- |
| [Kdf2(Int32, Byte[], Byte[], Int32, HashAlgorithm)](#pbe_kdf2-int32-byte-byte-int32-hashalgorithm) | Derive a key of any length from a password using the PBKDF2 algorithm from PKCS #5 v2.1. |
| **Kdf2(Int32, String, String, Int32, HashAlgorithm)** | Derive a key in hex format of any length from a password with the salt in hex format. |
Syntax
------
```csharp
public static string Kdf2(
int dkLen,
string pwdStr,
string saltHex,
int count,
HashAlgorithm hashAlg = HashAlgorithm.Sha1
)
```
#### Parameters
##### *dkLen* Int32
Required length of key in bytes
##### *pwdStr* String
Password
##### *saltHex* String
Salt in hex format
##### *count* Int32
Iteration count
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm) (Optional)
Hash algorithm to use in HMAC PRF (default is SHA-1)
#### Return Value
String
Key in hex format
Example
-------
```csharp
string saltHex = "78578e5a5d63cb06";
int n = 24;
string keyStr = Pbe.Kdf2(n, "password", saltHex, 2048, HashAlgorithm.Sha256);
Debug.Assert(keyStr.Length > 0, "ERROR with PbeKdf2/Hex");
Console.WriteLine("Key({0})={1}", n * 8, keyStr);
// Key(192)=97B5A91D35AF542324881315C4F849E327C4707D1BC9D322
```
See Also
--------
[Pbe Class](#pbe_pbe)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pbe.Scrypt(Int32, Byte[], Byte[], Int32, Int32, Int32) Method
=============================================================
Derives a key of any length from a password using the SCRYPT algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------- | ----------------------------------------------------------------------- |
| **Scrypt(Int32, Byte[], Byte[], Int32, Int32, Int32)** | Derives a key of any length from a password using the SCRYPT algorithm. |
| [Scrypt(Int32, String, String, Int32, Int32, Int32)](#pbe_scrypt-int32-string-string-int32-int32-int32) | Derives a key in hex format from a password with the salt in hex format |
Syntax
------
```csharp
public static byte[] Scrypt(
int dkLen,
byte[] pwdBytes,
byte[] salt,
int N,
int r,
int p
)
```
#### Parameters
##### *dkLen* Int32
Required length of key in bytes
##### *pwdBytes* Byte[]
Password encoded in byte format
##### *salt* Byte[]
Salt in byte format
##### *N* Int32
CPU/Memory cost parameter, a number greater than one and a power of 2.
##### *r* Int32
Block size r
##### *p* Int32
Parallelization parameter p
#### Return Value
Byte[]
Key in byte[] format
Example
-------
```csharp
// Test vectors from [RFC7914]
// scrypt (P="password", S="NaCl", N=1024, r=8, p=16, dkLen=64)
int dkLen = 64;
byte[] pwd = System.Text.Encoding.Default.GetBytes("password");
byte[] salt = System.Text.Encoding.Default.GetBytes("NaCl");
byte[] key = Pbe.Scrypt(dkLen, pwd, salt, 1024, 8, 16);
Debug.Assert(key.Length > 0, "ERROR with Pbe.Scrypt");
Console.WriteLine("dk={0}", key.ToHex());
// FDBABE1C9D3472007856E7190D01E9FE7C6AD7CBC8237830E77376634B373162
// 2EAF30D92E22A3886FF109279D9830DAC727AFB94A83EE6D8360CBDFA2CC0640
```
See Also
--------
[Pbe Class](#pbe_pbe)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pbe.Scrypt(Int32, String, String, Int32, Int32, Int32) Method
=============================================================
Derives a key in hex format from a password with the salt in hex format
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------- | ----------------------------------------------------------------------- |
| [Scrypt(Int32, Byte[], Byte[], Int32, Int32, Int32)](#pbe_scrypt-int32-byte-byte-int32-int32-int32) | Derives a key of any length from a password using the SCRYPT algorithm. |
| **Scrypt(Int32, String, String, Int32, Int32, Int32)** | Derives a key in hex format from a password with the salt in hex format |
Syntax
------
```csharp
public static string Scrypt(
int dkLen,
string pwdStr,
string saltHex,
int N,
int r,
int p
)
```
#### Parameters
##### *dkLen* Int32
Required length of key in bytes
##### *pwdStr* String
Password (normal text)
##### *saltHex* String
Salt in hex format
##### *N* Int32
CPU/Memory cost parameter, a number greater than one and a power of 2.
##### *r* Int32
Block size r
##### *p* Int32
Parallelization parameter p
#### Return Value
String
Key in hex format
Remarks
-------
Password `pwdStr` is normal text, not hexadecimal
Example
-------
```csharp
string keyHex = Pbe.Scrypt(64, "password", "4E61436C", 1024, 8, 16);
```
See Also
--------
[Pbe Class](#pbe_pbe)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pem Class
=========
PEM file conversion routines
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Pem**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Pem
```
The **Pem** type exposes the following members.
Methods
-------
| Name | Description |
| -------------------- | ------------------------------------------------------------------ |
| [FileFromBinFile](#pem_filefrombinfile) | Create a PEM file from a binary file with option for line endings. |
| [FileToBinFile](#pem_filetobinfile) | Convert the contents of a PEM file into a binary file. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pem.FileFromBinFile Method
==========================
Create a PEM file from a binary file with option for line endings.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int FileFromBinFile(
string fileToMake,
string fileIn,
string header,
int lineLen,
bool unixEOL = false
)
```
#### Parameters
##### *fileToMake* String
Name of PEM file to create
##### *fileIn* String
Name of input binary file
##### *header* String
Header to be used. Leave empty to omit the PEM header and footer.
##### *lineLen* Int32
Maximum length of a line in the resulting PEM file [default = 64 characters]
##### *unixEOL* Boolean (Optional)
Set true for Unix/SSL LF line endings [optional, default = Windows CR-LF endings]
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
See Also
--------
[Pem Class](#pem_pem)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pem.FileToBinFile Method
========================
Convert the contents of a PEM file into a binary file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int FileToBinFile(
string fileToMake,
string fileIn
)
```
#### Parameters
##### *fileToMake* String
Name of binary file to create.
##### *fileIn* String
Name of input PEM file
#### Return Value
Int32
Zero if successful; otherwise it returns an [error code](#general_error-code)
See Also
--------
[Pem Class](#pem_pem)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pfx Class
=========
PKCS-12 (PFX) File Functions
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Pfx**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Pfx
```
The **Pfx** type exposes the following members.
Methods
-------
| Name | Description |
| --------------------- | ---------------------------------------------------------------------------------------------------------------------- |
| [MakeFile](#pfx_makefile) | Create a PFX (PKCS-12) file from an X.509 certificate and (optional) encrypted private key file with advanced options. |
| [SignatureIsValid](#pfx_signatureisvalid) | Verify the MacData signature in a PKCS-12 file. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pfx.MakeFile Method
===================
Create a PFX (PKCS-12) file from an X.509 certificate and (optional) encrypted private key file with advanced options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeFile(
string fileToMake,
string certFile,
string privateKeyFile,
string password,
string friendlyName,
Pfx.Options pfxOptions
)
```
#### Parameters
##### *fileToMake* String
name of output file to be created
##### *certFile* String
filename of the subject's X.509 certificate (required)
##### *privateKeyFile* String
filename of the subject's encrypted private key in pkcs-8 format (optional)
##### *password* String
password for private key file and new PFX file
##### *friendlyName* String
friendly name identification for the subject (optional)
##### *pfxOptions* [Pfx.Options](#pfx_options_pfx-options)
Specialist options
#### Return Value
Int32
Zero if successful or a non-zero [error code](#general_error-code).
Remarks
-------
The default behaviour is to encrypt the certificate using "weak" 40-bit RC2 and the private key (if provided) using "standard" Triple DES (`pbeWithSHAAnd3-KeyTripleDES-CBC`).
See Also
--------
[Pfx Class](#pfx_pfx)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pfx.SignatureIsValid Method
===========================
Verify the MacData signature in a PKCS-12 file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static bool SignatureIsValid(
string fileName,
string password
)
```
#### Parameters
##### *fileName* String
Name of PKCS-12 file to be checked
##### *password* String
password for file
#### Return Value
Boolean
`true` if signature is OK
See Also
--------
[Pfx Class](#pfx_pfx)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Prf Class
=========
Pseudorandom function (PRF) methods.
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Prf**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Prf
```
The **Prf** type exposes the following members.
Methods
-------
| Name | Description |
| ---------- | ---------------------------------------------------------- |
| [Bytes](#prf_bytes) | Generate output bytes using a pseudorandom function (PRF). |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Prf.Bytes Method
================
Generate output bytes using a pseudorandom function (PRF).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] Bytes(
int numBytes,
byte[] message,
byte[] key,
Prf.Alg prfAlg,
string customStr = ""
)
```
#### Parameters
##### *numBytes* Int32
Required number of output bytes.
##### *message* Byte[]
Input message data.
##### *key* Byte[]
Key.
##### *prfAlg* [Prf.Alg](#prf_alg_prf-alg)
PRF algorithm.
##### *customStr* String (Optional)
Customization string (optional).
#### Return Value
Byte[]
Output data in byte array.
Example
-------
```csharp
// Sample #1: "standard" KMAC output length KMAC128 => 256 bits, no custom string
int nbytes = 256 / 8;
byte[] msg = "00010203".FromHex();
byte[] key = "404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F".FromHex();
byte[] b = Prf.Bytes(nbytes, msg, key, Prf.Alg.Kmac128);
Console.WriteLine("OUT={0}", b.ToHex());
// E5780B0D3EA6F7D3A429C5706AA43A00FADBD7D49628839E3187243F456EE14E
```
See Also
--------
[Prf Class](#prf_prf)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pwd Class
=========
Password Dialog Functions
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Pwd**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Pwd
```
The **Pwd** type exposes the following members.
Methods
-------
| Name | Description |
| ----------- | ------------------------------------------------------------------ |
| [Prompt](#pwd_prompt) | Open a dialog box to receive a password with user-supplied prompt. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pwd.Prompt Method
=================
Open a dialog box to receive a password with user-supplied prompt.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string Prompt(
int maxChars,
string caption,
string prompt = ""
)
```
#### Parameters
##### *maxChars* Int32
Maximum characters expected in password
##### *caption* String
Caption for dialog window
##### *prompt* String (Optional)
Wording for prompt (optional, default="Enter password:")
#### Return Value
String
String containing password or Empty string if user cancels
Example
-------
```csharp
string s = Pwd.Prompt(32, "My caption for the dialog here", "My new prompt:");
Console.WriteLine("Password=[{0}]", s); // Demo only!
```
See Also
--------
[Pwd Class](#pwd_pwd)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng Class
=========
Random Number Generator to NIST SP800-90
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Rng**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Rng
```
The **Rng** type exposes the following members.
Methods
-------
| Name | Description |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------ |
| [Bytes(Int32)](#rng_bytes-int32) | Generate an array of random bytes. |
| [Bytes(Int32, Byte[])](#rng_bytes-int32-byte) | Generate an array of random bytes with user-supplied entropy. |
| [Bytes(Int32, String)](#rng_bytes-int32-string) | Generate an array of random bytes with user-supplied entropy. |
| [BytesWithPrompt(Int32, Rng.Strength)](#rng_byteswithprompt-int32-rng-strength) | Generate an array of random bytes with a prompt for random keyboard input. |
| [BytesWithPrompt(Int32, String, Rng.Strength)](#rng_byteswithprompt-int32-string-rng-strength) | Generate an array of random bytes with a prompt for random keyboard input. |
| [Guid](#rng_guid) | Generate a random 36-character Global Unique IDentifier (GUID) string according to [RFC4122]. |
| [Initialize](#rng_initialize) | Initialize the RNG generator with a seed file. |
| [InitializeEx](#rng_initializeex) | Query and initialize the RNG generator using Intel(R) DRNG, if available. |
| [MakeSeedFile](#rng_makeseedfile) | Create a new seed file suitable for use with Rng.Initialize. |
| [Number](#rng_number) | Generate a random number (integer) in a given range. |
| [Octet](#rng_octet) | Generate a single random octet (byte). |
| [Test](#rng_test) | Carry out a NIST SP800-90 health check and FIPS140-2 statistical tests on the random number generator. |
| [TestDrbgvs](#rng_testdrbgvs) | Test the RNG for conformance to NIST SP800-90A using the relevant test specified in DRBGVS. |
| [UpdateSeedFile](#rng_updateseedfile) | Update the RNG seed file. |
Fields
------
| Name | Description |
| ------------------ | ------------------------------- |
| [SeedFileSize](#rng_seedfilesize) | Required size for RNG seed file |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.Bytes(Int32) Method
=======================
Generate an array of random bytes.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------- | ------------------------------------------------------------- |
| **Bytes(Int32)** | Generate an array of random bytes. |
| [Bytes(Int32, Byte[])](#rng_bytes-int32-byte) | Generate an array of random bytes with user-supplied entropy. |
| [Bytes(Int32, String)](#rng_bytes-int32-string) | Generate an array of random bytes with user-supplied entropy. |
Syntax
------
```csharp
public static byte[] Bytes(
int numBytes
)
```
#### Parameters
##### *numBytes* Int32
Required number of random bytes
#### Return Value
Byte[]
Array of random bytes
Example
-------
```csharp
byte[] b = Rng.Bytes(16);
Console.WriteLine("Rng.Bytes(16)={0}", b.ToHex());
// e.g. 3FD45EB7715CE91C9F1DB69DBF6677ED (always different)
```
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.Bytes(Int32, Byte[]) Method
===============================
Generate an array of random bytes with user-supplied entropy.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------- | ------------------------------------------------------------- |
| [Bytes(Int32)](#rng_bytes-int32) | Generate an array of random bytes. |
| **Bytes(Int32, Byte[])** | Generate an array of random bytes with user-supplied entropy. |
| [Bytes(Int32, String)](#rng_bytes-int32-string) | Generate an array of random bytes with user-supplied entropy. |
Syntax
------
```csharp
public static byte[] Bytes(
int numBytes,
byte[] arrSeed
)
```
#### Parameters
##### *numBytes* Int32
Required number of random bytes
##### *arrSeed* Byte[]
User-supplied entropy in byte format
#### Return Value
Byte[]
Array of random bytes
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.Bytes(Int32, String) Method
===============================
Generate an array of random bytes with user-supplied entropy.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------- | ------------------------------------------------------------- |
| [Bytes(Int32)](#rng_bytes-int32) | Generate an array of random bytes. |
| [Bytes(Int32, Byte[])](#rng_bytes-int32-byte) | Generate an array of random bytes with user-supplied entropy. |
| **Bytes(Int32, String)** | Generate an array of random bytes with user-supplied entropy. |
Syntax
------
```csharp
public static byte[] Bytes(
int numBytes,
string seedStr
)
```
#### Parameters
##### *numBytes* Int32
Required number of random bytes
##### *seedStr* String
User-supplied entropy in string format
#### Return Value
Byte[]
Array of random bytes
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.BytesWithPrompt(Int32, Rng.Strength) Method
===============================================
Generate an array of random bytes with a prompt for random keyboard input.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------- | -------------------------------------------------------------------------- |
| **BytesWithPrompt(Int32, Rng.Strength)** | Generate an array of random bytes with a prompt for random keyboard input. |
| [BytesWithPrompt(Int32, String, Rng.Strength)](#rng_byteswithprompt-int32-string-rng-strength) | Generate an array of random bytes with a prompt for random keyboard input. |
Syntax
------
```csharp
public static byte[] BytesWithPrompt(
int numBytes,
Rng.Strength strength = Rng.Strength.Default
)
```
#### Parameters
##### *numBytes* Int32
Required number of random bytes
##### *strength* [Rng.Strength](#rng_strength_rng-strength) (Optional)
Estimated security strength (default=112 bits)
#### Return Value
Byte[]
Array of random bytes
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.BytesWithPrompt(Int32, String, Rng.Strength) Method
=======================================================
Generate an array of random bytes with a prompt for random keyboard input.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------ | -------------------------------------------------------------------------- |
| [BytesWithPrompt(Int32, Rng.Strength)](#rng_byteswithprompt-int32-rng-strength) | Generate an array of random bytes with a prompt for random keyboard input. |
| **BytesWithPrompt(Int32, String, Rng.Strength)** | Generate an array of random bytes with a prompt for random keyboard input. |
Syntax
------
```csharp
public static byte[] BytesWithPrompt(
int numBytes,
string prompt,
Rng.Strength strength
)
```
#### Parameters
##### *numBytes* Int32
Required number of random bytes
##### *prompt* String
Alternative prompt. Set as an empty string `""` for the default prompt.
##### *strength* [Rng.Strength](#rng_strength_rng-strength)
Required security strength
#### Return Value
Byte[]
Array of random bytes
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.Guid Method
===============
Generate a random 36-character Global Unique IDentifier (GUID) string according to [RFC4122].
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string Guid()
```
#### Return Value
String
String of the form "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" where 'x' is a hexadecimal digit `[0-9a-f]`.
Example
-------
```csharp
string guid = Rng.Guid();
Console.WriteLine("GUID={0}", guid);
// Example: GUID=14e3d83a-2de2-4fb0-851c-840fbab04cdd
```
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.Initialize Method
=====================
Initialize the RNG generator with a seed file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static bool Initialize(
string seedFile
)
```
#### Parameters
##### *seedFile* String
Full path name of seed file
#### Return Value
Boolean
`true` if successful; `false` if fails
Remarks
-------
If the seed file does not exist, it will be created (with any available entropy).
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.InitializeEx Method
=======================
Query and initialize the RNG generator using Intel(R) DRNG, if available.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int InitializeEx(
Rng.Options opts = Rng.Options.Default
)
```
#### Parameters
##### *opts* [Rng.Options](#rng_options_rng-options) (Optional)
Specify `Rng.Options.NoIntelDrng` to explicitly turn off support.
#### Return Value
Int32
Support status for Intel(R) DRNG. If available, then a positive value (1,2,3); else a negative error code.
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.MakeSeedFile Method
=======================
Create a new seed file suitable for use with Rng.Initialize.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static bool MakeSeedFile(
string seedFile,
Rng.Strength strength = Rng.Strength.Default
)
```
#### Parameters
##### *seedFile* String
Name of seed file to be created
##### *strength* [Rng.Strength](#rng_strength_rng-strength) (Optional)
Estimated security strength (default=112 bits)
#### Return Value
Boolean
`true` if successful; `false` if fails
Remarks
-------
Any existing file will be overwritten.
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.Number Method
=================
Generate a random number (integer) in a given range.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int Number(
int lower,
int upper
)
```
#### Parameters
##### *lower* Int32
lower value of range
##### *upper* Int32
upper value of range
#### Return Value
Int32
Random integer x: lower <= x <= upper
Example
-------
```csharp
int i;
for (i = 0; i < 12; i++) {
int n = Rng.Number(-10, +10);
Console.Write("{0} ", n);
}
Console.Write("\n");
```
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.Octet Method
================
Generate a single random octet (byte).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte Octet()
```
#### Return Value
Byte
Single byte value randomly chosen between 0 and 255
Example
-------
```csharp
byte by = Rng.Octet(); // Generate a random single byte (octet)
Console.WriteLine("Rng.Octet()={0}", by); // 0 <= by < 256
```
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.Test Method
===============
Carry out a NIST SP800-90 health check and FIPS140-2 statistical tests on the random number generator.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static bool Test(
string resultFile = ""
)
```
#### Parameters
##### *resultFile* String (Optional)
Name of results file to be created, or `null` not to create a results file.
#### Return Value
Boolean
`true` if successful; `false` if fails
Remarks
-------
Any existing file will be overwritten.
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.TestDrbgvs Method
=====================
Test the RNG for conformance to NIST SP800-90A using the relevant test specified in DRBGVS.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string TestDrbgvs(
int returnedBitsLen,
string entropyInput,
string nonce,
string personalizationString,
string additionalInput1,
string entropyReseed,
string additionalInputReseed,
string additionalInput2
)
```
#### Parameters
##### *returnedBitsLen* Int32
Number of bits to be returned from each call to the generate function in the test
##### *entropyInput* String
the EntropyInput value in hex format
##### *nonce* String
the Nonce value in hex format
##### *personalizationString* String
the PersonalizationString value in hex format
##### *additionalInput1* String
the first AdditionalInput value in hex format
##### *entropyReseed* String
the EntropyReseed value in hex format
##### *additionalInputReseed* String
the AdditionalInputReseed value in hex format
##### *additionalInput2* String
the second AdditionalInput value in hex format
#### Return Value
String
the ReturnedBits as a string in hexadecimal format
Remarks
-------
The test procedure, the input values and the expected output are described in the DRBGVS document. The relevant DRBG mechanism is `HMAC_DRBG SHA-512` without prediction resistance. Use the empty string `""` to pass a zero-length input. All hex strings must have an even number of characters.
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.UpdateSeedFile Method
=========================
Update the RNG seed file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static bool UpdateSeedFile(
string seedFile
)
```
#### Parameters
##### *seedFile* String
Full path name of seed file
#### Return Value
Boolean
`true` if successful; `false` if fails
Remarks
-------
The seed file must be writable. If it does not exist it will be created (with any available entropy). Any existing file of the same name will be overwritten without warning.
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.SeedFileSize Field
======================
Required size for RNG seed file
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public const int SeedFileSize = 128
```
#### Field Value
Int32
See Also
--------
[Rng Class](#rng_rng)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa Class
=========
RSA Encryption and Public Key Functions
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Rsa**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Rsa
```
The **Rsa** type exposes the following members.
Methods
-------
| Name | Description |
| ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
| [CheckKey(String)](#rsa_checkkey-string) | Check the validity of an "internal" RSA public or private key. |
| [CheckKey(StringBuilder)](#rsa_checkkey-stringbuilder) | Check the validity of an "internal" RSA public or private key. |
| [DecodeDigestForSignature](#rsa_decodedigestforsignature) | Decode an encoded message for signature. |
| [DecodeMsgForEncryption](#rsa_decodemsgforencryption) | Decode a message for encryption. |
| [DecodeMsgIso9796](#rsa_decodemsgiso9796) | Decode a message padded using ISO/IEC 9796-1 formatting. |
| [Decrypt](#rsa_decrypt) | Decrypt a message encrypted using an RSA encryption scheme. |
| [EncodeDigestForSignature](#rsa_encodedigestforsignature) | Encode a message digest for signature. |
| [EncodeMsgForEncryption](#rsa_encodemsgforencryption) | Encode a message for encryption. |
| [EncodeMsgForSignature](#rsa_encodemsgforsignature) | Encode a message for signature. |
| [EncodeMsgIso9796](#rsa_encodemsgiso9796) | Encode a message using ISO/IEC 9796-1 formatting. |
| [Encrypt](#rsa_encrypt) | Encrypt a short message using RSA encryption. |
| [FromXMLString(String)](#rsa_fromxmlstring-string) | Create an RSA key string in internal format from an XML string. |
| [FromXMLString(String, Rsa.XmlOptions)](#rsa_fromxmlstring-string-rsa-xmloptions) | Create an RSA key string in internal format from an XML string with options. |
| [FromXMLString(String, Boolean)](#rsa_fromxmlstring-string-boolean) | Create an RSA key string in internal format from an XML string with flag to exclude private key details. |
| [GetPrivateKeyFromPFX](#rsa_getprivatekeyfrompfx) | Extract an encrypted private key from a PKCS-12 PKCS8ShroudedKeyBag, saving the output directly as a new file. |
| [GetPublicKeyFromCert](#rsa_getpublickeyfromcert) | **Obsolete.**
Read public key from X.509 certificate into internal string format. |
| [KeyBits(String)](#rsa_keybits-string) | Return number of significant bits in RSA key modulus. |
| [KeyBits(StringBuilder)](#rsa_keybits-stringbuilder) | Return number of significant bits in RSA key modulus. |
| [KeyBytes(String)](#rsa_keybytes-string) | Return number of bytes (octets) in RSA key modulus. |
| [KeyBytes(StringBuilder)](#rsa_keybytes-stringbuilder) | Return number of bytes (octets) in RSA key modulus. |
| [KeyHashCode(String)](#rsa_keyhashcode-string) | Compute the hash code of an "internal" RSA public or private key string. |
| [KeyHashCode(StringBuilder)](#rsa_keyhashcode-stringbuilder) | Compute the hash code of an "internal" RSA public or private key string. |
| [KeyMatch(String, String)](#rsa_keymatch-string-string) | Verify that a pair of "internal" RSA private and public key strings are matched. |
| [KeyMatch(StringBuilder, StringBuilder)](#rsa_keymatch-stringbuilder-stringbuilder) | Verify that a pair of "internal" RSA private and public key strings are matched. |
| [KeyValue](#rsa_keyvalue) | Extract a base64-encoded RSA key value from internal key string |
| [MakeKeys(String, String, Int32, Rsa.PublicExponent, Int32, String, Rsa.PbeOptions, Boolean, Byte[])](#rsa_makekeys-string-string-int32-rsa-publicexponent-int32-string-rsa-pbeoptions-boolean-byte) | **Obsolete.**
Generate an RSA public/private key pair [DEPRECATED]. |
| [MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean)](#rsa_makekeys-string-string-string-int32-rsa-publicexponent-rsa-pbeoptions-string-rsa-format-boolean) | Generate an RSA public/private key pair. |
| [MakeKeys(String, String, Int32, Rsa.PublicExponent, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format, Boolean)](#rsa_makekeys-string-string-int32-rsa-publicexponent-int32-string-cipheralgorithm-hashalgorithm-rsa-format-boolean) | **Obsolete.**
Generate an RSA public/private key pair with extended options for encrypting private key [DEPRECATED]. |
| [PublicKeyFromPrivate](#rsa_publickeyfromprivate) | Convert an internal private key string into a public one. |
| [RawPrivate(Byte[], String)](#rsa_rawprivate-byte-string) | Carry out RSA transformation using private key. |
| [RawPrivate(Byte[], String, Int32)](#rsa_rawprivate-byte-string-int32) | Carry out RSA transformation using private key (with specialist options). |
| [RawPublic(Byte[], String)](#rsa_rawpublic-byte-string) | Carry out RSA transformation using public key. |
| [RawPublic(Byte[], String, Int32)](#rsa_rawpublic-byte-string-int32) | Carry out RSA transformation using public key (with specialist options). |
| [ReadEncPrivateKey](#rsa_readencprivatekey) | **Obsolete.**
Read encrypted private key file into internal string format. |
| [ReadPrivateKey](#rsa_readprivatekey) | Read from a file or string containing a private key into an "internal" private key string. |
| [ReadPrivateKeyFromPFX](#rsa_readprivatekeyfrompfx) | **Obsolete.**
Read a private key directly from an encrypted PFX/PKCS-12 file into an "internal" private key string. |
| [ReadPrivateKeyInfo](#rsa_readprivatekeyinfo) | **Obsolete.**
Read from an (unencrypted) PKCS-8 private key info file into a private key string. |
| [ReadPublicKey](#rsa_readpublickey) | Read from a file or string containing a public key into an "internal" public key string. |
| [SaveEncKey](#rsa_saveenckey) | Save an internal RSA key string to an encrypted key file. |
| [SaveEncPrivateKey(String, String, Int32, String, Rsa.PbeOptions, Rsa.Format)](#rsa_saveencprivatekey-string-string-int32-string-rsa-pbeoptions-rsa-format) | Save a private key string to a PKCS-8 EncryptedPrivateKeyInfo file [DEPRECATED]. |
| [SaveEncPrivateKey(String, String, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format)](#rsa_saveencprivatekey-string-string-int32-string-cipheralgorithm-hashalgorithm-rsa-format) | Save a private key string to a PKCS-8 EncryptedPrivateKeyInfo file using PBES2 algorithm [DEPRECATED]. |
| [SavePrivateKeyInfo](#rsa_saveprivatekeyinfo) | Save a private key string to an (unencrypted) PKCS-8 private key info file. |
| [SavePublicKey](#rsa_savepublickey) | Save a public key string to PKCS-1 public key file. |
| [ToXMLString(String, Rsa.XmlOptions)](#rsa_toxmlstring-string-rsa-xmloptions) | Create an XML string representation of an RSA internal key string. |
| [ToXMLString(String, String, Rsa.XmlOptions)](#rsa_toxmlstring-string-string-rsa-xmloptions) | Create an XML string representation of an RSA internal key string with option to add a namespace prefix. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.CheckKey(String) Method
===========================
Check the validity of an "internal" RSA public or private key.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ---------------------------- | -------------------------------------------------------------- |
| **CheckKey(String)** | Check the validity of an "internal" RSA public or private key. |
| [CheckKey(StringBuilder)](#rsa_checkkey-stringbuilder) | Check the validity of an "internal" RSA public or private key. |
Syntax
------
```csharp
public static int CheckKey(
string intKeyString
)
```
#### Parameters
##### *intKeyString* String
Internal key string
#### Return Value
Int32
0=valid private key, 1=valid publickey, or negative [error code](#general_error-code)
Remarks
-------
A private key is also validated for consistency.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.CheckKey(StringBuilder) Method
==================================
Check the validity of an "internal" RSA public or private key.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------- | -------------------------------------------------------------- |
| [CheckKey(String)](#rsa_checkkey-string) | Check the validity of an "internal" RSA public or private key. |
| **CheckKey(StringBuilder)** | Check the validity of an "internal" RSA public or private key. |
Syntax
------
```csharp
public static int CheckKey(
StringBuilder sbKeyString
)
```
#### Parameters
##### *sbKeyString* StringBuilder
Internal key string
#### Return Value
Int32
0=valid private key, 1=valid publickey, or negative [error code](#general_error-code)
Remarks
-------
A private key is also validated for consistency.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.DecodeDigestForSignature Method
===================================
Decode an encoded message for signature.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] DecodeDigestForSignature(
byte[] data,
bool getFullDigestInfo = false
)
```
#### Parameters
##### *data* Byte[]
Encoded message for signature
##### *getFullDigestInfo* Boolean (Optional)
(optional) If true, extract the full `DigestInfo`; otherwise just extract the message digest itself
#### Return Value
Byte[]
Decoded data or an empty array on error
Remarks
-------
Only EMSA-PKCS1-v1_5 is supported in this function.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.DecodeMsgForEncryption Method
=================================
Decode a message for encryption.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] DecodeMsgForEncryption(
byte[] data,
Rsa.EME method
)
```
#### Parameters
##### *data* Byte[]
Encoded message
##### *method* [Rsa.EME](#rsa_eme_rsa-eme)
Encoding method used
#### Return Value
Byte[]
Decoded message
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.DecodeMsgIso9796 Method
===========================
Decode a message padded using ISO/IEC 9796-1 formatting.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] DecodeMsgIso9796(
byte[] data,
int keyBits
)
```
#### Parameters
##### *data* Byte[]
encoded message for signature
##### *keyBits* Int32
exact length of key in bits
#### Return Value
Byte[]
Recovered message or an empty array on error
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
[EncodeMsgIso9796(Byte[], Int32)](#rsa_encodemsgiso9796)
Rsa.Decrypt Method
==================
Decrypt a message encrypted using an RSA encryption scheme.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] Decrypt(
byte[] data,
string privateKeyFile,
string password = "",
Rsa.EME method = Rsa.EME.PKCSv1_5,
Rsa.HashAlg hashAlg = Rsa.HashAlg.Sha1,
Rsa.AdvOptions advOpts = Rsa.AdvOptions.Default
)
```
#### Parameters
##### *data* Byte[]
Data to be decrypted (must be exactly the same length as the key modulus size).
##### *privateKeyFile* String
Name of the private key file, or a string containing the key in PEM format, or a valid internal private key string.
##### *password* String (Optional)
Password for encrypted private key, or `""` if password is not required.
##### *method* [Rsa.EME](#rsa_eme_rsa-eme) (Optional)
Encoding method [optional, default = EME.PKCSv1_5]
##### *hashAlg* [Rsa.HashAlg](#rsa_hashalg_rsa-hashalg) (Optional)
Hash function for EME-OAEP encoding, otherwise ignored.
##### *advOpts* [Rsa.AdvOptions](#rsa_advoptions_rsa-advoptions) (Optional)
Advanced options for EME-OEAP only.
#### Return Value
Byte[]
Decrypted data.
Remarks
-------
For RSA-OAEP you must set the correct options to match the parameters used for the encryption.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.EncodeDigestForSignature Method
===================================
Encode a message digest for signature.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] EncodeDigestForSignature(
int keyBytes,
byte[] digest,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *keyBytes* Int32
Number of bytes in the key
##### *digest* Byte[]
Digest of message
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Message digest algorithm used to create digest
#### Return Value
Byte[]
Encoded block
Remarks
-------
Only EMSA-PKCS1-v1_5 is supported in this function.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
[SignData(Byte[], String, String, SigAlgorithm, Sig.SigOptions, Sig.Encoding)](#sig_signdata-byte-string-string-sigalgorithm-sig-sigoptions-sig-encoding)
Sig.SignData Method
===================
Compute a signature value over data in a byte array.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string SignData(
byte[] data,
string privateKeyFile,
string password,
SigAlgorithm sigAlg,
Sig.SigOptions sigOpts = Sig.SigOptions.Default,
Sig.Encoding sigEncoding = Sig.Encoding.Default
)
```
#### Parameters
##### *data* Byte[]
input data to be signed
##### *privateKeyFile* String
Name of private key file (or a string containing the key in PEM format, or an internal private key)
##### *password* String
Password for the private key, if encrypted
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm to be used
##### *sigOpts* [Sig.SigOptions](#sig_sigoptions_sig-sigoptions) (Optional)
(optional) Options for ECDSA and RSA-PSS signatures
##### *sigEncoding* [Sig.Encoding](#sig_encoding_sig-encoding) (Optional)
Optional encodings for output [default=base64]
#### Return Value
String
The encoded signature, or an empty string on error
Example
-------
```csharp
string keyFile = "AlicePrivRSASign.p8e"; // Used to sign data
string password = "password";
// Input to be signed: a byte array with ASCII string "abc"
byte[] b = System.Text.Encoding.Default.GetBytes("abc");
string sig = Sig.SignData(b, keyFile, password, SigAlgorithm.Default);
Console.WriteLine("Sig.SignData returns \n'" + sig + "'");
/*
YK1aePtKQDDsVCyJdM0V9VOE6DZVTO3ZoyLV9BNcYmep0glwxU5mUQcLAUTUOETImTIN2
Pp4GffrxqdxUoczLshnXBNhg7P4ofge+WlBgmcTCnVv27LHHZpmdEbjTg6tnPMb+2b4Fv
MZ0LfkMKXyiRVTmG4ANyAmHH6QIsDZ8R8=*/
```
See Also
--------
[Sig Class](#sig_sig)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.EncodeMsgForEncryption Method
=================================
Encode a message for encryption.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] EncodeMsgForEncryption(
int keyBytes,
byte[] message,
Rsa.EME method
)
```
#### Parameters
##### *keyBytes* Int32
Number of bytes in the key
##### *message* Byte[]
Message to be encoded
##### *method* [Rsa.EME](#rsa_eme_rsa-eme)
Encoding method to use
#### Return Value
Byte[]
Encoded message block
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.EncodeMsgForSignature Method
================================
Encode a message for signature.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] EncodeMsgForSignature(
int keyBytes,
byte[] message,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *keyBytes* Int32
Number of bytes in the key
##### *message* Byte[]
Message to be encoded
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Message digest algorithm to use
#### Return Value
Byte[]
Encoded block
Remarks
-------
Only EMSA-PKCS1-v1_5 is supported in this function. Note we can only ever recover the digest from the encoded block.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
[SignData(Byte[], String, String, SigAlgorithm, Sig.SigOptions, Sig.Encoding)](#sig_signdata-byte-string-string-sigalgorithm-sig-sigoptions-sig-encoding)
Rsa.EncodeMsgIso9796 Method
===========================
Encode a message using ISO/IEC 9796-1 formatting.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] EncodeMsgIso9796(
byte[] message,
int keyBits
)
```
#### Parameters
##### *message* Byte[]
message to be encoded
##### *keyBits* Int32
exact length of key in bits
#### Return Value
Byte[]
Padded message block ready for signing or an empty array on error
Remarks
-------
The output block will be the same size as the key rounded up to the next whole byte. The message must be no longer than half the key length.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
[DecodeMsgIso9796(Byte[], Int32)](#rsa_decodemsgiso9796)
Rsa.Encrypt Method
==================
Encrypt a short message using RSA encryption.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] Encrypt(
byte[] data,
string publicKeyFile,
Rsa.EME method = Rsa.EME.PKCSv1_5,
Rsa.HashAlg hashAlg = Rsa.HashAlg.Sha1,
Rsa.AdvOptions advOpts = Rsa.AdvOptions.Default
)
```
#### Parameters
##### *data* Byte[]
Data to be encrypted
##### *publicKeyFile* String
Name of the public key file or X.509 certificate, or a string containing the key or certificate in PEM format, or a valid internal public key string.
##### *method* [Rsa.EME](#rsa_eme_rsa-eme) (Optional)
Encoding method [optional, default = EME.PKCSv1_5]
##### *hashAlg* [Rsa.HashAlg](#rsa_hashalg_rsa-hashalg) (Optional)
Hash function for EME-OAEP encoding, otherwise ignored.
##### *advOpts* [Rsa.AdvOptions](#rsa_advoptions_rsa-advoptions) (Optional)
Advanced options for EME-OEAP only.
#### Return Value
Byte[]
Encrypted data or an empty array on error.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.FromXMLString(String) Method
================================
Create an RSA key string in internal format from an XML string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------ | -------------------------------------------------------------------------------------------------------- |
| **FromXMLString(String)** | Create an RSA key string in internal format from an XML string. |
| [FromXMLString(String, Rsa.XmlOptions)](#rsa_fromxmlstring-string-rsa-xmloptions) | Create an RSA key string in internal format from an XML string with options. |
| [FromXMLString(String, Boolean)](#rsa_fromxmlstring-string-boolean) | Create an RSA key string in internal format from an XML string with flag to exclude private key details. |
Syntax
------
```csharp
public static string FromXMLString(
string xmlString
)
```
#### Parameters
##### *xmlString* String
The XML string to use to reconstruct the RSA key
#### Return Value
String
Key string in internal format or empty string on error
Remarks
-------
Creates an internal private key string if the XML contains private key parameters, otherwise an internal public key string.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.FromXMLString(String, Rsa.XmlOptions) Method
================================================
Create an RSA key string in internal format from an XML string with options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ----------------------------------------- | -------------------------------------------------------------------------------------------------------- |
| [FromXMLString(String)](#rsa_fromxmlstring-string) | Create an RSA key string in internal format from an XML string. |
| **FromXMLString(String, Rsa.XmlOptions)** | Create an RSA key string in internal format from an XML string with options. |
| [FromXMLString(String, Boolean)](#rsa_fromxmlstring-string-boolean) | Create an RSA key string in internal format from an XML string with flag to exclude private key details. |
Syntax
------
```csharp
public static string FromXMLString(
string xmlString,
Rsa.XmlOptions options
)
```
#### Parameters
##### *xmlString* String
The XML string to use to reconstruct the RSA key
##### *options* [Rsa.XmlOptions](#rsa_xmloptions_rsa-xmloptions)
Option flags: set as zero for defaults.
#### Return Value
String
Key string in internal format or empty string on error
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.FromXMLString(String, Boolean) Method
=========================================
Create an RSA key string in internal format from an XML string with flag to exclude private key details.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------ | -------------------------------------------------------------------------------------------------------- |
| [FromXMLString(String)](#rsa_fromxmlstring-string) | Create an RSA key string in internal format from an XML string. |
| [FromXMLString(String, Rsa.XmlOptions)](#rsa_fromxmlstring-string-rsa-xmloptions) | Create an RSA key string in internal format from an XML string with options. |
| **FromXMLString(String, Boolean)** | Create an RSA key string in internal format from an XML string with flag to exclude private key details. |
Syntax
------
```csharp
public static string FromXMLString(
string xmlString,
bool excludePrivateParams
)
```
#### Parameters
##### *xmlString* String
The XML string to use to reconstruct the RSA key
##### *excludePrivateParams* Boolean
Reconstruct public key details only
#### Return Value
String
Key string in internal format or empty string on error
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.GetPrivateKeyFromPFX Method
===============================
Extract an encrypted private key from a PKCS-12 PKCS8ShroudedKeyBag, saving the output directly as a new file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int GetPrivateKeyFromPFX(
string outputFile,
string pfxFile
)
```
#### Parameters
##### *outputFile* String
Name of new file to create
##### *pfxFile* String
PKCS-12 filename
#### Return Value
Int32
If successful, it returns the number of bytes written to the output file; otherwise it returns a negative [error code](#general_error-code)
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.GetPublicKeyFromCert Method
===============================
**Note: This API is now obsolete.**
Read public key from X.509 certificate into internal string format.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[ObsoleteAttribute("Use Rsa.ReadPublicKey() instead", false)]
public static StringBuilder GetPublicKeyFromCert(
string certFile
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
#### Return Value
StringBuilder
StringBuilder containing an internal representation of the public key; or an empty StringBuilder if error
Remarks
-------
This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.KeyBits(String) Method
==========================
Return number of significant bits in RSA key modulus.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------- | ----------------------------------------------------- |
| **KeyBits(String)** | Return number of significant bits in RSA key modulus. |
| [KeyBits(StringBuilder)](#rsa_keybits-stringbuilder) | Return number of significant bits in RSA key modulus. |
Syntax
------
```csharp
public static int KeyBits(
string strRsaKey
)
```
#### Parameters
##### *strRsaKey* String
Internal key string
#### Return Value
Int32
Number of significant bits in key
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.KeyBits(StringBuilder) Method
=================================
Return number of significant bits in RSA key modulus.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| -------------------------- | ----------------------------------------------------- |
| [KeyBits(String)](#rsa_keybits-string) | Return number of significant bits in RSA key modulus. |
| **KeyBits(StringBuilder)** | Return number of significant bits in RSA key modulus. |
Syntax
------
```csharp
public static int KeyBits(
StringBuilder sbRsaKey
)
```
#### Parameters
##### *sbRsaKey* StringBuilder
Internal key string
#### Return Value
Int32
Number of significant bits in key
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.KeyBytes(String) Method
===========================
Return number of bytes (octets) in RSA key modulus.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ---------------------------- | --------------------------------------------------- |
| **KeyBytes(String)** | Return number of bytes (octets) in RSA key modulus. |
| [KeyBytes(StringBuilder)](#rsa_keybytes-stringbuilder) | Return number of bytes (octets) in RSA key modulus. |
Syntax
------
```csharp
public static int KeyBytes(
string strRsaKey
)
```
#### Parameters
##### *strRsaKey* String
Internal key string
#### Return Value
Int32
Number of bytes in key
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.KeyBytes(StringBuilder) Method
==================================
Return number of bytes (octets) in RSA key modulus.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------- | --------------------------------------------------- |
| [KeyBytes(String)](#rsa_keybytes-string) | Return number of bytes (octets) in RSA key modulus. |
| **KeyBytes(StringBuilder)** | Return number of bytes (octets) in RSA key modulus. |
Syntax
------
```csharp
public static int KeyBytes(
StringBuilder sbRsaKey
)
```
#### Parameters
##### *sbRsaKey* StringBuilder
Internal key string
#### Return Value
Int32
Number of bytes in key
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.KeyHashCode(String) Method
==============================
Compute the hash code of an "internal" RSA public or private key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------- | ------------------------------------------------------------------------ |
| **KeyHashCode(String)** | Compute the hash code of an "internal" RSA public or private key string. |
| [KeyHashCode(StringBuilder)](#rsa_keyhashcode-stringbuilder) | Compute the hash code of an "internal" RSA public or private key string. |
Syntax
------
```csharp
public static int KeyHashCode(
string intKeyString
)
```
#### Parameters
##### *intKeyString* String
Internal key string
#### Return Value
Int32
A 32-bit hash code for the key, or zero on error.
Remarks
-------
Should be the same for a matching private and public key.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.KeyHashCode(StringBuilder) Method
=====================================
Compute the hash code of an "internal" RSA public or private key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------ | ------------------------------------------------------------------------ |
| [KeyHashCode(String)](#rsa_keyhashcode-string) | Compute the hash code of an "internal" RSA public or private key string. |
| **KeyHashCode(StringBuilder)** | Compute the hash code of an "internal" RSA public or private key string. |
Syntax
------
```csharp
public static int KeyHashCode(
StringBuilder sbKeyString
)
```
#### Parameters
##### *sbKeyString* StringBuilder
Internal key string
#### Return Value
Int32
A 32-bit hash code for the key, or zero on error.
Example
-------
```csharp
// Use Rsa.KeyHashCode for matching public and private keys
StringBuilder sbPrivateKey = Rsa.ReadPrivateKey("lamps-alice.p8", ""); // Unencrypted .p8 file
StringBuilder sbPublicKey = Rsa.ReadPublicKey("lamps-alice.cer"); // Matching X.509 certificate
Console.WriteLine("Private Key: Rsa.KeyHashCode={0,8:X}", Rsa.KeyHashCode(sbPrivateKey.ToString()));
Console.WriteLine("Public Key: Rsa.KeyHashCode={0,8:X}", Rsa.KeyHashCode(sbPublicKey.ToString()));
// Private Key: Rsa.KeyHashCode=CA0B84DA
// Public Key: Rsa.KeyHashCode=CA0B84DA
```
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.KeyMatch(String, String) Method
===================================
Verify that a pair of "internal" RSA private and public key strings are matched.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------- | -------------------------------------------------------------------------------- |
| **KeyMatch(String, String)** | Verify that a pair of "internal" RSA private and public key strings are matched. |
| [KeyMatch(StringBuilder, StringBuilder)](#rsa_keymatch-stringbuilder-stringbuilder) | Verify that a pair of "internal" RSA private and public key strings are matched. |
Syntax
------
```csharp
public static int KeyMatch(
string privateKey,
string publicKey
)
```
#### Parameters
##### *privateKey* String
Internal RSA private key string
##### *publicKey* String
Internal RSA public key string
#### Return Value
Int32
0=valid key pair, or negative [error code](#general_error-code)
Example
-------
```csharp
StringBuilder sbPublicKey = Rsa.ReadPublicKey(pubkeyFile);
StringBuilder sbPrivateKey = Rsa.ReadPrivateKey(prikeyFile, "password");
int n = Rsa.KeyMatch(sbPrivateKey.ToString(), sbPublicKey.ToString());
Console.WriteLine("Rsa.KeyMatch returns {0} (expecting 0)", n);
Debug.Assert(0 == n, "Rsa.KeyMatch failed.");
```
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.KeyMatch(StringBuilder, StringBuilder) Method
=================================================
Verify that a pair of "internal" RSA private and public key strings are matched.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------ | -------------------------------------------------------------------------------- |
| [KeyMatch(String, String)](#rsa_keymatch-string-string) | Verify that a pair of "internal" RSA private and public key strings are matched. |
| **KeyMatch(StringBuilder, StringBuilder)** | Verify that a pair of "internal" RSA private and public key strings are matched. |
Syntax
------
```csharp
public static int KeyMatch(
StringBuilder sbPrivateKey,
StringBuilder sbPublicKey
)
```
#### Parameters
##### *sbPrivateKey* StringBuilder
Internal RSA private key string
##### *sbPublicKey* StringBuilder
Internal RSA public key string
#### Return Value
Int32
0=valid key pair, or negative [error code](#general_error-code)
Example
-------
```csharp
StringBuilder sbPublicKey = Rsa.ReadPublicKey(pubkeyFile);
StringBuilder sbPrivateKey = Rsa.ReadPrivateKey(prikeyFile, "password");
int n = Rsa.KeyMatch(sbPrivateKey, sbPublicKey);
```
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.KeyValue Method
===================
Extract a base64-encoded RSA key value from internal key string
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string KeyValue(
string keyString,
string fieldName
)
```
#### Parameters
##### *keyString* String
Public or private key in internal string format
##### *fieldName* String
Name of field to be extracted: `"Modulus"` or `"Exponent"`
#### Return Value
String
Value encoded in base64 or an empty string on error
Remarks
-------
The output is a continuous string of base64 characters suitable for a `` node in an XML-DSIG document.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.MakeKeys(String, String, Int32, Rsa.PublicExponent, Int32, String, Rsa.PbeOptions, Boolean, Byte[]) Method
==============================================================================================================
**Note: This API is now obsolete.**
Generate an RSA public/private key pair [DEPRECATED].
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ---------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
| **MakeKeys(String, String, Int32, Rsa.PublicExponent, Int32, String, Rsa.PbeOptions, Boolean, Byte[])** | **Obsolete.**
Generate an RSA public/private key pair [DEPRECATED]. |
| [MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean)](#rsa_makekeys-string-string-string-int32-rsa-publicexponent-rsa-pbeoptions-string-rsa-format-boolean) | Generate an RSA public/private key pair. |
| [MakeKeys(String, String, Int32, Rsa.PublicExponent, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format, Boolean)](#rsa_makekeys-string-string-int32-rsa-publicexponent-int32-string-cipheralgorithm-hashalgorithm-rsa-format-boolean) | **Obsolete.**
Generate an RSA public/private key pair with extended options for encrypting private key [DEPRECATED]. |
Syntax
------
```csharp
[ObsoleteAttribute("Use Rsa.MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean) instead",
false)]
public static int MakeKeys(
string publicKeyFile,
string privateKeyFile,
int bits,
Rsa.PublicExponent exponent,
int iterCount,
string password,
Rsa.PbeOptions cryptOption,
bool showProgress = false,
byte[] seedBytes = null
)
```
#### Parameters
##### *publicKeyFile* String
Output filename for public key
##### *privateKeyFile* String
Output filename for (encrypted) private key
##### *bits* Int32
Required key modulus size in bits (min 96)
##### *exponent* [Rsa.PublicExponent](#rsa_publicexponent_rsa-publicexponent)
Exponent (Fermat Prime)
##### *iterCount* Int32
Iteration count for encrypted private key
##### *password* String
Password string for encrypted private key
##### *cryptOption* [Rsa.PbeOptions](#rsa_pbeoptions_rsa-pbeoptions)
Option to specify encryption algorithm for private key
##### *showProgress* Boolean (Optional)
Indicate progress in console
##### *seedBytes* Byte[] (Optional)
(optional) User-supplied-entropy in byte format
#### Return Value
Int32
Zero if successful or non-zero [error code](#general_error-code)
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean) Method
===================================================================================================================
Generate an RSA public/private key pair.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ---------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
| [MakeKeys(String, String, Int32, Rsa.PublicExponent, Int32, String, Rsa.PbeOptions, Boolean, Byte[])](#rsa_makekeys-string-string-int32-rsa-publicexponent-int32-string-rsa-pbeoptions-boolean-byte) | **Obsolete.**
Generate an RSA public/private key pair [DEPRECATED]. |
| **MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean)** | Generate an RSA public/private key pair. |
| [MakeKeys(String, String, Int32, Rsa.PublicExponent, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format, Boolean)](#rsa_makekeys-string-string-int32-rsa-publicexponent-int32-string-cipheralgorithm-hashalgorithm-rsa-format-boolean) | **Obsolete.**
Generate an RSA public/private key pair with extended options for encrypting private key [DEPRECATED]. |
Syntax
------
```csharp
public static int MakeKeys(
string publicKeyFile,
string privateKeyFile,
string password,
int bits,
Rsa.PublicExponent exponent = Rsa.PublicExponent.Exp_EQ_65537,
Rsa.PbeOptions pbes = Rsa.PbeOptions.Default,
string paramString = "",
Rsa.Format fileFormat = Rsa.Format.Default,
bool showProgress = false
)
```
#### Parameters
##### *publicKeyFile* String
Output filename for public key
##### *privateKeyFile* String
Output filename for (encrypted) private key
##### *password* String
Password for encrypted private key
##### *bits* Int32
Required key modulus size in bits (min 96)
##### *exponent* [Rsa.PublicExponent](#rsa_publicexponent_rsa-publicexponent) (Optional)
Exponent [default=65537=F4]
##### *pbes* [Rsa.PbeOptions](#rsa_pbeoptions_rsa-pbeoptions) (Optional)
Encryption scheme to encrypt private key [default=pbeWithSHAAnd3-KeyTripleDES-CBC from PKCS#12]
##### *paramString* String (Optional)
Optional parameters. A set of attribute name=value pairs separated by a semicolon ";" (see remarks)
##### *fileFormat* [Rsa.Format](#rsa_format_rsa-format) (Optional)
Format to save file [default = DER binary]
##### *showProgress* Boolean (Optional)
Indicate progress in console
#### Return Value
Int32
Zero if successful or non-zero [error code](#general_error-code)
Remarks
-------
Valid name-value pairs for `paramString` are:
| **count**=integer | To set the iteration count used in the PBKDF2 method, e.g. `"count=5000;"` [default=2048]. |
| ----------------- | -------------------------------------------------------------------------------------------------------------- |
| **prf**=hmac-name | To change the HMAC algorithm used in the PBKDF2 method, e.g. `"prf=hmacwithSHA256;"` [default=`hmacwithSHA1`]. |
Valid values for hmac-name are one of `{hmacWithSHA1, hmacWithSHA224, hmacWithSHA256, hmacWithSHA384, hmacWithSHA512}`.
Example
-------
```csharp
string pubkeyFile = "carol_pub.pem.txt";
string prikeyFile = "carol_epk.pem.txt";
int n = Rsa.MakeKeys(pubkeyFile, prikeyFile, "strong-password!", 2048, Rsa.PublicExponent.Exp_EQ_65537,
Rsa.PbeOptions.Pbe_Pbkdf2_aes128_CBC, "count=3000;prf=hmacWithSHA256", Rsa.Format.PEM, true);
Console.WriteLine("Rsa.MakeKeys returned {0}", n);
Debug.Assert(n == 0, "Failed to create RSA key pair");
Console.WriteLine("Created public/private key pair OK");
```
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.MakeKeys(String, String, Int32, Rsa.PublicExponent, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format, Boolean) Method
==================================================================================================================================
**Note: This API is now obsolete.**
Generate an RSA public/private key pair with extended options for encrypting private key [DEPRECATED].
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| --------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
| [MakeKeys(String, String, Int32, Rsa.PublicExponent, Int32, String, Rsa.PbeOptions, Boolean, Byte[])](#rsa_makekeys-string-string-int32-rsa-publicexponent-int32-string-rsa-pbeoptions-boolean-byte) | **Obsolete.**
Generate an RSA public/private key pair [DEPRECATED]. |
| [MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean)](#rsa_makekeys-string-string-string-int32-rsa-publicexponent-rsa-pbeoptions-string-rsa-format-boolean) | Generate an RSA public/private key pair. |
| **MakeKeys(String, String, Int32, Rsa.PublicExponent, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format, Boolean)** | **Obsolete.**
Generate an RSA public/private key pair with extended options for encrypting private key [DEPRECATED]. |
Syntax
------
```csharp
[ObsoleteAttribute("Use Rsa.MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean) instead",
false)]
public static int MakeKeys(
string publicKeyFile,
string privateKeyFile,
int bits,
Rsa.PublicExponent exponent,
int iterCount,
string password,
CipherAlgorithm cipherAlg,
HashAlgorithm hashAlg,
Rsa.Format fileFormat,
bool showProgress
)
```
#### Parameters
##### *publicKeyFile* String
Output filename for public key
##### *privateKeyFile* String
Output filename for (encrypted) private key
##### *bits* Int32
Required key modulus size in bits (min 96)
##### *exponent* [Rsa.PublicExponent](#rsa_publicexponent_rsa-publicexponent)
Exponent (Fermat Prime)
##### *iterCount* Int32
Iteration count for encrypted private key
##### *password* String
Password string for encrypted private key
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Block cipher to use for encryption scheme [default = des-ede3-cbc]
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash function to use in PRF HMAC algorithm [default = hmacWithSHA1]
##### *fileFormat* [Rsa.Format](#rsa_format_rsa-format)
Format to save file [default = DER binary]
##### *showProgress* Boolean
Indicate progress in console
#### Return Value
Int32
Zero if successful or non-zero [error code](#general_error-code)
Remarks
-------
The private key is saved in encrypted PKCS#8 format using the PBES2 encryption scheme from PKCS#5 with key derivation function PBKDF2.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.PublicKeyFromPrivate Method
===============================
Convert an internal private key string into a public one.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static StringBuilder PublicKeyFromPrivate(
StringBuilder sbKeyString
)
```
#### Parameters
##### *sbKeyString* StringBuilder
StringBuilder containing private key in "internal" format
#### Return Value
StringBuilder
StringBuilder containing an internal representation of the public key; or an empty StringBuilder if error
Remarks
-------
This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.RawPrivate(Byte[], String) Method
=====================================
Carry out RSA transformation using private key.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| -------------------------------------- | ------------------------------------------------------------------------- |
| **RawPrivate(Byte[], String)** | Carry out RSA transformation using private key. |
| [RawPrivate(Byte[], String, Int32)](#rsa_rawprivate-byte-string-int32) | Carry out RSA transformation using private key (with specialist options). |
Syntax
------
```csharp
public static byte[] RawPrivate(
byte[] data,
string privateKeyStr
)
```
#### Parameters
##### *data* Byte[]
Data (**must** be same byte length as key modulus)
##### *privateKeyStr* String
Private key in internal string format
#### Return Value
Byte[]
Transformed data
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.RawPrivate(Byte[], String, Int32) Method
============================================
Carry out RSA transformation using private key (with specialist options).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------- | ------------------------------------------------------------------------- |
| [RawPrivate(Byte[], String)](#rsa_rawprivate-byte-string) | Carry out RSA transformation using private key. |
| **RawPrivate(Byte[], String, Int32)** | Carry out RSA transformation using private key (with specialist options). |
Syntax
------
```csharp
public static byte[] RawPrivate(
byte[] data,
string privateKeyStr,
int options
)
```
#### Parameters
##### *data* Byte[]
Data (**must** be same byte length as key modulus)
##### *privateKeyStr* String
Private key in internal string format
##### *options* Int32
Specialist options value
#### Return Value
Byte[]
Transformed data
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.RawPublic(Byte[], String) Method
====================================
Carry out RSA transformation using public key.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------- | ------------------------------------------------------------------------ |
| **RawPublic(Byte[], String)** | Carry out RSA transformation using public key. |
| [RawPublic(Byte[], String, Int32)](#rsa_rawpublic-byte-string-int32) | Carry out RSA transformation using public key (with specialist options). |
Syntax
------
```csharp
public static byte[] RawPublic(
byte[] data,
string publicKeyStr
)
```
#### Parameters
##### *data* Byte[]
Data (**must** be same byte length as key modulus)
##### *publicKeyStr* String
Public key in internal string format
#### Return Value
Byte[]
Transformed data
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.RawPublic(Byte[], String, Int32) Method
===========================================
Carry out RSA transformation using public key (with specialist options).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------ | ------------------------------------------------------------------------ |
| [RawPublic(Byte[], String)](#rsa_rawpublic-byte-string) | Carry out RSA transformation using public key. |
| **RawPublic(Byte[], String, Int32)** | Carry out RSA transformation using public key (with specialist options). |
Syntax
------
```csharp
public static byte[] RawPublic(
byte[] data,
string publicKeyStr,
int options
)
```
#### Parameters
##### *data* Byte[]
Data (**must** be same byte length as key modulus)
##### *publicKeyStr* String
Public key in internal string format
##### *options* Int32
Specialist options value
#### Return Value
Byte[]
Transformed data
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.ReadEncPrivateKey Method
============================
**Note: This API is now obsolete.**
Read encrypted private key file into internal string format.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[ObsoleteAttribute("Use Rsa.ReadPrivateKey() instead", false)]
public static StringBuilder ReadEncPrivateKey(
string privateKeyFile,
string password
)
```
#### Parameters
##### *privateKeyFile* String
filename of a binary BER-encoded encrypted private key info file
##### *password* String
password for key file
#### Return Value
StringBuilder
StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error
Remarks
-------
This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.ReadPrivateKey Method
=========================
Read from a file or string containing a private key into an "internal" private key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static StringBuilder ReadPrivateKey(
string privateKeyFile,
string password = ""
)
```
#### Parameters
##### *privateKeyFile* String
Name of private key file or a PEM String containing the key
##### *password* String (Optional)
Password for private key, if encrypted
#### Return Value
StringBuilder
StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error
Remarks
-------
This returns a StringBuilder, not a string, to allow secure wiping. Use sb.ToString() to obtain a string.
Example
-------
```csharp
StringBuilder sbPrivateKey = Rsa.ReadPrivateKey("AlicePrivRSASign.p8e", "password");
Debug.Assert(sbPrivateKey.Length > 0, "Rsa.ReadPrivateKey Failed");
Console.WriteLine("Key length={0} bits", Rsa.KeyBits(sbPrivateKey.ToString()));
```
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.ReadPrivateKeyFromPFX Method
================================
**Note: This API is now obsolete.**
Read a private key directly from an encrypted PFX/PKCS-12 file into an "internal" private key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[ObsoleteAttribute("Use Rsa.ReadPrivateKey() instead", false)]
public static StringBuilder ReadPrivateKeyFromPFX(
string pfxFile,
string password
)
```
#### Parameters
##### *pfxFile* String
PKCS-12 filename
##### *password* String
Password for PFX file
#### Return Value
StringBuilder
StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error
Remarks
-------
This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.ReadPrivateKeyInfo Method
=============================
**Note: This API is now obsolete.**
Read from an (unencrypted) PKCS-8 private key info file into a private key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[ObsoleteAttribute("Use Rsa.ReadPrivateKey() instead", false)]
public static StringBuilder ReadPrivateKeyInfo(
string prikeyinfoFile
)
```
#### Parameters
##### *prikeyinfoFile* String
Name of file
#### Return Value
StringBuilder
StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error
Remarks
-------
This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.ReadPublicKey Method
========================
Read from a file or string containing a public key into an "internal" public key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static StringBuilder ReadPublicKey(
string certOrPublicKeyFile
)
```
#### Parameters
##### *certOrPublicKeyFile* String
Name of X.509 certificate or public key file or a PEM String containing the key
#### Return Value
StringBuilder
StringBuilder containing an internal representation of the public key; or an empty StringBuilder if error
Remarks
-------
This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.
Example
-------
```csharp
// Read an RSA public key and save in a different format
string pubkeyFile = "AlicePubRSA.pub";
StringBuilder sbPublicKey = Rsa.ReadPublicKey(pubkeyFile);
Debug.Assert(sbPublicKey.Length > 0, "Rsa.ReadPublicKey Failed");
int n = Rsa.SavePublicKey("AlicePubRSA_new", sbPublicKey.ToString(), Rsa.Format.SSL);
Console.WriteLine("Rsa.SavePublicKey returns {0} (expecting 0)", n);
```
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.SaveEncKey Method
=====================
Save an internal RSA key string to an encrypted key file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int SaveEncKey(
string outputFile,
string privateKey,
string password,
Rsa.PbeOptions pbeOption,
string paramString = "",
Rsa.Format format = Rsa.Format.Default
)
```
#### Parameters
##### *outputFile* String
Name of output file to be created
##### *privateKey* String
The private RSA key as an internal key string.
##### *password* String
Password to be used for the encrypted key file.
##### *pbeOption* [Rsa.PbeOptions](#rsa_pbeoptions_rsa-pbeoptions)
Encryption scheme to encrypt private key [default = `pbeWithSHAAnd3-KeyTripleDES-CBC` from PKCS#12]
##### *paramString* String (Optional)
Optional parameters. A set of attribute name=value pairs separated by a semicolon ";" (see remarks).
##### *format* [Rsa.Format](#rsa_format_rsa-format) (Optional)
File format
#### Return Value
Int32
If successful, the return value is zero; otherwise it returns a nonzero [error code](#general_error-code)
Remarks
-------
Valid name-value pairs for `paramString` are:
| **count**=integer | To set the iteration count used in the PBKDF2 method, e.g. `"count=5000;"` [default=2048]. |
| ----------------- | -------------------------------------------------------------------------------------------------------------- |
| **prf**=hmac-name | To change the HMAC algorithm used in the PBKDF2 method, e.g. `"prf=hmacwithSHA256;"` [default=`hmacwithSHA1`]. |
Valid values for hmac-name are one of `{hmacWithSHA1, hmacWithSHA224, hmacWithSHA256, hmacWithSHA384, hmacWithSHA512}`.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.SaveEncPrivateKey(String, String, Int32, String, Rsa.PbeOptions, Rsa.Format) Method
=======================================================================================
Save a private key string to a PKCS-8 EncryptedPrivateKeyInfo file [DEPRECATED].
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ |
| **SaveEncPrivateKey(String, String, Int32, String, Rsa.PbeOptions, Rsa.Format)** | Save a private key string to a PKCS-8 EncryptedPrivateKeyInfo file [DEPRECATED]. |
| [SaveEncPrivateKey(String, String, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format)](#rsa_saveencprivatekey-string-string-int32-string-cipheralgorithm-hashalgorithm-rsa-format) | Save a private key string to a PKCS-8 EncryptedPrivateKeyInfo file using PBES2 algorithm [DEPRECATED]. |
Syntax
------
```csharp
public static int SaveEncPrivateKey(
string outputFile,
string privateKey,
int iterationCount,
string password,
Rsa.PbeOptions pbeOption,
Rsa.Format format
)
```
#### Parameters
##### *outputFile* String
Name of file to create
##### *privateKey* String
Private key in internal format
##### *iterationCount* Int32
Iteration count to be used when encrypting file
##### *password* String
Password string
##### *pbeOption* [Rsa.PbeOptions](#rsa_pbeoptions_rsa-pbeoptions)
Type of password-based encryption to use [default = pbeWithSHAAnd3-KeyTripleDES-CBC]
##### *format* [Rsa.Format](#rsa_format_rsa-format)
File format
#### Return Value
Int32
If successful, the return value is zero; otherwise it returns a nonzero [error code](#general_error-code)
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.SaveEncPrivateKey(String, String, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format) Method
=======================================================================================================
Save a private key string to a PKCS-8 EncryptedPrivateKeyInfo file using PBES2 algorithm [DEPRECATED].
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------ |
| [SaveEncPrivateKey(String, String, Int32, String, Rsa.PbeOptions, Rsa.Format)](#rsa_saveencprivatekey-string-string-int32-string-rsa-pbeoptions-rsa-format) | Save a private key string to a PKCS-8 EncryptedPrivateKeyInfo file [DEPRECATED]. |
| **SaveEncPrivateKey(String, String, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format)** | Save a private key string to a PKCS-8 EncryptedPrivateKeyInfo file using PBES2 algorithm [DEPRECATED]. |
Syntax
------
```csharp
public static int SaveEncPrivateKey(
string outputFile,
string privateKey,
int iterationCount,
string password,
CipherAlgorithm cipherAlg,
HashAlgorithm hashAlg,
Rsa.Format format
)
```
#### Parameters
##### *outputFile* String
Name of file to create
##### *privateKey* String
Private key in internal format
##### *iterationCount* Int32
Iteration count to be used when encrypting file
##### *password* String
Password string
##### *cipherAlg* [CipherAlgorithm](#cipheralgorithm_cipheralgorithm)
Block cipher to use for encryption scheme [default = des-ede3-cbc]
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash function to use in PRF HMAC algorithm [default = hmacWithSHA1]
##### *format* [Rsa.Format](#rsa_format_rsa-format)
File format
#### Return Value
Int32
If successful, the return value is zero; otherwise it returns a nonzero [error code](#general_error-code)
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.SavePrivateKeyInfo Method
=============================
Save a private key string to an (unencrypted) PKCS-8 private key info file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int SavePrivateKeyInfo(
string outputFile,
string privateKey,
Rsa.Format format
)
```
#### Parameters
##### *outputFile* String
Name of file to create
##### *privateKey* String
Private key in internal format
##### *format* [Rsa.Format](#rsa_format_rsa-format)
File format
#### Return Value
Int32
If successful, the return value is zero; otherwise it returns a nonzero [error code](#general_error-code)
Remarks
-------
Do **not** use for a production key.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.SavePublicKey Method
========================
Save a public key string to PKCS-1 public key file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int SavePublicKey(
string outputFile,
string publicKey,
Rsa.Format format
)
```
#### Parameters
##### *outputFile* String
Name of file to create
##### *publicKey* String
Public key in internal format
##### *format* [Rsa.Format](#rsa_format_rsa-format)
File format
#### Return Value
Int32
If successful, the return value is zero; otherwise it returns a nonzero [error code](#general_error-code)
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.ToXMLString(String, Rsa.XmlOptions) Method
==============================================
Create an XML string representation of an RSA internal key string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------- |
| **ToXMLString(String, Rsa.XmlOptions)** | Create an XML string representation of an RSA internal key string. |
| [ToXMLString(String, String, Rsa.XmlOptions)](#rsa_toxmlstring-string-string-rsa-xmloptions) | Create an XML string representation of an RSA internal key string with option to add a namespace prefix. |
Syntax
------
```csharp
public static string ToXMLString(
string intKeyString,
Rsa.XmlOptions options
)
```
#### Parameters
##### *intKeyString* String
Internal key string
##### *options* [Rsa.XmlOptions](#rsa_xmloptions_rsa-xmloptions)
Option flags: set as zero for defaults.
#### Return Value
String
XML string or empty string on error
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.ToXMLString(String, String, Rsa.XmlOptions) Method
======================================================
Create an XML string representation of an RSA internal key string with option to add a namespace prefix.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ----------------------------------------------- | -------------------------------------------------------------------------------------------------------- |
| [ToXMLString(String, Rsa.XmlOptions)](#rsa_toxmlstring-string-rsa-xmloptions) | Create an XML string representation of an RSA internal key string. |
| **ToXMLString(String, String, Rsa.XmlOptions)** | Create an XML string representation of an RSA internal key string with option to add a namespace prefix. |
Syntax
------
```csharp
public static string ToXMLString(
string intKeyString,
string prefix,
Rsa.XmlOptions options
)
```
#### Parameters
##### *intKeyString* String
Internal key string
##### *prefix* String
Prefix to add to elements, e.g. `"ds"` or `"ds:"`.
##### *options* [Rsa.XmlOptions](#rsa_xmloptions_rsa-xmloptions)
Option flags: set as zero for defaults.
#### Return Value
String
XML string or empty string on error
Remarks
-------
Use this extended function to add a namespace prefix to all elements in the XML output; for example, <ds:RSAKeyValue>. Note that it's up to the user to map the prefix to a URI somewhere in the final XML document.
See Also
--------
[Rsa Class](#rsa_rsa)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Sig Class
=========
Signature creation and verification
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Sig**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Sig
```
The **Sig** type exposes the following members.
Methods
-------
| Name | Description |
| ------------------------- | ------------------------------------------------------------- |
| [GetHashAlgFromSigAlg](#sig_gethashalgfromsigalg) | Get the hash algorithm used in the signature algorithm. |
| [SignData](#sig_signdata-byte-string-string-sigalgorithm-sig-sigoptions-sig-encoding) | Compute a signature value over data in a byte array. |
| [SignDigest](#sig_signdigest) | Compute a signature value over a message digest value. |
| [SignFile](#sig_signfile) | Compute a signature value over binary data in a file. |
| [VerifyData](#sig_verifydata) | Verify a signature value over data in a byte array. |
| [VerifyDigest](#sig_verifydigest) | Verify a signature value over a message digest value of data. |
| [VerifyFile](#sig_verifyfile) | Verify a signature value over data in a file. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Sig.GetHashAlgFromSigAlg Method
===============================
Get the hash algorithm used in the signature algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static HashAlgorithm GetHashAlgFromSigAlg(
SigAlgorithm sigAlg
)
```
#### Parameters
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm
#### Return Value
[HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm used in sigAlg
See Also
--------
[Sig Class](#sig_sig)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Sig.SignDigest Method
=====================
Compute a signature value over a message digest value.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string SignDigest(
byte[] digest,
string privateKeyFile,
string password,
SigAlgorithm sigAlg,
Sig.SigOptions sigOpts = Sig.SigOptions.Default,
Sig.Encoding sigEncoding = Sig.Encoding.Default
)
```
#### Parameters
##### *digest* Byte[]
digest value in a byte array
##### *privateKeyFile* String
Name of private key file (or a string containing the key in PEM format, or an internal private key)
##### *password* String
Password for the private key, if encrypted
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm to be used
##### *sigOpts* [Sig.SigOptions](#sig_sigoptions_sig-sigoptions) (Optional)
(optional) Options for ECDSA and RSA-PSS signatures
##### *sigEncoding* [Sig.Encoding](#sig_encoding_sig-encoding) (Optional)
Optional encodings for output [default=base64]
#### Return Value
String
The encoded signature, or an empty string on error
See Also
--------
[Sig Class](#sig_sig)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Sig.SignFile Method
===================
Compute a signature value over binary data in a file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string SignFile(
string dataFile,
string privateKeyFile,
string password,
SigAlgorithm sigAlg,
Sig.SigOptions sigOpts = Sig.SigOptions.Default,
Sig.Encoding sigEncoding = Sig.Encoding.Default
)
```
#### Parameters
##### *dataFile* String
Name of input file containing data to be signed
##### *privateKeyFile* String
Name of private key file (or a string containing the key in PEM format, or an internal private key)
##### *password* String
Password for the private key, if encrypted
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm to be used
##### *sigOpts* [Sig.SigOptions](#sig_sigoptions_sig-sigoptions) (Optional)
(optional) Options for ECDSA and RSA-PSS signatures
##### *sigEncoding* [Sig.Encoding](#sig_encoding_sig-encoding) (Optional)
Optional encodings for output [default=base64]
#### Return Value
String
The encoded signature, or an empty string on error
See Also
--------
[Sig Class](#sig_sig)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Sig.VerifyData Method
=====================
Verify a signature value over data in a byte array.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int VerifyData(
string sigStr,
byte[] data,
string certOrKeyFile,
SigAlgorithm sigAlg,
Sig.VerifyOpts opts = Sig.VerifyOpts.Default
)
```
#### Parameters
##### *sigStr* String
Encoded signature value
##### *data* Byte[]
Input data to be verified
##### *certOrKeyFile* String
The X.509 certificate or public key file name (or a string containing the certificate or key in PEM format or base64 representation, or an internal key string).
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm used to create signature.
##### *opts* [Sig.VerifyOpts](#sig_verifyopts_sig-verifyopts) (Optional)
(optional) Advanced options for RSA-PSS only.
#### Return Value
Int32
Zero (0) if the signature is valid; otherwise a negative [error code](#general_error-code).
Remarks
-------
Any valid encodings of the signature value are detected automatically.
Example
-------
```csharp
string certFile = "AliceRSASignByCarl.cer"; // Used to verify signature
// Signed data: a byte array with ASCII string "abc"
byte[] b = System.Text.Encoding.Default.GetBytes("abc");
string sig = // Alice/'abc'/SHA-1
"YK1aePtKQDDsVCyJdM0V9VOE6DZVTO3ZoyLV9BNcYmep0glwxU5mUQcLAUTUOETImTIN2Pp4Gffr" +
"xqdxUoczLshnXBNhg7P4ofge+WlBgmcTCnVv27LHHZpmdEbjTg6tnPMb+2b4FvMZ0LfkMKXyiRVTmG4A" +
"NyAmHH6QIsDZ8R8=";
int n = Sig.VerifyData(sig, b, certFile, SigAlgorithm.Default);
Console.WriteLine("Sig.VerifyData returns " + n + " (expecting 0)");
Debug.Assert(0 == n, "Sig.VerifyData failed");
```
See Also
--------
[Sig Class](#sig_sig)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Sig.VerifyDigest Method
=======================
Verify a signature value over a message digest value of data.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int VerifyDigest(
string sigStr,
byte[] digest,
string certOrKeyFile,
SigAlgorithm sigAlg,
Sig.VerifyOpts opts = Sig.VerifyOpts.Default
)
```
#### Parameters
##### *sigStr* String
Containing the encoded signature value
##### *digest* Byte[]
Byte array containing the message digest value of the data to be verified
##### *certOrKeyFile* String
Specifying the X.509 certificate or public key file name (or a string containing the certificate or key in PEM format or base64 representation, or an internal key string).
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm used to create signature.
##### *opts* [Sig.VerifyOpts](#sig_verifyopts_sig-verifyopts) (Optional)
Advanced options for RSA-PSS only (optional)
#### Return Value
Int32
Zero (0) if the signature is valid; otherwise a negative [error code](#general_error-code).
Remarks
-------
Any valid encodings of the signature value are detected automatically.
See Also
--------
[Sig Class](#sig_sig)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Sig.VerifyFile Method
=====================
Verify a signature value over data in a file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int VerifyFile(
string sigStr,
string dataFile,
string certOrKeyFile,
SigAlgorithm sigAlg,
Sig.VerifyOpts opts = Sig.VerifyOpts.Default
)
```
#### Parameters
##### *sigStr* String
Containing the encoded signature value
##### *dataFile* String
Name of file containing data to be verified
##### *certOrKeyFile* String
Specifying the X.509 certificate or public key file name (or a string containing the certificate or key in PEM format or base64 representation, or an internal key string).
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm used to create signature.
##### *opts* [Sig.VerifyOpts](#sig_verifyopts_sig-verifyopts) (Optional)
Advanced options for RSA-PSS only (optional)
#### Return Value
Int32
Zero (0) if the signature is valid; otherwise a negative [error code](#general_error-code).
Remarks
-------
Any valid encodings of the signature value are detected automatically.
See Also
--------
[Sig Class](#sig_sig)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Smime Class
===========
S/MIME utilities
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Smime**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Smime
```
The **Smime** type exposes the following members.
Methods
-------
| Name | Description |
| ------------ | ------------------------------------------------ |
| [Extract](#smime_extract) | Extract the body from an S/MIME entity. |
| [Query](#smime_query) | Query an S/MIME entity for selected information. |
| [Wrap](#smime_wrap) | Wrap a CMS object in an S/MIME entity. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Smime.Extract Method
====================
Extract the body from an S/MIME entity.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int Extract(
string outputFile,
string inputFile,
Smime.Options opts
)
```
#### Parameters
##### *outputFile* String
Name of output file to be created
##### *inputFile* String
Name of input file containing S/MIME entity
##### *opts* [Smime.Options](#smime_options_smime-options)
Options
#### Return Value
Int32
A positive number giving the size of the output file in bytes; otherwise it returns an [error code](#general_error-code)
Remarks
-------
This is designed to extract the body from an S/MIME entity with a content type of `application/pkcs7-mime` with base64 or binary transfer encoding. In practice, it will extract the body from almost any type of S/MIME (or MIME) file, except one with quoted-printable transfer encoding. By default the output is encoded in binary. Use the [EncodeBase64](#smime_options_encodebase64) option to encode the output in base64.
See Also
--------
[Smime Class](#smime_smime)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Smime.Query Method
==================
Query an S/MIME entity for selected information.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string Query(
string inputFile,
string query
)
```
#### Parameters
##### *inputFile* String
Name of file containing S/MIME entity
##### *query* String
Query string (case insensitive)
#### Return Value
String
String containing the result or an empty string if not found or error.
Remarks
-------
Valid queries are:
| `"content-type"` | Value of Content-Type, e.g. `"application/pkcs7-mime"`. |
| ---------------- | ------------------------------------------------------------------------------ |
| `"smime-type"` | Value of smime-type parameter of Content-Type, e.g. , e.g. `"enveloped-data"`. |
| `"encoding"` | Value of Content-Transfer-Encoding, e.g. "base64". |
| `"name"` | Value of name parameter of Content-Type, e.g. "smime.p7m" |
| `"filename"` | Value of filename parameter of Content-Disposition, e.g. "smime.p7m". |
See Also
--------
[Smime Class](#smime_smime)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Smime.Wrap Method
=================
Wrap a CMS object in an S/MIME entity.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int Wrap(
string outputFile,
string inputFile,
Smime.Options opts
)
```
#### Parameters
##### *outputFile* String
Output file to be created
##### *inputFile* String
Input file containing CMS object
##### *opts* [Smime.Options](#smime_options_smime-options)
Options
#### Return Value
Int32
A positive number giving the size of the output file in bytes; otherwise it returns an [error code](#general_error-code)
Remarks
-------
The input file is expected to be a binary CMS object of type enveloped-data, signed-data or compressed-data; otherwise it is an error. The type of input file is detected automatically. By default the body is encoded in base64 encoding. Use the [EncodeBinary](#smime_options_encodebinary) option to encode the body in binary.
See Also
--------
[Smime Class](#smime_smime)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea Class
==========
Triple DES Cipher (3DES, TDEA) [deprecated: use Cipher() class with CipherAlgorithm.Tdea instead]
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Tdea**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Tdea
```
The **Tdea** type exposes the following members.
Methods
-------
| Name | Description |
| -------------------------------------------------------- | ------------------------------------------------- |
| [Decrypt(Byte[], Byte[], Mode, Byte[])](#tdea_decrypt-byte-byte-mode-byte) | Decrypt data in byte array. |
| [Decrypt(String, String, Mode, String)](#tdea_decrypt-string-string-mode-string) | Decrypt hex-encoded data string. |
| [Decrypt(String, String, Mode, String, EncodingBase)](#tdea_decrypt-string-string-mode-string-encodingbase) | Decrypt encoded data string. |
| [Encrypt(Byte[], Byte[], Mode, Byte[])](#tdea_encrypt-byte-byte-mode-byte) | Encrypt data in byte array. |
| [Encrypt(String, String, Mode, String)](#tdea_encrypt-string-string-mode-string) | Encrypt hex-encoded data string. |
| [Encrypt(String, String, Mode, String, EncodingBase)](#tdea_encrypt-string-string-mode-string-encodingbase) | Encrypt encoded data string. |
| [FileDecrypt(String, String, Byte[], Mode, Byte[])](#tdea_filedecrypt-string-string-byte-mode-byte) | Decrypt a file. |
| [FileDecrypt(String, String, String, Mode, String)](#tdea_filedecrypt-string-string-string-mode-string) | Decrypt a file passing key and IV as hex strings. |
| [FileEncrypt(String, String, Byte[], Mode, Byte[])](#tdea_fileencrypt-string-string-byte-mode-byte) | Encrypt a file. |
| [FileEncrypt(String, String, String, Mode, String)](#tdea_fileencrypt-string-string-string-mode-string) | Encrypt a file passing key and IV as hex strings. |
Fields
------
| Name | Description |
| --------------- | ------------------- |
| [BlockSize](#tdea_blocksize) | Block size in bytes |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.Decrypt(Byte[], Byte[], Mode, Byte[]) Method
=================================================
Decrypt data in byte array.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| -------------------------------------------------------- | -------------------------------- |
| **Decrypt(Byte[], Byte[], Mode, Byte[])** | Decrypt data in byte array. |
| [Decrypt(String, String, Mode, String)](#tdea_decrypt-string-string-mode-string) | Decrypt hex-encoded data string. |
| [Decrypt(String, String, Mode, String, EncodingBase)](#tdea_decrypt-string-string-mode-string-encodingbase) | Decrypt encoded data string. |
Syntax
------
```csharp
public static byte[] Decrypt(
byte[] input,
byte[] key,
Mode mode,
byte[] iv
)
```
#### Parameters
##### *input* Byte[]
Input data
##### *key* Byte[]
Key of exactly 24 bytes (192 bits)
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *iv* Byte[]
IV of exactly 8 bytes or `null` for ECB mode
#### Return Value
Byte[]
Decrypted data in byte array or empty array on error
Remarks
-------
For ECB and CBC modes, input data length **must** be an exact multiple of the block length
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.Decrypt(String, String, Mode, String) Method
=================================================
Decrypt hex-encoded data string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| -------------------------------------------------------- | -------------------------------- |
| [Decrypt(Byte[], Byte[], Mode, Byte[])](#tdea_decrypt-byte-byte-mode-byte) | Decrypt data in byte array. |
| **Decrypt(String, String, Mode, String)** | Decrypt hex-encoded data string. |
| [Decrypt(String, String, Mode, String, EncodingBase)](#tdea_decrypt-string-string-mode-string-encodingbase) | Decrypt encoded data string. |
Syntax
------
```csharp
public static string Decrypt(
string inputHex,
string keyHex,
Mode mode,
string ivHex
)
```
#### Parameters
##### *inputHex* String
Hex-encoded input data
##### *keyHex* String
Hex-encoded key representing exactly 24 bytes (192 bits)
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *ivHex* String
Hex-encoded IV representing exactly 8 bytes or `""` for ECB mode
#### Return Value
String
Decrypted data in hex-encoded string or empty string on error
Remarks
-------
For ECB and CBC modes, the length of the decoded input bytes **must** be an exact multiple of the block length
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.Decrypt(String, String, Mode, String, EncodingBase) Method
===============================================================
Decrypt encoded data string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------- | -------------------------------- |
| [Decrypt(Byte[], Byte[], Mode, Byte[])](#tdea_decrypt-byte-byte-mode-byte) | Decrypt data in byte array. |
| [Decrypt(String, String, Mode, String)](#tdea_decrypt-string-string-mode-string) | Decrypt hex-encoded data string. |
| **Decrypt(String, String, Mode, String, EncodingBase)** | Decrypt encoded data string. |
Syntax
------
```csharp
public static string Decrypt(
string inputStr,
string keyStr,
Mode mode,
string ivStr,
EncodingBase encodingBase
)
```
#### Parameters
##### *inputStr* String
Encoded input data
##### *keyStr* String
Encoded key representing exactly 24 bytes (192 bits)
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *ivStr* String
Encoded IV representing exactly 8 bytes or `""` for ECB mode
##### *encodingBase* [EncodingBase](#encodingbase_encodingbase)
Type of encoding used
#### Return Value
String
Decrypted data in encoded string or empty string on error
Remarks
-------
For ECB and CBC modes, the length of the decoded input bytes **must** be an exact multiple of the block length
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.Encrypt(Byte[], Byte[], Mode, Byte[]) Method
=================================================
Encrypt data in byte array.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| -------------------------------------------------------- | -------------------------------- |
| **Encrypt(Byte[], Byte[], Mode, Byte[])** | Encrypt data in byte array. |
| [Encrypt(String, String, Mode, String)](#tdea_encrypt-string-string-mode-string) | Encrypt hex-encoded data string. |
| [Encrypt(String, String, Mode, String, EncodingBase)](#tdea_encrypt-string-string-mode-string-encodingbase) | Encrypt encoded data string. |
Syntax
------
```csharp
public static byte[] Encrypt(
byte[] input,
byte[] key,
Mode mode,
byte[] iv
)
```
#### Parameters
##### *input* Byte[]
Input data
##### *key* Byte[]
Key of exactly 24 bytes (192 bits)
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *iv* Byte[]
IV of exactly 8 bytes or `null` for ECB mode
#### Return Value
Byte[]
Ciphertext in byte array or empty array on error
Remarks
-------
For ECB and CBC modes, input data length **must** be an exact multiple of the block length
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.Encrypt(String, String, Mode, String) Method
=================================================
Encrypt hex-encoded data string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| -------------------------------------------------------- | -------------------------------- |
| [Encrypt(Byte[], Byte[], Mode, Byte[])](#tdea_encrypt-byte-byte-mode-byte) | Encrypt data in byte array. |
| **Encrypt(String, String, Mode, String)** | Encrypt hex-encoded data string. |
| [Encrypt(String, String, Mode, String, EncodingBase)](#tdea_encrypt-string-string-mode-string-encodingbase) | Encrypt encoded data string. |
Syntax
------
```csharp
public static string Encrypt(
string inputHex,
string keyHex,
Mode mode,
string ivHex
)
```
#### Parameters
##### *inputHex* String
Hex-encoded input data
##### *keyHex* String
Hex-encoded key representing exactly 24 bytes (192 bits)
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *ivHex* String
Hex-encoded IV representing exactly 8 bytes or `""` for ECB mode
#### Return Value
String
Ciphertext in hex-encoded string or empty string on error
Remarks
-------
For ECB and CBC modes, the length of the decoded input bytes **must** be an exact multiple of the block length
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.Encrypt(String, String, Mode, String, EncodingBase) Method
===============================================================
Encrypt encoded data string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------- | -------------------------------- |
| [Encrypt(Byte[], Byte[], Mode, Byte[])](#tdea_encrypt-byte-byte-mode-byte) | Encrypt data in byte array. |
| [Encrypt(String, String, Mode, String)](#tdea_encrypt-string-string-mode-string) | Encrypt hex-encoded data string. |
| **Encrypt(String, String, Mode, String, EncodingBase)** | Encrypt encoded data string. |
Syntax
------
```csharp
public static string Encrypt(
string inputStr,
string keyStr,
Mode mode,
string ivStr,
EncodingBase encodingBase
)
```
#### Parameters
##### *inputStr* String
Encoded input data
##### *keyStr* String
Encoded key representing exactly 24 bytes (192 bits)
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *ivStr* String
Encoded IV representing exactly 8 bytes or `""` for ECB mode
##### *encodingBase* [EncodingBase](#encodingbase_encodingbase)
Type of encoding used
#### Return Value
String
Ciphertext in hex-encoded string or empty string on error
Remarks
-------
For ECB and CBC modes, the length of the decoded input bytes **must** be an exact multiple of the block length
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.FileDecrypt(String, String, Byte[], Mode, Byte[]) Method
=============================================================
Decrypt a file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------ | ------------------------------------------------- |
| **FileDecrypt(String, String, Byte[], Mode, Byte[])** | Decrypt a file. |
| [FileDecrypt(String, String, String, Mode, String)](#tdea_filedecrypt-string-string-string-mode-string) | Decrypt a file passing key and IV as hex strings. |
Syntax
------
```csharp
public static int FileDecrypt(
string fileOut,
string fileIn,
byte[] key,
Mode mode,
byte[] iv
)
```
#### Parameters
##### *fileOut* String
Name of output file to be created or overwritten
##### *fileIn* String
Name of input file
##### *key* Byte[]
Key of exactly 8 bytes (64 bits)
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *iv* Byte[]
IV of exactly 8 bytes or `null` for ECB mode
#### Return Value
Int32
0 if successful or non-zero [error code](#general_error-code)
Remarks
-------
`fileOut` and `fileIn` must **not** be the same
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.FileDecrypt(String, String, String, Mode, String) Method
=============================================================
Decrypt a file passing key and IV as hex strings.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------ | ------------------------------------------------- |
| [FileDecrypt(String, String, Byte[], Mode, Byte[])](#tdea_filedecrypt-string-string-byte-mode-byte) | Decrypt a file. |
| **FileDecrypt(String, String, String, Mode, String)** | Decrypt a file passing key and IV as hex strings. |
Syntax
------
```csharp
public static int FileDecrypt(
string fileOut,
string fileIn,
string keyHex,
Mode mode,
string ivHex
)
```
#### Parameters
##### *fileOut* String
Name of output file to be created or overwritten
##### *fileIn* String
Name of input file
##### *keyHex* String
Hex-encoded key of exact length
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *ivHex* String
Hex-encoded IV or `""` for ECB mode
#### Return Value
Int32
0 if successful or non-zero [error code](#general_error-code)
Remarks
-------
`fileOut` and `fileIn` must **not** be the same. The output file is in binary format.
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.FileEncrypt(String, String, Byte[], Mode, Byte[]) Method
=============================================================
Encrypt a file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------ | ------------------------------------------------- |
| **FileEncrypt(String, String, Byte[], Mode, Byte[])** | Encrypt a file. |
| [FileEncrypt(String, String, String, Mode, String)](#tdea_fileencrypt-string-string-string-mode-string) | Encrypt a file passing key and IV as hex strings. |
Syntax
------
```csharp
public static int FileEncrypt(
string fileOut,
string fileIn,
byte[] key,
Mode mode,
byte[] iv
)
```
#### Parameters
##### *fileOut* String
Name of output file to be created or overwritten
##### *fileIn* String
Name of input file
##### *key* Byte[]
Key of exactly 24 bytes (192 bits)
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *iv* Byte[]
IV of exactly 8 bytes or `null` for ECB mode
#### Return Value
Int32
0 if successful or non-zero [error code](#general_error-code)
Remarks
-------
`fileOut` and `fileIn` must **not** be the same
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.FileEncrypt(String, String, String, Mode, String) Method
=============================================================
Encrypt a file passing key and IV as hex strings.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Overloads
---------
| Name | Description |
| ------------------------------------------------------ | ------------------------------------------------- |
| [FileEncrypt(String, String, Byte[], Mode, Byte[])](#tdea_fileencrypt-string-string-byte-mode-byte) | Encrypt a file. |
| **FileEncrypt(String, String, String, Mode, String)** | Encrypt a file passing key and IV as hex strings. |
Syntax
------
```csharp
public static int FileEncrypt(
string fileOut,
string fileIn,
string keyHex,
Mode mode,
string ivHex
)
```
#### Parameters
##### *fileOut* String
Name of output file to be created or overwritten
##### *fileIn* String
Name of input file
##### *keyHex* String
Hex-encoded key of exact length
##### *mode* [Mode](#mode_mode)
Cipher Mode
##### *ivHex* String
Hex-encoded IV or `""` for ECB mode
#### Return Value
Int32
0 if successful or non-zero [error code](#general_error-code)
Remarks
-------
`fileOut` and `fileIn` must **not** be the same. The output file is in binary format.
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Tdea.BlockSize Field
====================
Block size in bytes
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public const int BlockSize = 8
```
#### Field Value
Int32
See Also
--------
[Tdea Class](#tdea_tdea)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Wipe Class
==========
Data Wiping Functions
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Wipe**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Wipe
```
The **Wipe** type exposes the following members.
Methods
-------
| Name | Description |
| ----------- | --------------------------------------------- |
| [Data](#wipe_data) | Zeroise data in memory. |
| [File](#wipe_file) | Securely wipe and delete a file with options. |
| [String](#wipe_wipe-string-sb) | Zeroise a StringBuilder. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Wipe.Data Method
================
Zeroise data in memory.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static bool Data(
byte[] data
)
```
#### Parameters
##### *data* Byte[]
data to be wiped
#### Return Value
Boolean
`true` if successful; `false` if fails
Example
-------
```csharp
byte[] b = System.Text.Encoding.Default.GetBytes("Secret data");
Console.WriteLine("Before Wipe.Data, b = [{0}]", System.Text.Encoding.Default.GetString(b));
Wipe.Data(b);
Console.WriteLine("After Wipe.Data, b = [{0}]", System.Text.Encoding.Default.GetString(b));
// Before Wipe.Data, b = [Secret data]
// After Wipe.Data, b = [ ]
```
See Also
--------
[Wipe Class](#wipe_wipe)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Wipe.File Method
================
Securely wipe and delete a file with options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static bool File(
string fileName,
Wipe.Options opts = Wipe.Options.Default
)
```
#### Parameters
##### *fileName* String
Name of file to be wiped
##### *opts* [Wipe.Options](#wipe_options_wipe-options) (Optional)
Options (optional, default = DOD 7-pass)
#### Return Value
Boolean
`true` if successful; `false` if fails
Example
-------
```csharp
bool isok = Wipe.File("ImportantSecret.txt");
Debug.Assert(isok, "Failed to wipe file");
```
See Also
--------
[Wipe Class](#wipe_wipe)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509 Class
==========
X.509 Certificate Functions
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.X509**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class X509
```
The **X509** type exposes the following members.
Methods
-------
| Name | Description |
| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
| [CertExpiresOn](#x509_certexpireson) | Return date and time certificate expires. |
| [CertIssuedOn](#x509_certissuedon) | Return date and time certificate was issued. |
| [CertIssuerName](#x509_certissuername) | Get the issuer name of an X.509 certificate. |
| [CertIsValidNow](#x509_certisvalidnow) | Verify that an X.509 certificate is currently valid as per system clock. |
| [CertRequest](#x509_certrequest) | Create a PKCS #10 certificate signing request (CSR). |
| [CertSerialNumber](#x509_certserialnumber) | Return serial number in hex format. |
| [CertSubjectName](#x509_certsubjectname) | Get the subject name of an X.509 certificate. |
| [CertThumb](#x509_certthumb) | Calculate the thumbprint (message digest hash) of an X.509 certificate. |
| [CheckCertInCRL](#x509_checkcertincrl) | Check whether an X.509 certificate has been revoked in a Certificate Revocation List (CRL). |
| [GetCertCountInP7Chain](#x509_getcertcountinp7chain) | Return number of certificates in a PKCS-7 "certs-only" certificate chain file. |
| [GetCertFromP7Chain](#x509_getcertfromp7chain) | Extract an X.509 certificate from a PKCS-7 "certs-only" certificate chain file, saving the output directly as a new file. |
| [GetCertFromPFX](#x509_getcertfrompfx) | Extract an X.509 certificate from a PKCS-12 PFX/.p12 file, saving the output directly as a new file. |
| [GetP7ChainFromPFX](#x509_getp7chainfrompfx) | Extract all X.509 certificates from a PKCS-12 PFX/.p12 file, saving the output directly as a new PKCS-7 "certs-only" certificate chain file. |
| [HashIssuerAndSN](#x509_hashissuerandsn) | Create a message digest of the Issuer's name and the cert serial number. |
| [KeyUsageFlags](#x509_keyusageflags) | Returns a bitfield containing the `keyUsage` flags. |
| [MakeCert](#x509_makecert) | Create a new X.509 certificate using subject's public key and issuer's private key files with signature options. |
| [MakeCertSelf](#x509_makecertself) | Create a self-signed X.509 certificate with signature options. |
| [MakeCRL](#x509_makecrl) | Create an X.509 Certificate Revocation List (CRL). |
| [QueryCert](#x509_querycert) | Query an X.509 certificate file for selected information. |
| [ReadCertStringFromP7Chain](#x509_readcertstringfromp7chain) | Read an X.509 certificate into a base64 string from PKCS-7 "certs-only" data. |
| [ReadCertStringFromPFX](#x509_readcertstringfrompfx) | Read an X.509 certificate into a base64 string from PKCS-12 PFX/.p12 data. |
| [ReadStringFromFile](#x509_readstringfromfile) | Create a base64 string representation of a X.509 certificate file. |
| [SaveFileFromString](#x509_savefilefromstring) | Create a new X.509 certificate file from a base64 string representation. |
| [TextDump](#x509_textdump) | Dump details of an X.509 certificate or a X.509 certificate revocation list (CRL) or a PKCS-10 certificate signing request (CSR) to a text file. |
| [TextDumpToString](#x509_textdumptostring) | Dump details of an X.509 certificate or a X.509 certificate revocation list (CRL) or a PKCS-10 certificate signing request (CSR) to a string. |
| [ValidatePath](#x509_validatepath) | Validate a certificate path. |
| [VerifyCert](#x509_verifycert) | Verify that an X.509 certificate has been signed by its issuer. |
Fields
------
| Name | Description |
| ------------- | -------------------------------------------------------------------------------------------------------------- |
| [Expired](#x509_expired) | Return value from [X509.CertIsValidNow](#x509_certisvalidnow) indicating that the certificate has expired (`EXPIRED_ERROR`). |
| [Failure](#x509_failure) | Return value from [X509.VerifyCert](#x509_verifycert) indicating failure (`SIGNATURE_ERROR`). |
| [Invalid](#x509_invalid) | Return value from [X509.ValidatePath](#x509_validatepath) indicating that the certificate path is invalid (`CERT_PATH_ERROR`). |
| [Revoked](#x509_revoked) | Return value from [X509.CheckCertInCRL](#x509_checkcertincrl) indicating that the certificate is revoked (`REVOCATION_ERROR`). |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CertExpiresOn Method
=========================
Return date and time certificate expires.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string CertExpiresOn(
string certFile
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
#### Return Value
String
Date and time in ISO format or Empty string if error
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CertIssuedOn Method
========================
Return date and time certificate was issued.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string CertIssuedOn(
string certFile
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
#### Return Value
String
Date and time in ISO format or Empty string if error
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CertIssuerName Method
==========================
Get the issuer name of an X.509 certificate.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string CertIssuerName(
string certFile,
string delimiter = ";"
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
##### *delimiter* String (Optional)
Optional character for delimiter [default = semicolon ";"]
#### Return Value
String
Issuer name or Empty string if error
Remarks
-------
Use [X509.QueryCert](#x509_querycert) with query `"issuerName"` for more output options.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CertIsValidNow Method
==========================
Verify that an X.509 certificate is currently valid as per system clock.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static bool CertIsValidNow(
string certFile
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
#### Return Value
Boolean
True if certificate is currently valid, otherwise false
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CertRequest Method
=======================
Create a PKCS #10 certificate signing request (CSR).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int CertRequest(
string reqFile,
string privateKeyFile,
string distName,
string extensions,
string password,
SigAlgorithm sigAlg,
X509.CsrOptions opts
)
```
#### Parameters
##### *reqFile* String
Name of Certificate Signing Request file to be created
##### *privateKeyFile* String
Name of subject's encrypted private key file
##### *distName* String
Specifying the subject's distinguished name as a set of attribute key=value pairs separated with semi-colons (;). See [Specifying Distinguished Names](http://www.cryptosys.net/pki/manpki/pki_distnames.html)
##### *extensions* String
A list of attribute-value pairs to be included in an `extensionRequest` field. See [X.509 Extensions](http://www.cryptosys.net/pki/manpki/pki_x509extensions.html)
##### *password* String
password for Subject's encrypted private key file
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm (must match key type)
##### *opts* [X509.CsrOptions](#x509_csroptions_x509-csroptions)
Option flags: set as zero for defaults.
#### Return Value
Int32
Zero if successful or a non-zero [error code](#general_error-code)
Remarks
-------
An ECC key must use an ECDSA signature algorithm, and an RSA key must use an RSA signature algorithm.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CertSerialNumber Method
============================
Return serial number in hex format.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string CertSerialNumber(
string certFile
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
#### Return Value
String
Serial number in hex format or Empty string if error
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
[with query `serialNumber`.](#x509_querycert)
X509.CertSubjectName Method
===========================
Get the subject name of an X.509 certificate.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string CertSubjectName(
string certFile,
string delimiter = ";"
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
##### *delimiter* String (Optional)
Optional character for delimiter [default = semicolon ";"]
#### Return Value
String
Subject name or Empty string if error
Remarks
-------
Use [X509.QueryCert](#x509_querycert) with query `"subjectName"` for more output options.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CertThumb Method
=====================
Calculate the thumbprint (message digest hash) of an X.509 certificate.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string CertThumb(
string certFile,
HashAlgorithm hashAlg
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
##### *hashAlg* [HashAlgorithm](#hashalgorithm_hashalgorithm)
HashAlgorithm
#### Return Value
String
String containing the message digest in hexadecimal format
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CheckCertInCRL Method
==========================
Check whether an X.509 certificate has been revoked in a Certificate Revocation List (CRL).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int CheckCertInCRL(
string certFile,
string crlFile,
string issuerCert,
string dateStr
)
```
#### Parameters
##### *certFile* String
name of X.509 certificate to be checked (or base64 representation)
##### *crlFile* String
name of CRL file
##### *issuerCert* String
(optional) with name of X.509 certificate file for the entity that issued the CRL (or base64 representation)
##### *dateStr* String
(optional) with date in ISO format (`yyyy-mm-dd[Thh[:nn:ss]][Z]`) on or after you wish to check for revocation. Leave empty "" for any date. The time must be in GMT (UTC, Zulu time)
#### Return Value
Int32
Zero if the certificate is NOT in the CRL; [X509.Revoked](#x509_revoked) (`REVOCATION_ERROR` +42) if the certificate has been revoked; otherwise a nonzero [error code](#general_error-code).
Remarks
-------
The optional `dateStr` parameter allows you check whether a certificate was revoked only after the given date-time, which must be GMT (UTC). If the optional `issuerCert` is specified, the signature of the CRL will be checked against the key in the issuer's certificate and a SIGNATURE_ERROR will result if the signature is invalid.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
[VerifyCert(String, String)](#x509_verifycert)
[CertIsValidNow(String)](#x509_certisvalidnow)
X509.GetCertCountInP7Chain Method
=================================
Return number of certificates in a PKCS-7 "certs-only" certificate chain file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int GetCertCountInP7Chain(
string inputFile
)
```
#### Parameters
##### *inputFile* String
Name of the PKCS-7 "certs-only" file, or a string containing its PEM textual representation.
#### Return Value
Int32
Number of X.509 certificates found or a negative [error code](#general_error-code).
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.GetCertFromP7Chain Method
==============================
Extract an X.509 certificate from a PKCS-7 "certs-only" certificate chain file, saving the output directly as a new file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int GetCertFromP7Chain(
string outputFile,
string inputFile,
int index
)
```
#### Parameters
##### *outputFile* String
Name of output file to be created
##### *inputFile* String
Name of the PKCS-7 "certs-only" file, or a string containing its PEM textual representation.
##### *index* Int32
specifying which certificate (1,2,...) in the chain to extract.
#### Return Value
Int32
If successful and `index` is greater than zero, it returns the number of bytes written to the output file, which may be zero if no certificate could be found at the given index. If an error occurred, it returns a negative [error code](#general_error-code).
Remarks
-------
[New in v12.2] To find the number of certificates in the chain, use [GetCertCountInP7Chain](#x509_getcertcountinp7chain). The old (deprecated) way to find the count of certificates was to set `index` to zero.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.GetCertFromPFX Method
==========================
Extract an X.509 certificate from a PKCS-12 PFX/.p12 file, saving the output directly as a new file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int GetCertFromPFX(
string outputFile,
string inputFile,
string password = ""
)
```
#### Parameters
##### *outputFile* String
Name of output file to be created
##### *inputFile* String
Name of the PKCS-12 file, or a string containing its PEM textual representation.
##### *password* String (Optional)
Password or "" if not encrypted (default="")
#### Return Value
Int32
If successful, it returns the number of bytes written to the output file; otherwise it returns a negative [error code](#general_error-code)
Remarks
-------
Only supports weak 40-bit RC2 encryption for the certificate.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.GetP7ChainFromPFX Method
=============================
Extract all X.509 certificates from a PKCS-12 PFX/.p12 file, saving the output directly as a new PKCS-7 "certs-only" certificate chain file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int GetP7ChainFromPFX(
string outputFile,
string inputFile,
string password
)
```
#### Parameters
##### *outputFile* String
Name of output file to be created
##### *inputFile* String
Name of the PKCS-12 file, or a string containing its PEM textual representation.
##### *password* String
Password or "" if not encrypted
#### Return Value
Int32
If successful, it returns the number of bytes written to the output file; otherwise it returns a negative [error code](#general_error-code)
Remarks
-------
Only supports weak 40-bit RC2 encryption for the certificate.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.HashIssuerAndSN Method
===========================
Create a message digest of the Issuer's name and the cert serial number.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string HashIssuerAndSN(
string certFile,
HashAlgorithm algorithm
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
##### *algorithm* [HashAlgorithm](#hashalgorithm_hashalgorithm)
Hash algorithm to use [default = SHA-1]
#### Return Value
String
Message digest in hex format or Empty string if error
Remarks
-------
This (should) give a unique identifier for any certificate
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.KeyUsageFlags Method
=========================
Returns a bitfield containing the `keyUsage` flags.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int KeyUsageFlags(
string certFile
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
#### Return Value
Int32
If successful, it returns a positive integer containing the `keyUsage` flags; or 0 if no `keyUsage` flags are set; otherwise it returns a negative [error code](#general_error-code)
Remarks
-------
See [X509.KeyUsageOptions](#x509_keyusageoptions_x509-keyusageoptions).
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.MakeCert Method
====================
Create a new X.509 certificate using subject's public key and issuer's private key files with signature options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeCert(
string certFile,
string issuerCert,
string subjectPubKeyFile,
string issuerPriKeyFile,
int certNum,
int yearsValid,
string distName,
string extensions,
X509.KeyUsageOptions keyUsageOptions,
string password,
SigAlgorithm sigAlg,
X509.CertOptions options
)
```
#### Parameters
##### *certFile* String
Name of file to be created
##### *issuerCert* String
Name of issuer's certificate file
##### *subjectPubKeyFile* String
File containing subjects public key data
##### *issuerPriKeyFile* String
File containing issuer's private key data
##### *certNum* Int32
Issue number for new certificate
##### *yearsValid* Int32
How many years to be valid
##### *distName* String
Distinguished name string. See [Distinguished Names](http://www.cryptosys.net/pki/manpki/pki_distnames.html) in the main manual.
##### *extensions* String
Extensions: a list of attribute-value pairs separated by semicolons (;). See [X.509 Extensions Parameter](http://www.cryptosys.net/pki/manpki/pki_x509extensions.html) in the main manual.
##### *keyUsageOptions* [X509.KeyUsageOptions](#x509_keyusageoptions_x509-keyusageoptions)
Key usage options
##### *password* String
For issuer's private key, if encrypted.
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm to sign certificate.
##### *options* [X509.CertOptions](#x509_certoptions_x509-certoptions)
Option flags: set as zero for defaults.
#### Return Value
Int32
Zero if successful or a non-zero [error code](#general_error-code)
Remarks
-------
Valid extensions are:
| **rfc822Name**=string; | To set the rfc822 email address in the `subjectAltName` extension, e.g. `rfc822Name=myname@testorg.com`. |
| ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **serialNumber**=hex-digits; | To override the serial number set by `certNum` with a larger, unlimited integer in hexadecimal format, e.g. `serialNumber=12deadbeefcafe0123`. |
| **subjectKeyIdentifier**=hex-digits; | To set the `subjectAltName` extension with an octet string (binary) value specified in hex format e.g. `subjectKeyIdentifier=fedcba9876543210`. |
| **notAfter**=iso-date-string; | To override the validity period set by `yearsValid` with a specific date and time in ISO format, e.g. `notAfter=2020-12-31` or `notAfter=2020-12-31T14:03:59`. If no time is given it will default to 23:59:59. Note that this time is UTC (GMT) not local. |
| **notBefore**=iso-date-string; | To override the default start time from one minute ago to a specific date and time in ISO format, e.g. `notBefore=2008-12-31`. If no time is given it will default to 00:00:01. Note that this time is UTC (GMT) not local. |
| **<dotted-oid>**=#<hexstring>; | Add an arbitrary X.509 version 3 Extension with `typeID` set to decoded <dotted-oid> and `extnValue` set to ASN.1 value encoded in <hexstring>. |
As an alternative, you can create a new X.509 certificate using a PKCS-10 certificate signing request (CSR) file. Pass the name of the CSR file in the subjectPubkeyFile parameter and set the distName empty `""`. The empty distinguished name parameter is a flag that a CSR file is being used.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.MakeCertSelf Method
========================
Create a self-signed X.509 certificate with signature options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeCertSelf(
string certFile,
string privateKeyFile,
int certNum,
int yearsValid,
string distName,
string extensions,
X509.KeyUsageOptions keyUsageOptions,
string password,
SigAlgorithm sigAlg,
X509.CertOptions options
)
```
#### Parameters
##### *certFile* String
Name of file to be created
##### *privateKeyFile* String
File containing issuer's private key data
##### *certNum* Int32
Issue number for new certificate
##### *yearsValid* Int32
How many years to be valid
##### *distName* String
Distinguished name string. See [Distinguished Names](https://www.cryptosys.net/pki/manpki/pki_distnames.html) in the main manual.
##### *extensions* String
Extensions: a list of attribute-value pairs separated by semicolons (;). See [X.509 Extensions Parameter](https://www.cryptosys.net/pki/manpki/pki_x509extensions.html) in the main manual.
##### *keyUsageOptions* [X509.KeyUsageOptions](#x509_keyusageoptions_x509-keyusageoptions)
Key usage options
##### *password* String
For issuer's private key
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm to sign certificate.
##### *options* [X509.CertOptions](#x509_certoptions_x509-certoptions)
Option flags: set as zero for defaults.
#### Return Value
Int32
Zero if successful or a non-zero [error code](#general_error-code)
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.MakeCRL Method
===================
Create an X.509 Certificate Revocation List (CRL).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int MakeCRL(
string crlFile,
string issuerCert,
string issuerKeyFile,
string password,
string revokedCertList,
string extensions,
SigAlgorithm sigAlg,
X509.CrlOptions opts
)
```
#### Parameters
##### *crlFile* String
name of new CRL file to be created
##### *issuerCert* String
name of issuer's X.509 certificate file (or base64 representation)
##### *issuerKeyFile* String
name of issuer's encrypted private key file
##### *password* String
password for Issuer's encrypted private key file
##### *revokedCertList* String
list of revoked certificates in format `serialNumber,revocationDate; ...` or the empty string `""` for no revoked certificates. See the Remarks section below for more details
##### *extensions* String
A list of attribute-value pairs separated by semicolons (;) or the empty string `""`. Valid attribute-value pairs are: `lastUpdate`=iso-date-string`nextUpdate`=iso-date-string
##### *sigAlg* [SigAlgorithm](#sigalgorithm_sigalgorithm)
Signature algorithm.
##### *opts* [X509.CrlOptions](#x509_crloptions_x509-crloptions)
Options
#### Return Value
Int32
If successful, the return value is zero; otherwise it returns a non-zero [error code](#general_error-code).
Remarks
-------
This creates a version 1 CRL file with no extensions or cRLReason's. The parameter `revokedCertList` must be in the form `serialNumber,revocationDate;serialNumber,revocationDate; ...`. The serialNumber must either be a positive decimal integer (e.g. `123`) or the number in hex format preceded by #x (e.g. `#x0102deadbeef`). The revocation date must be in ISO date format (e.g. `2009-12-31T12:59:59Z`). For example,
`"1,2007-12-31; 2, 2009-12-31T12:59:59Z; 66000,2066-01-01; #x0102deadbeef,2010-02-28T01:01:59"`
By default, the `lastUpdate` time in the CRL is set to the time given by the system clock, and `nextUpdate` time is left empty. You can specify your own times using the `lastUpdate` and `nextUpdate` attributes in the extensions parameter. Times, if specified, must be in ISO 8601 format and are always interpreted as GMT times whether or not you add a "Z".
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.QueryCert Method
=====================
Query an X.509 certificate file for selected information.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string QueryCert(
string certFile,
string query,
X509.OutputOpts outOpts = X509.OutputOpts.Default
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
##### *query* String
Query string (case insensitive)
##### *outOpts* [X509.OutputOpts](#x509_outputopts_x509-outputopts) (Optional)
Optional options for output (default = 0)
#### Return Value
String
String containing the result, or an empty string if query not found or on error.
Remarks
-------
Both binary BER and PEM-format certificates can be read, as can a base64 representation of the certificate.
Valid queries are:
| `"version"` | X.509 version number, e.g. `"3"`. |
| ----------------------------- | ----------------------------------------------------------------------------------------- |
| `"serialNumber"` | Serial number in hex-encoded format. |
| `"signatureAlgorithm"` | Signature algorithm used, e.g. `"sha1WithRSAEncryption"`. |
| `"signatureValue"` | Signature value in hex-encoded format. |
| `"notBefore"` | Date on which the certificate validity period begins in ISO format `yyyy-mm-ddThh:nn:ssZ` |
| `"notAfter"` | Date on which the certificate validity period ends in ISO format `yyyy-mm-ddThh:nn:ssZ` |
| `"issuerName"` | Distinguished name (DN) of entity who has signed and issued the certificate. |
| `"subjectName"` | Distinguished name (DN) of the subject. |
| `"subjectPublicKeyAlgorithm"` | Algorithm used in subject's public key, e.g. `"dsa"`. |
| `"subjectKeyIdentifier"` | The subject key identifier extension, if present, in hex-encoded format. |
| `"authorityKeyIdentifier"` | The authority key identifier extension, if present, in hex-encoded format. |
| `"rfc822Name"` | Internet mail address contained in a subjectAltName extension, if present. |
| `"isCA"` | Returns `"1"` if the subject type is a CA, otherwise returns `"0"`. |
| `"keyUsageString"` | `keyUsage` flags in text format, e.g. `"digitalSignature,nonRepudiation"`. |
| `"extKeyUsageString"` | `extKeyUsage` purposes in text format, e.g. `"codeSigning,timeStamping"`. |
| `"cRLDistributionPointsURI"` | First URI found in `cRLDistributionPoints`, if any. |
| `"authorityInfoAccessURI"` | First URI found in `authorityInfoAccess`, if any. |
| `"subjectAltName"` | Subject alternative name extension, if present. |
| `"hashAlgorithm"` | Hash algorithm used in signature, e.g. `"sha256"`. |
| `"pssParams"` | Parameters used for RSA-PSS (if applicable). |
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.ReadCertStringFromP7Chain Method
=====================================
Read an X.509 certificate into a base64 string from PKCS-7 "certs-only" data.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ReadCertStringFromP7Chain(
string inputFile,
int index
)
```
#### Parameters
##### *inputFile* String
filename of a PKCS-7 "certs-only" file, or a string containing its PEM textual representation.
##### *index* Int32
specifying which certificate (1,2,...) in the chain to extract.
#### Return Value
String
String in continuous base64 format, or an empty string on error.
Remarks
-------
[New in v12.2] To find the number of certificates in the chain, use [GetCertCountInP7Chain](#x509_getcertcountinp7chain). The old (deprecated) way to find the count of certificates was to set `index` to zero.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.ReadCertStringFromPFX Method
=================================
Read an X.509 certificate into a base64 string from PKCS-12 PFX/.p12 data.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ReadCertStringFromPFX(
string inputFile,
string password
)
```
#### Parameters
##### *inputFile* String
filename of a PFX file, or a string containing its PEM textual representation.
##### *password* String
password for PFX or `""` if certificate is not encrypted
#### Return Value
String
String in continuous base64 format, or an empty string on error.
Remarks
-------
Only supports weak 40-bit RC2 encryption for the certificate.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.ReadStringFromFile Method
==============================
Create a base64 string representation of a X.509 certificate file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string ReadStringFromFile(
string certFile
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
#### Return Value
String
String in continuous base64 format, or an empty string on error.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.SaveFileFromString Method
==============================
Create a new X.509 certificate file from a base64 string representation.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int SaveFileFromString(
string newCertFile,
string certString,
bool inPEMFormat
)
```
#### Parameters
##### *newCertFile* String
Name of new certificate file to be created.
##### *certString* String
String containing certificate data in base64 format.
##### *inPEMFormat* Boolean
`True` to save in base64 PEM format, or `false` to save in binary DER format.
#### Return Value
Int32
Zero if successful or non-zero [error code](#general_error-code)
Remarks
-------
Any existing file of the same name will be overwritten without warning.
A PEM format file will start with `-----BEGIN CERTIFICATE-----`.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.TextDump Method
====================
Dump details of an X.509 certificate or a X.509 certificate revocation list (CRL) or a PKCS-10 certificate signing request (CSR) to a text file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int TextDump(
string outputFile,
string certFile,
X509.OutputOpts outOpts = X509.OutputOpts.Default
)
```
#### Parameters
##### *outputFile* String
Filename of text file to be created
##### *certFile* String
Filename of certificate file (or its base64 representation)
##### *outOpts* [X509.OutputOpts](#x509_outputopts_x509-outputopts) (Optional)
Options for output (optional)
#### Return Value
Int32
If successful, the return value is zero; otherwise it returns a nonzero error code.
Remarks
-------
The notation `[!]` denotes a critical extension, e.g. `Key Usage[!]:`.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.TextDumpToString Method
============================
Dump details of an X.509 certificate or a X.509 certificate revocation list (CRL) or a PKCS-10 certificate signing request (CSR) to a string.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static string TextDumpToString(
string certFile,
X509.OutputOpts outOpts = X509.OutputOpts.Default
)
```
#### Parameters
##### *certFile* String
Filename of certificate file (or its base64 representation)
##### *outOpts* [X509.OutputOpts](#x509_outputopts_x509-outputopts) (Optional)
Options for output
#### Return Value
String
String containing the result, or an empty string on error.
Remarks
-------
The notation `[!]` denotes a critical extension, e.g. `Key Usage[!]:`.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.ValidatePath Method
========================
Validate a certificate path.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int ValidatePath(
string certListOrP7File,
string trustedCert = "",
bool noTimeCheck = false
)
```
#### Parameters
##### *certListOrP7File* String
either a list of certificate names separated by a semicolon or the name of a PKCS-7 "certs-only" file containing the certificates to be validated
##### *trustedCert* String (Optional)
(optional) name of the trusted certificate (or base64 representation)
##### *noTimeCheck* Boolean (Optional)
Set True to avoid checking if the certificates are valid now [default = check validity dates against system clock].
#### Return Value
Int32
Zero if the certification path is valid; [X509.Invalid](#x509_invalid) (`CERT_PATH_ERROR` +43) if the path is invalid; otherwise a negative [error code](#general_error-code).
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.VerifyCert Method
======================
Verify that an X.509 certificate has been signed by its issuer.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static int VerifyCert(
string certToVerify,
string issuerCert
)
```
#### Parameters
##### *certToVerify* String
Filename of certificate to verify
##### *issuerCert* String
Filename of purported issuer's certificate
#### Return Value
Int32
Zero if the certificate's signature is valid; [X509.Failure](#x509_failure) (`SIGNATURE_ERROR` +22) if the validation fails; otherwise a positive [error code](#general_error-code).
Remarks
-------
This can also be used to verify that an X.509 Certificate Revocation List (CRL) or PKCS#10 Certification Signing Request (CSR) has been signed by the owner of the issuer's certificate. Just pass the name of the file (or its base64/PEM string form) as `certToVerify`.
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.Expired Field
==================
Return value from [X509.CertIsValidNow](#x509_certisvalidnow) indicating that the certificate has expired (`EXPIRED_ERROR`).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public const int Expired = 16
```
#### Field Value
Int32
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.Failure Field
==================
Return value from [X509.VerifyCert](#x509_verifycert) indicating failure (`SIGNATURE_ERROR`).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public const int Failure = 22
```
#### Field Value
Int32
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.Invalid Field
==================
Return value from [X509.ValidatePath](#x509_validatepath) indicating that the certificate path is invalid (`CERT_PATH_ERROR`).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public const int Invalid = 43
```
#### Field Value
Int32
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.Revoked Field
==================
Return value from [X509.CheckCertInCRL](#x509_checkcertincrl) indicating that the certificate is revoked (`REVOCATION_ERROR`).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public const int Revoked = 42
```
#### Field Value
Int32
See Also
--------
[X509 Class](#x509_x509)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Xof Class
=========
Extendable-output function (XOF) methods.
Inheritance Hierarchy
---------------------
System.Object
**CryptoSysPKI.Xof**
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public class Xof
```
The **Xof** type exposes the following members.
Methods
-------
| Name | Description |
| ---------- | --------------------------------------------------------- |
| [Bytes](#xof_bytes) | Generate bytes using an eXtendable-Output Function (XOF). |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Xof.Bytes Method
================
Generate bytes using an eXtendable-Output Function (XOF).
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public static byte[] Bytes(
int numBytes,
byte[] message,
Xof.Alg xofAlg
)
```
#### Parameters
##### *numBytes* Int32
Required number of output bytes.
##### *message* Byte[]
Input message data.
##### *xofAlg* [Xof.Alg](#xof_alg_xof-alg)
XOF algorithm.
#### Return Value
Byte[]
Output data in byte array.
Example
-------
```csharp
// Ref: "SHA-3 XOF Test Vectors for Byte-Oriented Output"
// File `SHAKE256VariableOut.rsp` COUNT = 1244
byte[] msg = "6ae23f058f0f2264a18cd609acc26dd4dbc00f5c3ee9e13ecaea2bb5a2f0bb6b".FromHex();
int nbytes = 2000 / 8; // 2000 bits == 250 bytes
byte[] b = Xof.Bytes(nbytes, msg, Xof.Alg.Shake256);
Console.WriteLine(b.ToHex());
/*
B9B92544FB25CFE4EC6FE437D8DA2BBE
00F7BDAFACE3DE97B8775A44D753C3AD
CA3F7C6F183CC8647E229070439AA953
9AE1F8F13470C9D3527FFFDEEF6C94F9
F0520FF0C1BA8B16E16014E1AF43AC6D
94CB7929188CCE9D7B02F81A2746F52B
A16988E5F6D93298D778DFE05EA0EF25
6AE3728643CE3E29C794A0370E9CA6A8
BF3E7A41E86770676AC106F7AE79E670
27CE7B7B38EFE27D253A52B5CB54D6EB
4367A87736ED48CB45EF27F42683DA14
0ED3295DFC575D3EA38CFC2A3697CC92
864305407369B4ABAC054E497378DD9F
D0C4B352EA3185CE1178B3DC1599DF69
DB29259D4735320C8E7D33E8226620C9
A1D22761F1D35BDFF79A*/
// Using MGF1-SHA-256. From SPHINCS+ test vectors r.3
int nbytes = 34;
byte[] msg = "3b5c056af3ebba70d4c805380420585562b32410a778f558ff951252407647e3".FromHex();
byte[] b = Xof.Bytes(nbytes, msg, Xof.Alg.Mgf1_Sha256);
Console.WriteLine(b.ToHex());
// 5B7EB772AECF04C74AF07D9D9C1C1F8D3A90DCDA00D5BAB1DC28DAECDC86EB87611
```
See Also
--------
[Xof Class](#xof_xof)
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
AeadAlgorithm Enumeration
=========================
Authenticated encryption algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum AeadAlgorithm
```
Members
-------
| Member name | Description |
| ----------------- | -------------------------------------------------------------------------------------- |
| Aes_128_Gcm | Use the AEAD_AES_128_GCM authenticated encryption algorithm from RFC 5116. |
| Aes_192_Gcm | Use the AES-192-GCM authenticated encryption algorithm in the same manner as RFC 5116. |
| Aes_256_Gcm | Use the AEAD_AES_256_GCM authenticated encryption algorithm from RFC 5116. |
| ChaCha20_Poly1305 | Use the AEAD_CHACHA20_POLY1305 authenticated encryption algorithm from RFC 8439. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Asn1.Options Enumeration
========================
Options for ASN.1 methods
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum Options
```
Members
-------
| Member name | Description |
| ----------- | ----------------------------------------------- |
| Default | Default options |
| NoComments | Hide the comments [default=show comments] |
| AddLevels | Show level numbers [default=hide level numbers] |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cipher.Opts Enumeration
=======================
Advanced options
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum Opts
```
Members
-------
| Member name | Description |
| ----------- | ---------------------------------------------------------------------------------- |
| Default | Default options |
| PrefixIV | Prefix (prepend) the IV before the ciphertext in the output (ignored for ECB mode) |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
CipherAlgorithm Enumeration
===========================
Block Cipher Algorithm
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum CipherAlgorithm
```
Members
-------
| Member name | Description |
| ----------- | --------------------------------- |
| Tdea | Triple DES (TDEA, 3DES, des-ede3) |
| Aes128 | AES-128 |
| Aes192 | AES-192 |
| Aes256 | AES-256 |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.ComprDataOptions Enumeration
================================
Advanced options for CMS compressed-data objects
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum ComprDataOptions
```
Members
-------
| Member name | Description |
| ----------- | ---------------------------------------------------- |
| Default | Default options. |
| NoInflate | Extract the compressed data as is without inflation. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.ContentEncrAlg Enumeration
==============================
Content encryption algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum ContentEncrAlg
```
Members
-------
| Member name | Description |
| ----------------- | ----------------------------------------------------------------------------- |
| Default | Default = AES-128 CHANGED in [v23.0] |
| Tdea | Triple DES (TDEA, 3DES, des-ede3) |
| Aes128 | AES-128 (default) |
| Aes192 | AES-192 |
| Aes256 | AES-256 |
| Aes_128_Gcm | AES-128-GCM authenticated encryption algorithm from RFC5116. |
| Aes_192_Gcm | AES-192-GCM authenticated encryption algorithm in the same manner as RFC5116. |
| Aes_256_Gcm | AES-256-GCM authenticated encryption algorithm from RFC5116. |
| ChaCha20_Poly1305 | AEAD_CHACHA20_POLY1305 authenticated encryption algorithm from RFC8439. |
Remarks
-------
New in [v22.0]. Supersedes CipherAlgorithm parameter. NOTE Default algorithm is now AES-128 (changed in [v23.0])
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.EnvDataOptions Enumeration
==============================
Advanced options for CMS enveloped-data objects.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum EnvDataOptions
```
Members
-------
| Member name | Description |
| ------------- | ----------------------------------------------------------------------------------------------------- |
| None | Default options. |
| Authenticated | **Obsolete.**
Use AES-GCM authenticated encryption instead of AES-CBC (redundant as of [v22.0]). |
| FormatBase64 | Encode output in base64 (default = binary). |
| Mgf1Sha1 | Force the MGF1 hash function to be SHA-1 (RSA-OAEP only, default = same as encoding hash function). |
| UseSki | Use subjectKeyIdentifier (SKI) instead of issuerAndSerialNumber for RecipientIdentifier. |
| AltAlgId | Use alternative (non-standard) alternative TeleTrusT Content Encryption Algorithm Identifier. |
| BigFile | Use to speed up the encryption of large files (binary file to binary file only). |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.Format Enumeration
======================
Output format.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Format
```
Members
-------
| Member name | Description |
| ------------ | ----------------------------------------------- |
| Default | Default output format |
| Binary | Binary output (default) |
| FormatBase64 | Output is encoded in base64 (default = binary). |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.KeyEncrAlgorithm Enumeration
================================
Key encryption algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum KeyEncrAlgorithm
```
Members
-------
| Member name | Description |
| ------------- | ----------------------------------------------------------------------------- |
| Default | Default |
| Rsa_Pkcs1v1_5 | RSAES-PKCS-v1_5 (`rsaEncryption`) |
| Rsa_Kem | Encrypt the key using the RSA Key Encapsulation Mechanism (RSA-KEM) algorithm |
| Rsa_Oaep | RSAES-OAEP |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.ReadOptions Enumeration
===========================
Options for reading CMS objects.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum ReadOptions
```
Members
-------
| Member name | Description |
| ----------- | ----------------------------------------------------------------------- |
| None | Default options. |
| BigFile | Use to speed up the encryption of large files (binary file input only). |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.SigAlg Enumeration
======================
Signature algorithm for CMS signed-data objects.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum SigAlg
```
Members
-------
| Member name | Description |
| -------------- | -------------------------------------------------------------------------------- |
| Default | Use default signature algorithm (rsa-sha1/sha1WithRSAEncryption) |
| Rsa_Sha1 | Use sha1WithRSAEncryption (rsa-sha1) signature algorithm [default] |
| Rsa_Md5 | Use md5WithRSAEncryption (rsa-md5) signature algorithm [legacy, not recommended] |
| Rsa_Sha256 | Use sha256WithRSAEncryption (rsa-sha256) signature algorithm |
| Rsa_Sha384 | Use sha384WithRSAEncryption (rsa-sha384) signature algorithm |
| Rsa_Sha512 | Use sha512WithRSAEncryption (rsa-sha512) signature algorithm |
| Rsa_Sha224 | Use sha224WithRSAEncryption (rsa-sha224) signature algorithm |
| Ecdsa_Sha1 | Use ecdsaWithSHA1 (ecdsa-sha1) signature algorithm |
| Ecdsa_Sha224 | Use ecdsaWithSHA224 (ecdsa-sha224) signature algorithm |
| Ecdsa_Sha256 | Use ecdsaWithSHA256 (ecdsa-sha256) signature algorithm |
| Ecdsa_Sha384 | Use ecdsaWithSHA384 (ecdsa-sha384) signature algorithm |
| Ecdsa_Sha512 | Use ecdsaWithSHA512 (ecdsa-sha512) signature algorithm |
| Rsa_Pss_Sha1 | Use RSA-PSS signature algorithm with SHA-1 |
| Rsa_Pss_Sha256 | Use RSA-PSS signature algorithm with SHA-256 |
| Rsa_Pss_Sha384 | Use RSA-PSS signature algorithm with SHA-384 |
| Rsa_Pss_Sha512 | Use RSA-PSS signature algorithm with SHA-512 |
| Rsa_Pss_Sha224 | Use RSA-PSS signature algorithm with SHA-224 |
| Ed25519 | Use Ed25519 signature algorithm [RFC8032] |
| Ed448 | Use Ed448 signature algorithm [RFC8032 |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cms.SigDataOptions Enumeration
==============================
Advanced options for CMS signed-data objects
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum SigDataOptions
```
Members
-------
| Member name | Description |
| --------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
| Default | Default option |
| ExcludeCerts | Exclude X.509 certs from output. |
| ExcludeData | Exclude data from output. |
| CertsOnly | Create a "certs-only" PKCS#7 certficate chain. |
| IncludeAttributes | To add signed attributes (default = no signed attributes) including content-type and message-digest plus any more added below. |
| AddSignTime | Add signing time to the signed attributes (requires **IncludeAttributes**). |
| AddSmimeCapabilities | Add S/MIME capabilities to the signed attributes (requires **IncludeAttributes**). |
| AddSigningCertificate | Add an ESS Signing Certificate attribute to the signed attributes (requires **IncludeAttributes**). |
| AddAlgProtection | Add an Algorithm Protection Attribute [RFC6211] to the signed attributes (requires **IncludeAttributes**). |
| FormatBase64 | Create output/expect input in base64 format (default = binary). |
| AddSigner | Add a new signer to an existing SignedData object. |
| PseudoSig | Create/sign a "pseudo" SignedData object with dummy placeholder signature. |
| Pss_SaltLenZero | Use a zero-length salt in an RSA-PSS signature (default = `hLen` the length of the digest output). |
| Mgf1Sha1 | Force the MGF1 hash function to be SHA-1 (RSASSA-PSS only, default = same as encoding hash function). |
| UseSki | Use subjectKeyIdentifier (SKI) instead of issuerAndSerialNumber for SignerIdentifier. |
| NoOuter | Create a "naked" SignedData object with no outerContentInfo as permitted by PKCS#7 v1.6 (specialist option). |
| AltAlgId | Use alternative (non-standard) signature algorithm identifiers, e.g. 'sha1withRSAEncryption' instead of 'rsaEncryption'. |
| BigFile | Use to speed up the processing of large files. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.EncodingConversion Enumeration
==================================
Conversion directions for ByteEncoding.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum EncodingConversion
```
Members
-------
| Member name | Description |
| ---------------- | ------------------------------------------------- |
| Utf8_From_Latin1 | Converts UTF-8-encoded bytes into Latin-1-encoded |
| Latin1_From_Utf8 | Converts Latin-1-encoded bytes into UTF-8-encoded |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Cnv.EndianNess Enumeration
==========================
Byte order.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum EndianNess
```
Members
-------
| Member name | Description |
| ------------ | ---------------------------- |
| BigEndian | Most-significant byte first |
| LittleEndian | Least-significant byte first |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.CurveName Enumeration
=========================
Supported curve names.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum CurveName
```
Members
-------
| Member name | Description |
| --------------- | ------------------------------------------ |
| Secp192r1 | NIST curve P-192 |
| Secp224r1 | NIST curve P-224 |
| Secp256r1 | NIST curve P-256 |
| Secp384r1 | NIST curve P-384 |
| Secp521r1 | NIST curve P-521 |
| Secp256k1 | "Bitcoin" curve |
| P_192 | NIST curve P-192 (synonym for `secp192r1`) |
| P_224 | NIST curve P-256 (synonym for `secp256r1`) |
| P_256 | NIST curve P-224 (synonym for `secp224r1`) |
| P_384 | NIST curve P-384 (synonym for `secp384r1`) |
| P_521 | NIST curve P-521 (synonym for `secp521r1`) |
| Prime192v1 | Alternative name for NIST curve P-192 |
| Prime256v1 | Alternative name for NIST curve P-256 |
| BrainpoolP256r1 | ECC Brainpool curve [RFC5639] |
| BrainpoolP384r1 | ECC Brainpool curve [RFC5639] |
| BrainpoolP512r1 | ECC Brainpool curve [RFC5639] |
| Ed25519 | Safe curve for EdDSA |
| Ed448 | Safe curve for EdDSA |
| X25519 | Safe curve for ECDH |
| X448 | Safe curve for ECDH |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.Format Enumeration
======================
Format for output files.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Format
```
Members
-------
| Member name | Description |
| ----------- | --------------------- |
| Default | Default = binary |
| Binary | Binary DER-encoded |
| PEM | PEM-encoded text file |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.KeyType Enumeration
=======================
Key type for unencrypted key file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum KeyType
```
Members
-------
| Member name | Description |
| ------------------- | ---------------------------------------------------------------------------------------------- |
| Default | Save key in the default format. |
| PrivateKey | Key value represents a private key (use for reading safe curves) |
| PublicKey | Key value represents a public key (use for reading safe curves) |
| Pkcs8PrivateKeyInfo | Save a NIST/SEC curve private key in PKCS#8 `PrivateKeyInfo` format (ignored for a public key) |
| Legacy | Save a safe private key in "legacy" PKCS#8 v1 format (default is v2 OneAsymmetricKey) |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Ecc.PbeScheme Enumeration
=========================
Password-based encryption scheme to encrypt the private key file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum PbeScheme
```
Members
-------
| Member name | Description |
| ------------------------------ | -------------------------------------------------------------------------------------------- |
| Default | Default option (pbeWithSHAAnd3-KeyTripleDES-CBC) |
| PbeWithSHAAnd_KeyTripleDES_CBC | pbeWithSHAAnd3-KeyTripleDES-CBC from PKCS#12 |
| Pbe_Pbkdf2_des_EDE3_CBC | "pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "des-EDE3-CBC" |
| Pbe_Pbkdf2_aes128_CBC | "pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes128-CBC" |
| Pbe_Pbkdf2_aes192_CBC | "pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes192-CBC" |
| Pbe_Pbkdf2_aes256_CBC | "pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes256-CBC" |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
EncodingBase Enumeration
========================
Base for encoding methods
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum EncodingBase
```
Members
-------
| Member name | Description |
| ----------- | ---------------------------------- |
| Base64 | Base64 encoding |
| Base16 | Base16 encoding (i.e. hexadecimal) |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
HashAlgorithm Enumeration
=========================
Message Digest Hash Algorithm
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum HashAlgorithm
```
Members
-------
| Member name | Description |
| ----------- | ---------------------------------------------------------- |
| Sha1 | SHA-1 (as per FIPS PUB 180-4) |
| Md5 | MD5 (as per RFC 1321) [legacy, not recommended] |
| Md2 | MD2 (as per RFC 1319) [legacy, definitely not recommended] |
| Sha256 | SHA-256 (as per FIPS PUB 180-4) |
| Sha384 | SHA-384 (as per FIPS PUB 180-4) |
| Sha512 | SHA-512 (as per FIPS PUB 180-4) |
| Sha224 | SHA-224 (as per FIPS PUB 180-4) |
| Ripemd160 | RIPEMD-160 |
| Bitcoin160 | RIPEMD-160 hash of a SHA-256 hash (`RIPEMD160(SHA256(m))`) |
| Sha3_224 | SHA-3-224 (as per FIPS PUB 202) |
| Sha3_256 | SHA-3-256 (as per FIPS PUB 202) |
| Sha3_384 | SHA-3-384 (as per FIPS PUB 202) |
| Sha3_512 | SHA-3-256 (as per FIPS PUB 202) |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hpke.AeadAlg Enumeration
========================
AEAD functions supported for HPKE
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum AeadAlg
```
Members
-------
| Member name | Description |
| ----------------- | ------------------------------------------------------------------------------- |
| None | No AEAD algorithm. |
| Aes_128_Gcm | Use the AEAD_AES_128_GCM authenticated encryption algorithm from RFC5116. |
| Aes_256_Gcm | Use the AEAD_AES_256_GCM authenticated encryption algorithm from RFC5116. |
| ChaCha20_Poly1305 | Use the AEAD_CHACHA20_POLY1305 authenticated encryption algorithm from RFC8439. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hpke.CurveName Enumeration
==========================
Supported ECDH curves for HPKE
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum CurveName
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------ |
| P_256 | NIST curve P-256 |
| P_384 | NIST curve P-384 |
| P_521 | NIST curve P-521 |
| X25519 | ECDH curve X25519 from RFC7748 |
| X448 | ECDH curve X448 from RFC7748 |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Hpke.OutputOpts Enumeration
===========================
Options to format or re-encode output.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum OutputOpts
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------------------------------------------ |
| Default | Default = output as ephemeral "internal" key string. |
| KeyAsHex | Output key in hex format compatible with test vectors in [RFC9180] |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Kdf.HashAlg Enumeration
=======================
Hash algorithms for KDF
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum HashAlg
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------- |
| Sha1 | SHA-1 (as per FIPS PUB 180-4) |
| Sha256 | SHA-256 (as per FIPS PUB 180-4) |
| Sha384 | SHA-384 (as per FIPS PUB 180-4) |
| Sha512 | SHA-512 (as per FIPS PUB 180-4) |
| Sha224 | SHA-224 (as per FIPS PUB 180-4) |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Kdf.KdfAlg Enumeration
======================
Key derivation functions
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum KdfAlg
```
Members
-------
| Member name | Description |
| ----------- | -------------------------------------------------------- |
| X963 | ANSI-X9.63-KDF key derivation function (default) |
| Hkdf | HMAC-based Key Derivation Function (HKDF) from [RFC5869] |
| Kdf2 | KDF2 from ANSI-X9.44 |
| Kdf3 | KDF3 from ANSI-X9.44 |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Kdf.KeyWrapAlg Enumeration
==========================
Key wrap algorithms for KDF
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum KeyWrapAlg
```
Members
-------
| Member name | Description |
| ----------- | -------------------------------------------- |
| Default | Default for Cms.MakeEnvData only. |
| Cms3DESwrap | Triple-DES Key Wrap algorithm from [RFC3217] |
| Aes128_wrap | AES-128 key wrap from [RFC3394] |
| Aes192_wrap | AES-192 key wrap from [RFC3394] |
| Aes256_wrap | AES-256 key wrap from [RFC3394] |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Mode Enumeration
================
Cipher Mode
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Mode
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------ |
| ECB | Electronic Code Book mode |
| CBC | Cipher Block Chaining mode |
| OFB | Output Feedback mode |
| CFB | Cipher Feedback mode |
| CTR | Counter mode |
| GCM | Galois/Counter mode (AES only) |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Padding Enumeration
===================
Block Cipher Padding
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Padding
```
Members
-------
| Member name | Description |
| ------------ | ----------------------------------------------------------------------------------- |
| Default | Use default padding |
| NoPad | No padding is added |
| Pkcs5 | The padding scheme described in PKCS#5/#7 |
| OneAndZeroes | Pad with 0x80 followed by as many zero bytes necessary to fill the block |
| AnsiX923 | The padding scheme described in ANSI X9.23 |
| W3CPadding | The padding scheme described in W3C https://www.w3.org/TR/xmlenc-core1/#sec-Padding |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Pfx.Options Enumeration
=======================
Specialist options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum Options
```
Members
-------
| Member name | Description |
| ------------- | ------------------------------------------------------------------------------------------------------------------------------ |
| Default | Default options: re-encrypt private key with "TripleDES-SHA1", encrypt certificate with 40-bit RC2, output in DER binary form. |
| Aes256_Sha256 | Override other encryption options and encrypt both the private key and certificate using "AES256-SHA256" |
| FormatPem | Create the output file in PEM format (default is DER-encoded binary). |
| AltFormat | Create a PFX file with the exact peculiarities used by Microsoft (default is OpenSSL). |
| StrongCert | Encrypt the certificate with "stronger" TripleDES-SHA1 (default is "weak" 40-bit RC2). |
| PlainCert | Store the certificate in unencrypted form (default is encrypted with 40-bit RC2). |
| CloneKey | Store the private key in the exact form of the pkcs-8 input file (default is to re-encrypt with Triple DES). |
| DoubleEncrypt | Double-encrypt the private key (specialist option). |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Prf.Alg Enumeration
===================
Pseudorandom function (PRF) algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Alg
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------ |
| Kmac128 | KMAC128 as per NIST SP 800-185 |
| Kmac256 | KMAC256 as per NIST SP 800-185 |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.Options Enumeration
=======================
Rng options
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Options
```
Members
-------
| Member name | Description |
| ----------- | ----------------------------------------------------------- |
| Default | Default option |
| NoIntelDrng | Turn off support for INTEL(R) DRNG for the current session. |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rng.Strength Enumeration
========================
Required security strength for user-prompted entropy
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Strength
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------ |
| Default | Default option |
| Bits_112 | 112 bits of security (default) |
| Bits_128 | 128 bits of security |
| Bits_192 | 192 bits of security |
| Bits_256 | 256 bits of security |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.AdvOptions Enumeration
==========================
Advanced options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum AdvOptions
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------------------------------------------------------------------------------- |
| Default | Default options. |
| Mgf1_Sha1 | Force the MGF hash function to be SHA-1 (OAEP only, default = same as encoding set by [Rsa.HashAlg](#rsa_hashalg_rsa-hashalg)) |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.EME Enumeration
===================
Encoding method for encryption.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum EME
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------ |
| PKCSv1_5 | EME-PKCS1-v1_5 encoding method |
| OAEP | EME-OAEP encoding method |
Remarks
-------
See PKCS#1 v2.2 [[RFC8017](https://tools.ietf.org/html/rfc8017)]
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.Format Enumeration
======================
Format for saved RSA key.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Format
```
Members
-------
| Member name | Description |
| ----------- | ---------------------------------- |
| Default | Default = Binary |
| Binary | Binary DER-encoded |
| PEM | PEM Format |
| SSL | PEM format compatible with OpenSSL |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.HashAlg Enumeration
=======================
Hash function for OAEP encoding.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum HashAlg
```
Members
-------
| Member name | Description |
| ----------- | --------------- |
| Sha1 | SHA-1 (default) |
| Sha256 | SHA-256 |
| Sha384 | SHA-384 |
| Sha512 | SHA-512 |
| Sha224 | SHA-224 |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.PbeOptions Enumeration
==========================
Password-based encryption scheme to be used to encrypt the private key file.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum PbeOptions
```
Members
-------
| Member name | Description |
| ------------------------------ | ------------------------------------------------------------------------------------------------- |
| Default | Default option (pbeWithSHAAnd3-KeyTripleDES-CBC) |
| PbeWithSHAAnd_KeyTripleDES_CBC | pbeWithSHAAnd3-KeyTripleDES-CBC from PKCS#12 |
| Pbe_Pbkdf2_des_EDE3_CBC | "pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "des-EDE3-CBC" |
| Pkcs5PBES2_des_EDE3_CBC | "pkcs5PBES2" with "pkcs5PBKDF2" and "des-EDE3-CBC" [Synonym retained for backwards compatibility] |
| Pbe_Pbkdf2_aes128_CBC | "pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes128-CBC" |
| Pbe_Pbkdf2_aes192_CBC | "pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes192-CBC" |
| Pbe_Pbkdf2_aes256_CBC | "pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes256-CBC" |
| PbeWithMD5AndDES_CBC | pbeWithMD5AndDES-CBC [legacy, not recommended for new implementations] |
| PbeWithMD2AndDES_CBC | pbeWithMD2AndDES-CBC [legacy, not recommended for new implementations] |
| PbeWithSHA1AndDES_CBC | pbeWithSHA1AndDES-CBC [legacy, not recommended for new implementations] |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.PublicExponent Enumeration
==============================
Choices for public exponent (e)
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum PublicExponent
```
Members
-------
| Member name | Description |
| ------------ | -------------------------------- |
| Exp_EQ_3 | Set exponent equal to 3 (F0) |
| Exp_EQ_5 | Set exponent equal to 5 (F1) |
| Exp_EQ_17 | Set exponent equal to 17 (F2) |
| Exp_EQ_257 | Set exponent equal to 257 (F3) |
| Exp_EQ_65537 | Set exponent equal to 65537 (F4) |
Remarks
-------
Fermat Number F(x) = 2^(2^x) + 1. F0 to F4 are prime.
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Rsa.XmlOptions Enumeration
==========================
Options when converting between internal RSA key and XML.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum XmlOptions
```
Members
-------
| Member name | Description |
| -------------------- | -------------------------------------------------------------------- |
| ForceRSAKeyValue | Create XML in .NET-compatible RSAKeyValue format (ToXML only) |
| ExcludePrivateParams | Exclude private key parameters |
| RequirePrivate | Require private key to exist in the XML input or fail (FromXML only) |
| HexBinaryFormat | Create XML in non-standard hex format (ToXML only) |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Sig.Encoding Enumeration
========================
Encodings for signature output.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Encoding
```
Members
-------
| Member name | Description |
| ----------- | ---------------------------------------------------------- |
| Default | Default encoding (base64) |
| Base64 | Base64 encoding (default) |
| Base16 | Base16 encoding (i.e. hexadecimal) |
| Base64url | URL-safe base64 encoding as in section 5 of [[RFC4648](https://tools.ietf.org/html/rfc4648)] |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Sig.SigOptions Enumeration
==========================
Specialist options for signatures.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum SigOptions
```
Members
-------
| Member name | Description |
| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| Default | Use default options for signature. |
| PssSaltLenHlen | RSA-PSS only: Set the salt length to `hLen`, the length of the output of the hash function [default]. |
| UseDeterministic | ECDSA only: Use the deterministic digital signature generation procedure of [[RFC6979](https://tools.ietf.org/html/rfc6979)] for ECDSA signature [default=random k]. |
| Asn1DERStructure | ECDSA only: Form ECDSA signature value as a DER-encoded ASN.1 structure [default=`r||s`]. |
| PssSaltLenMax | RSA-PSS only: Set the salt length to the maximum possible (like OpenSSL). |
| PssSaltLen20 | RSA-PSS only: Set the salt length to be exactly 20 bytes regardless of the hash algorithm. |
| PssSaltLenZero | RSA-PSS only: Set the salt length to be zero. |
| Mgf1Sha1 | RSA-PSS only: Force the MGF hash function to be SHA-1 [default = same as signature hash algorithm] |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Sig.VerifyOpts Enumeration
==========================
Specialist options for verifying a signature.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum VerifyOpts
```
Members
-------
| Member name | Description |
| ----------- | -------------------------------------------------------------------------------------------------- |
| Default | Use default options. |
| Mgf1Sha1 | RSA-PSS only: Force the MGF hash function to be SHA-1 [default = same as signature hash algorithm] |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
SigAlgorithm Enumeration
========================
Signature algorithm
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum SigAlgorithm
```
Members
-------
| Member name | Description |
| -------------- | -------------------------------------------------------------------------------- |
| Default | Use default signature algorithm [rsa-sha1/sha1WithRSAEncryption] |
| Rsa_Sha1 | Use sha1WithRSAEncryption (rsa-sha1) signature algorithm [default] |
| Rsa_Md5 | Use md5WithRSAEncryption (rsa-md5) signature algorithm [legacy, not recommended] |
| Rsa_Sha256 | Use sha256WithRSAEncryption (rsa-sha256) signature algorithm |
| Rsa_Sha384 | Use sha384WithRSAEncryption (rsa-sha384) signature algorithm |
| Rsa_Sha512 | Use sha512WithRSAEncryption (rsa-sha512) signature algorithm |
| Rsa_Sha224 | Use sha224WithRSAEncryption (rsa-sha224) signature algorithm |
| Ecdsa_Sha1 | Use ecdsaWithSHA1 (ecdsa-sha1) signature algorithm |
| Ecdsa_Sha224 | Use ecdsaWithSHA224 (ecdsa-sha224) signature algorithm |
| Ecdsa_Sha256 | Use ecdsaWithSHA256 (ecdsa-sha256) signature algorithm |
| Ecdsa_Sha384 | Use ecdsaWithSHA384 (ecdsa-sha384) signature algorithm |
| Ecdsa_Sha512 | Use ecdsaWithSHA512 (ecdsa-sha512) signature algorithm |
| Rsa_Pss_Sha1 | Use RSA-PSS signature algorithm with SHA-1 |
| Rsa_Pss_Sha256 | Use RSA-PSS signature algorithm with SHA-256 |
| Rsa_Pss_Sha384 | Use RSA-PSS signature algorithm with SHA-384 |
| Rsa_Pss_Sha512 | Use RSA-PSS signature algorithm with SHA-512 |
| Rsa_Pss_Sha224 | Use RSA-PSS signature algorithm with SHA-224 |
| Ed25519 | Use Ed25519 signature algorithm |
| Ed448 | Use Ed448 signature algorithm |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Smime.Options Enumeration
=========================
Options for S/MIME methods
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum Options
```
Members
-------
| Member name | Description |
| ------------ | ------------------------------------------------------------------------------- |
| Default | Default options |
| EncodeBase64 | Encode output in base64 |
| EncodeBinary | Encode body in binary encoding |
| AddX | Add an "x-" to the content subtype (for compatibility with legacy applications) |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Wipe.Options Enumeration
========================
Wipe options.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Options
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------------------------------------------- |
| Default | Default options (DOD 7-pass) |
| Dod7Pass | DOD 7-pass (default) |
| Simple | Overwrite with single pass of zero bytes (quicker but less secure). |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CertOptions Enumeration
============================
Options to create X.509 certificate.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum CertOptions
```
Members
-------
| Member name | Description |
| ------------------- | ------------------------------------------------------------------------------------------------------ |
| Default | Default options |
| Ecdsa_Deterministic | Use the deterministic digital signature generation procedure of [[RFC6979](https://tools.ietf.org/html/rfc6979)] for an ECDSA signature. |
| FormatPem | Create in PEM-encoded text file [default = binary DER-encoded] |
| Pss_SaltLenZero | Use a zero-length salt in an RSA-PSS signature [default = `hLen` the length of the digest output] |
| UTF8String | Encode distinguished name as UTF8String [default = PrintableString] |
| AuthKeyId | Add the issuer's KeyIdentifier, if present, as an AuthorityKeyIdentifer [default = do not add] |
| NoBasicConstraints | Disable the BasicConstraints extension [default = include] |
| SetAsCA | Set the BasicConstraints subject type to be a CA [default = End Entity] |
| VersionOne | Create a Version 1 certificate, i.e. no extensions [default = Version 3] |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CrlOptions Enumeration
===========================
Options to create Certificate Revocation List (CRL)
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum CrlOptions
```
Members
-------
| Member name | Description |
| ------------------- | ------------------------------------------------------------------------------------------------------ |
| Default | Default options |
| Ecdsa_Deterministic | Use the deterministic digital signature generation procedure of [[RFC6979](https://tools.ietf.org/html/rfc6979)] for an ECDSA signature. |
| FormatPem | Create in PEM-encoded text file [default = binary DER-encoded] |
| Pss_SaltLenZero | Use a zero-length salt in an RSA-PSS signature [default = `hLen` the length of the digest output] |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.CsrOptions Enumeration
===========================
Options to create PKCS#10 certificate signing request (CSR)
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum CsrOptions
```
Members
-------
| Member name | Description |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
| Default | Default options |
| Ecdsa_Deterministic | Use the deterministic digital signature generation procedure of [[RFC6979](https://tools.ietf.org/html/rfc6979)] for an ECDSA signature. |
| FormatBinary | Create in binary format [default = PEM-encoded text file] |
| RequestKludge | Create a request with the "kludge" that omits the strictly mandatory attributes completely [default = include attributes with zero-length field] |
| Pss_SaltLenZero | Use a zero-length salt in an RSA-PSS signature [default = `hLen` the length of the digest output] |
| UTF8String | Encode distinguished name as UTF8String [default = PrintableString] |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.KeyUsageOptions Enumeration
================================
Options for key usage in certificate
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum KeyUsageOptions
```
Members
-------
| Member name | Description |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------- |
| None | Key usage extension is not included. |
| DigitalSignature | subject public key is used for verifying digital signatures. |
| NonRepudiation | subject public key is used to verify digital signatures used to provide a non-repudiation service. |
| KeyEncipherment | subject public key is used for enciphering private or secret keys, i.e., for key transport. |
| DataEncipherment | subject public key is used for directly enciphering raw user data (uncommon). |
| KeyAgreement | subject public key is used for key agreement. |
| KeyCertSign | subject public key is used for verifying signatures on public key certificates. |
| CrlSign | subject public key is used for verifying signatures on certificate revocation lists. |
| EncipherOnly | subject public key may be used only for enciphering data while performing key agreement (only if keyAgreement bit is also set). |
| DecipherOnly | subject public key may be used only for deciphering data while performing key agreement (only if keyAgreement bit is also set). |
Remarks
-------
Reference: [[RFC5280](https://tools.ietf.org/html/rfc5280)] s4.2.1.3 Key Usage
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
X509.OutputOpts Enumeration
===========================
Options to format or re-encode output.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
[FlagsAttribute]
public enum OutputOpts
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------------------------------------------------------------ |
| Default | Default options |
| Ldap | Output distinguished name in LDAP string representation. |
| Decimal | Output serial number in decimal format [default = hex]. |
| Latin1 | Encode distinguished name in Latin-1 encoding, if possible. |
| Unicode | Output distinguished name in Unicode character set (UTF-8 or UTF-16 as appropriate). |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
Xof.Alg Enumeration
===================
eXtendable-Output Function (XOF) algorithm.
**Namespace:** CryptoSysPKI
**Assembly:** diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)
Syntax
------
```csharp
public enum Alg
```
Members
-------
| Member name | Description |
| ----------- | ------------------------------ |
| Shake128 | SHAKE128 (as per FIPS PUB 202) |
| Shake256 | SHAKE256 (as per FIPS PUB 202) |
| Mgf1_Sha1 | MGF1-SHA-1 (as per PKCS#1) |
| Mgf1_Sha256 | MGF1-SHA-256 (as per PKCS#1) |
| Mgf1_Sha512 | MGF1-SHA-512 (as per PKCS#1) |
See Also
--------
[CryptoSysPKI Namespace](#cryptosyspki-namespace)
***
Created: 2025-10-20 20:04:01
Copyright (C) 2025 D.I. Management Services Pty Ltd t/a CryptoSys [https://cryptosys.net](https://cryptosys.net)