CryptoSys PKI Class Library 22.1.0

Classes | Methods | Enumerations | Index
CryptoSysPKI Namespace

A .NET interface to CryptoSys PKI.

Classes

Methods

Asn1 Class Methods

Cipher Class Methods

Cms Class Methods

Cnv Class Methods

Compr Class Methods

Ecc Class Methods

General Class Methods

Hash Class Methods

Hmac Class Methods

Hpke Class Methods

Kdf Class Methods

Ocsp Class Methods

Pbe Class Methods

Pem Class Methods

Pfx Class Methods

Prf Class Methods

Pwd Class Methods

Rng Class Methods

Rsa Class Methods

Sig Class Methods

Smime Class Methods

Tdea Class Methods

Wipe Class Methods

X509 Class Methods

Xof Class Methods

Asn1.TextDump Method

Dump details of an ASN.1 formatted data file to a text file.

Syntax

[C#]
public static int TextDump(
	string outputFile,
	string fileOrPEMString,
	Asn1.Options options
)
[VB.NET]
Public Shared Function TextDump ( _
	outputFile As String, _
	fileOrPEMString As String, _
	options As Asn1.Options _
) As Integer

Parameters

outputFile
Filename of text file to be created
fileOrPEMString
Filename of ASN.1 formatted data file to be analyzed (or a string containing its base64 or PEM representation)
options
Type: Asn1.Options
Option flags (optional)

Return Value

Zero if successful; otherwise it returns an error code

Asn1.TextDumpToString Method

Dump details of ASN.1 formatted data to a string.

Syntax

[C#]
public static string TextDumpToString(
	string fileOrPEMString,
	Asn1.Options options
)
[VB.NET]
Public Shared Function TextDumpToString ( _
	fileOrPEMString As String, _
	options As Asn1.Options _
) As String

Parameters

fileOrPEMString
Filename of ASN.1 formatted data file to be analyzed (or a string containing its base64 or PEM representation)
options
Type: Asn1.Options
Option flags: set as zero for defaults.

Return Value

String containing the output.

Remarks

This function creates a temporary file in the system TEMP directory. This file is locked and is automatically deleted after use.

Asn1.Type Method

Describe the type of ASN.1 data.

Syntax

[C#]
public static string Type(
	string fileOrPEMString
)
[VB.NET]
Public Shared Function Type ( _
	fileOrPEMString As String _
) As String

Parameters

fileOrPEMString
Filename of ASN.1 formatted data file to be analyzed (or a string containing its base64 or PEM representation)

Return Value

String containing the name of the type of ASN.1 data or the empty string if not found

Cipher.BlockBytes Method

Return the block size in bytes for a given cipher algorithm.

Syntax

[C#]
public static int BlockBytes(
	CipherAlgorithm alg
)
[VB.NET]
Public Shared Function BlockBytes ( _
	alg As CipherAlgorithm _
) As Integer

Parameters

alg
Type: CipherAlgorithm
Cipher algorithm

Return Value

Block size in bytes

Cipher.Decrypt Method (Byte[], Byte[], Byte[], CipherAlgorithm, Mode)

Decrypt data block in byte array.

Syntax

[C#]
public static byte[] Decrypt(
	byte[] input,
	byte[] key,
	byte[] iv,
	CipherAlgorithm cipherAlg,
	Mode mode
)
[VB.NET]
Public Shared Function Decrypt ( _
	input As Byte(), _
	key As Byte(), _
	iv As Byte(), _
	cipherAlg As CipherAlgorithm, _
	mode As Mode _
) As Byte()

Parameters

input
Input data to be decrypted
key
Key of exact length for block cipher algorithm
iv
Initialization Vector (IV) of exactly the block size or null for ECB mode
cipherAlg
Type: CipherAlgorithm
Cipher algorithm
mode
Type: Mode
Cipher mode

Return Value

Decrypted data in byte array or empty array on error

Remarks

For ECB and CBC modes, input data length must be an exact multiple of the block length.

Cipher.Decrypt Method (Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)

Decrypt data in a byte array using the specified block cipher algorithm, mode and padding.

Syntax

[C#]
public static byte[] Decrypt(
	byte[] input,
	byte[] key,
	byte[] iv,
	CipherAlgorithm cipherAlg,
	Mode mode,
	Padding pad,
	Cipher.Opts opts
)
[VB.NET]
Public Shared Function Decrypt ( _
	input As Byte(), _
	key As Byte(), _
	iv As Byte(), _
	cipherAlg As CipherAlgorithm, _
	mode As Mode, _
	pad As Padding, _
	opts As Cipher.Opts _
) As Byte()

Parameters

input
Input data to be decrypted
key
Key of exact length for block cipher algorithm
iv
Initialization Vector (IV) of exactly the block size, or null for ECB mode or if IV is prefixed.
cipherAlg
Type: CipherAlgorithm
Cipher algorithm
mode
Type: Mode
Cipher mode
pad
Type: Padding
Padding method to use
opts
Type: Cipher.Opts
Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended to the input.

Return Value

Decrypted plaintext in byte array or empty array on error

Remarks

Default padding is Pkcs5 for ECB and CBC mode and NoPad for all other modes. It is an error if the specified padding is not found after decryption.

Cipher.Decrypt Method (String, String, String, CipherAlgorithm, Mode)

Decrypt data block as hex-encoded string.

Syntax

[C#]
public static string Decrypt(
	string inputHex,
	string keyHex,
	string ivHex,
	CipherAlgorithm cipherAlg,
	Mode mode
)
[VB.NET]
Public Shared Function Decrypt ( _
	inputHex As String, _
	keyHex As String, _
	ivHex As String, _
	cipherAlg As CipherAlgorithm, _
	mode As Mode _
) As String

Parameters

inputHex
Hex-encoded input data
keyHex
Hex-encoded key representing exact key length
ivHex
Hex-encoded IV representing exact block length or "" for ECB mode
cipherAlg
Type: CipherAlgorithm
Cipher Algorithm
mode
Type: Mode
Cipher Mode

Return Value

Decrypted plaintext in hex-encoded string or empty string on error

Remarks

For ECB and CBC modes, input data length must represent an exact multiple of the block length.

Cipher.Decrypt Method (String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)

Decrypt hex-encoded data using specified block cipher algorithm, mode and padding.

Syntax

[C#]
public static string Decrypt(
	string inputHex,
	string keyHex,
	string ivHex,
	CipherAlgorithm cipherAlg,
	Mode mode,
	Padding pad,
	Cipher.Opts opts
)
[VB.NET]
Public Shared Function Decrypt ( _
	inputHex As String, _
	keyHex As String, _
	ivHex As String, _
	cipherAlg As CipherAlgorithm, _
	mode As Mode, _
	pad As Padding, _
	opts As Cipher.Opts _
) As String

Parameters

inputHex
Hex-encoded input data
keyHex
Hex-encoded key representing exact key length
ivHex
Hex-encoded IV representing exact block length, or "" for ECB mode or if IV is prefixed.
cipherAlg
Type: CipherAlgorithm
Cipher Algorithm
mode
Type: Mode
Cipher Mode
pad
Type: Padding
Padding method to use
opts
Type: Cipher.Opts
Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended to the input.

Return Value

Decrypted plaintex in hex-encoded string or empty string on error

Remarks

Input data may be any even number of hex characters, but not zero. Default padding is Pkcs5 for ECB and CBC mode and NoPad for all other modes.

Cipher.DecryptAEAD Method (Byte[], Byte[], Byte[], AeadAlgorithm)

Decrypt data using the AES-GCM authenticated encryption algorithm.

Syntax

[C#]
public static byte[] DecryptAEAD(
	byte[] input,
	byte[] key,
	byte[] iv,
	AeadAlgorithm aeadAlg
)
[VB.NET]
Public Shared Function DecryptAEAD ( _
	input As Byte(), _
	key As Byte(), _
	iv As Byte(), _
	aeadAlg As AeadAlgorithm _
) As Byte()

Parameters

input
Input data to be decrypted.
key
Key of exact length for algorithm (16, 24 or 32 bytes).
iv
Initialization Vector (IV) (aka nonce) exactly 12 bytes long.
aeadAlg
Type: AeadAlgorithm
Authenticated encryption algorithm.

Return Value

Plaintext in a byte array, or empty array on error (an empty array may also be the correct result - check General.ErrorCode for details).

Remarks

The input must include the 16-byte tag appended to the ciphertext. The output will be exactly 16 bytes shorter than the input. In all cases the IV must be exactly 12 bytes (96 bits) and the tag must be exactly 16 bytes (128 bits).

Cipher.DecryptAEAD Method (Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts)

Decrypt data using the AES-GCM authenticated encryption algorithm with AAD and options.

Syntax

[C#]
public static byte[] DecryptAEAD(
	byte[] input,
	byte[] key,
	byte[] iv,
	byte[] aad,
	AeadAlgorithm aeadAlg,
	Cipher.Opts opts
)
[VB.NET]
Public Shared Function DecryptAEAD ( _
	input As Byte(), _
	key As Byte(), _
	iv As Byte(), _
	aad As Byte(), _
	aeadAlg As AeadAlgorithm, _
	opts As Cipher.Opts _
) As Byte()

Parameters

input
Input data to be decrypted.
key
Key of exact length for algorithm (16, 24 or 32 bytes).
iv
Initialization Vector (IV) (aka nonce) exactly 12 bytes long, if not provided in input.
aad
Additional authenticated data (optional) - set as null to ignore.
aeadAlg
Type: AeadAlgorithm
Authenticated encryption algorithm.
opts
Type: Cipher.Opts
Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended at the start of the input.

Return Value

Plaintext in a byte array, or empty array on error (an empty array may also be the correct result - check General.ErrorCode for details).

Remarks

The input must include the 16-byte tag appended to the ciphertext and may include a 12-byte prefixed IV. The output will either be exactly 16 bytes shorter than the input, or exactly 28 bytes shorter if the Cipher.Opts.PrefixIV option is used. In all cases the IV must be exactly 12 bytes (96 bits) and the tag must be exactly 16 bytes (128 bits). If additional authentication data (AAD) was provided during encryption then the exact same AAD data must be provided here.

Cipher.Encrypt Method (Byte[], Byte[], Byte[], CipherAlgorithm, Mode)

Encrypt data block in byte array.

Syntax

[C#]
public static byte[] Encrypt(
	byte[] input,
	byte[] key,
	byte[] iv,
	CipherAlgorithm cipherAlg,
	Mode mode
)
[VB.NET]
Public Shared Function Encrypt ( _
	input As Byte(), _
	key As Byte(), _
	iv As Byte(), _
	cipherAlg As CipherAlgorithm, _
	mode As Mode _
) As Byte()

Parameters

input
Input data to be encrypted
key
Key of exact length for block cipher algorithm
iv
Initialization Vector (IV) of exactly the block size or null for ECB mode
cipherAlg
Type: CipherAlgorithm
Cipher algorithm
mode
Type: Mode
Cipher mode

Return Value

Ciphertext in byte array or empty array on error

Remarks

For ECB and CBC modes, input data length must be an exact multiple of the block length.

Cipher.Encrypt Method (Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)

Encrypt data in a byte array using the specified block cipher algorithm, mode and padding.

Syntax

[C#]
public static byte[] Encrypt(
	byte[] input,
	byte[] key,
	byte[] iv,
	CipherAlgorithm cipherAlg,
	Mode mode,
	Padding pad,
	Cipher.Opts opts
)
[VB.NET]
Public Shared Function Encrypt ( _
	input As Byte(), _
	key As Byte(), _
	iv As Byte(), _
	cipherAlg As CipherAlgorithm, _
	mode As Mode, _
	pad As Padding, _
	opts As Cipher.Opts _
) As Byte()

Parameters

input
Input data to be encrypted
key
Key of exact length for block cipher algorithm
iv
Initialization Vector (IV) of exactly the block size or null for ECB mode.
cipherAlg
Type: CipherAlgorithm
Cipher algorithm
mode
Type: Mode
Cipher mode
pad
Type: Padding
Padding method to use
opts
Type: Cipher.Opts
Advanced options. Use Cipher.Opts.PrefixIV to prepend the IV to the output.

Return Value

Ciphertext in byte array or empty array on error

Remarks

Default padding is Pkcs5 for ECB and CBC mode and NoPad for all other modes.

Cipher.Encrypt Method (String, String, String, CipherAlgorithm, Mode)

Encrypt data block as hex-encoded string.

Syntax

[C#]
public static string Encrypt(
	string inputHex,
	string keyHex,
	string ivHex,
	CipherAlgorithm cipherAlg,
	Mode mode
)
[VB.NET]
Public Shared Function Encrypt ( _
	inputHex As String, _
	keyHex As String, _
	ivHex As String, _
	cipherAlg As CipherAlgorithm, _
	mode As Mode _
) As String

Parameters

inputHex
Hex-encoded input data
keyHex
Hex-encoded key representing exact key length
ivHex
Hex-encoded IV representing exact block length or "" for ECB mode
cipherAlg
Type: CipherAlgorithm
Cipher algorithm
mode
Type: Mode
Cipher mode

Return Value

Ciphertext in hex-encoded string or empty string on error

Remarks

For ECB and CBC modes, input data length must be an exact multiple of the block length.

Cipher.Encrypt Method (String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)

Encrypt hex-encoded data using specified block cipher algorithm, mode and padding.

Syntax

[C#]
public static string Encrypt(
	string inputHex,
	string keyHex,
	string ivHex,
	CipherAlgorithm cipherAlg,
	Mode mode,
	Padding pad,
	Cipher.Opts opts
)
[VB.NET]
Public Shared Function Encrypt ( _
	inputHex As String, _
	keyHex As String, _
	ivHex As String, _
	cipherAlg As CipherAlgorithm, _
	mode As Mode, _
	pad As Padding, _
	opts As Cipher.Opts _
) As String

Parameters

inputHex
Hex-encoded input data
keyHex
Hex-encoded key representing exact key length
ivHex
Hex-encoded IV representing exact block length or "" for ECB mode
cipherAlg
Type: CipherAlgorithm
Cipher Algorithm
mode
Type: Mode
Cipher Mode
pad
Type: Padding
Padding method to use (optional)
opts
Type: Cipher.Opts
Advanced options. Use Cipher.Opts.PrefixIV to prepend the IV to the output.

Return Value

Encrypted ciphertext in hex-encoded string or empty string on error

Remarks

Input data may be any even number of hex characters, but not zero. Default padding is Pkcs5 for ECB and CBC mode and NoPad for all other modes.

Cipher.EncryptAEAD Method (Byte[], Byte[], Byte[], AeadAlgorithm)

Encrypt data using the AES-GCM authenticated encryption algorithm.

Syntax

[C#]
public static byte[] EncryptAEAD(
	byte[] input,
	byte[] key,
	byte[] iv,
	AeadAlgorithm aeadAlg
)
[VB.NET]
Public Shared Function EncryptAEAD ( _
	input As Byte(), _
	key As Byte(), _
	iv As Byte(), _
	aeadAlg As AeadAlgorithm _
) As Byte()

Parameters

input
Input data to be encrypted.
key
Key of exact length for algorithm (16, 24 or 32 bytes).
iv
Initialization Vector (IV) (aka nonce) exactly 12 bytes long.
aeadAlg
Type: AeadAlgorithm
Authenticated encryption algorithm.

Return Value

Ciphertext with tag appended in a byte array, or empty array on error.

Remarks

The output will be exactly 16 bytes longer than the input.

Cipher.EncryptAEAD Method (Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts)

Encrypt data using the AES-GCM authenticated encryption algorithm with AAD and options.

Syntax

[C#]
public static byte[] EncryptAEAD(
	byte[] input,
	byte[] key,
	byte[] iv,
	byte[] aad,
	AeadAlgorithm aeadAlg,
	Cipher.Opts opts
)
[VB.NET]
Public Shared Function EncryptAEAD ( _
	input As Byte(), _
	key As Byte(), _
	iv As Byte(), _
	aad As Byte(), _
	aeadAlg As AeadAlgorithm, _
	opts As Cipher.Opts _
) As Byte()

Parameters

input
Input data to be encrypted.
key
Key of exact length for algorithm (16, 24 or 32 bytes).
iv
Initialization Vector (IV) (aka nonce) exactly 12 bytes long.
aad
Additional authenticated data (optional) - set as null to ignore.
aeadAlg
Type: AeadAlgorithm
Authenticated encryption algorithm.
opts
Type: Cipher.Opts
Advanced options. Use Cipher.Opts.PrefixIV to prepend the 12-byte IV to the output

Return Value

Ciphertext with tag appended in a byte array, or empty array on error.

Remarks

The output will either be exactly 16 bytes longer than the input, or exactly 28 bytes longer if Cipher.Opts.PrefixIV is used.

Cipher.FileDecrypt Method (String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)

Decrypt a file.

Syntax

[C#]
public static int FileDecrypt(
	string fileOut,
	string fileIn,
	byte[] key,
	byte[] iv,
	CipherAlgorithm cipherAlg,
	Mode mode,
	Padding pad,
	Cipher.Opts opts
)
[VB.NET]
Public Shared Function FileDecrypt ( _
	fileOut As String, _
	fileIn As String, _
	key As Byte(), _
	iv As Byte(), _
	cipherAlg As CipherAlgorithm, _
	mode As Mode, _
	pad As Padding, _
	opts As Cipher.Opts _
) As Integer

Parameters

fileOut
Name of output file to be created or overwritten
fileIn
Name of input file
key
Key of of exact length for block cipher algorithm
iv
Initialization Vector (IV) of exactly the block size, or null for ECB mode or if IV is prefixed.
cipherAlg
Type: CipherAlgorithm
Cipher Algorithm
mode
Type: Mode
Cipher Mode
pad
Type: Padding
Padding method to use (optional, ECB and CBC modes only, default=Pkcs5)
opts
Type: Cipher.Opts
Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended to the input.

Return Value

0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same

Cipher.FileDecrypt Method (String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)

Decrypt a file passing key and IV as hex strings.

Syntax

[C#]
public static int FileDecrypt(
	string fileOut,
	string fileIn,
	string keyHex,
	string ivHex,
	CipherAlgorithm cipherAlg,
	Mode mode,
	Padding pad,
	Cipher.Opts opts
)
[VB.NET]
Public Shared Function FileDecrypt ( _
	fileOut As String, _
	fileIn As String, _
	keyHex As String, _
	ivHex As String, _
	cipherAlg As CipherAlgorithm, _
	mode As Mode, _
	pad As Padding, _
	opts As Cipher.Opts _
) As Integer

Parameters

fileOut
Name of output file to be created or overwritten
fileIn
Name of input file, in binary format.
keyHex
Hex-encoded key of exact length
ivHex
Hex-encoded IV, or "" for ECB mode or if IV is prefixed.
cipherAlg
Type: CipherAlgorithm
Cipher Algorithm
mode
Type: Mode
Cipher Mode
pad
Type: Padding
Padding method to use (optional, ECB and CBC modes only, default=Pkcs5)
opts
Type: Cipher.Opts
Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended to the input.

Return Value

0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same. The output file is in binary format.

Cipher.FileEncrypt Method (String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts)

Encrypt a file.

Syntax

[C#]
public static int FileEncrypt(
	string fileOut,
	string fileIn,
	byte[] key,
	byte[] iv,
	CipherAlgorithm cipherAlg,
	Mode mode,
	Padding pad,
	Cipher.Opts opts
)
[VB.NET]
Public Shared Function FileEncrypt ( _
	fileOut As String, _
	fileIn As String, _
	key As Byte(), _
	iv As Byte(), _
	cipherAlg As CipherAlgorithm, _
	mode As Mode, _
	pad As Padding, _
	opts As Cipher.Opts _
) As Integer

Parameters

fileOut
Name of output file to be created or overwritten
fileIn
Name of input file
key
Key of of exact length for block cipher algorithm
iv
Initialization Vector (IV) of exactly the block size or null for ECB mode
cipherAlg
Type: CipherAlgorithm
Cipher Algorithm
mode
Type: Mode
Cipher Mode
pad
Type: Padding
Padding method to use (optional, ECB and CBC modes only, default=Pkcs5)
opts
Type: Cipher.Opts
Advanced options. Use Cipher.Opts.PrefixIV to prepend the IV to the output.

Return Value

0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same

Cipher.FileEncrypt Method (String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts)

Encrypt a file passing key and IV as hex strings.

Syntax

[C#]
public static int FileEncrypt(
	string fileOut,
	string fileIn,
	string keyHex,
	string ivHex,
	CipherAlgorithm cipherAlg,
	Mode mode,
	Padding pad,
	Cipher.Opts opts
)
[VB.NET]
Public Shared Function FileEncrypt ( _
	fileOut As String, _
	fileIn As String, _
	keyHex As String, _
	ivHex As String, _
	cipherAlg As CipherAlgorithm, _
	mode As Mode, _
	pad As Padding, _
	opts As Cipher.Opts _
) As Integer

Parameters

fileOut
Name of output file to be created or overwritten
fileIn
Name of input file, in binary format.
keyHex
Hex-encoded key of exact length
ivHex
Hex-encoded IV or "" for ECB mode
cipherAlg
Type: CipherAlgorithm
Cipher Algorithm
mode
Type: Mode
Cipher Mode
pad
Type: Padding
Padding method to use (optional, ECB and CBC modes only, default=Pkcs5)
opts
Type: Cipher.Opts
Advanced options. Use Cipher.Opts.PrefixIV to prepend the IV to the output.

Return Value

0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same. The output file is in binary format.

Cipher.KeyBytes Method

Return the key size in bytes for a given cipher algorithm.

Syntax

[C#]
public static int KeyBytes(
	CipherAlgorithm alg
)
[VB.NET]
Public Shared Function KeyBytes ( _
	alg As CipherAlgorithm _
) As Integer

Parameters

alg
Type: CipherAlgorithm
Cipher algorithm

Return Value

Key size in bytes

Cipher.KeyUnwrap Method

Unwrap (decrypt) key material with a key-encryption key.

Syntax

[C#]
public static byte[] KeyUnwrap(
	byte[] data,
	byte[] kek,
	CipherAlgorithm cipherAlg
)
[VB.NET]
Public Shared Function KeyUnwrap ( _
	data As Byte(), _
	kek As Byte(), _
	cipherAlg As CipherAlgorithm _
) As Byte()

Parameters

data
Wrapped key
kek
Key encryption key
cipherAlg
Type: CipherAlgorithm
Block cipher to use for wrapping

Return Value

Unwrapped key material (or empty array on error)

Cipher.KeyWrap Method

Wrap (encrypt) key material with a key-encryption key.

Syntax

[C#]
public static byte[] KeyWrap(
	byte[] data,
	byte[] kek,
	CipherAlgorithm cipherAlg
)
[VB.NET]
Public Shared Function KeyWrap ( _
	data As Byte(), _
	kek As Byte(), _
	cipherAlg As CipherAlgorithm _
) As Byte()

Parameters

data
Key material to be wrapped
kek
Key encryption key
cipherAlg
Type: CipherAlgorithm
Block cipher to use for wrapping

Return Value

Wrapped key (or empty array on error)

Cipher.Pad Method (Byte[], CipherAlgorithm, Padding)

Pad byte array to correct length for ECB and CBC encryption.

Syntax

[C#]
public static byte[] Pad(
	byte[] input,
	CipherAlgorithm cipherAlg,
	Padding pad
)
[VB.NET]
Public Shared Function Pad ( _
	input As Byte(), _
	cipherAlg As CipherAlgorithm, _
	pad As Padding _
) As Byte()

Parameters

input
Data to be padded
cipherAlg
Type: CipherAlgorithm
Block cipher being used
pad
Type: Padding
Padding method to use (default is PKCS#5/#7)

Return Value

Padded data in byte array

Cipher.Pad Method (String, CipherAlgorithm, Padding)

Pad hex-encoded string to correct length for ECB and CBC encryption.

Syntax

[C#]
public static string Pad(
	string inputHex,
	CipherAlgorithm cipherAlg,
	Padding pad
)
[VB.NET]
Public Shared Function Pad ( _
	inputHex As String, _
	cipherAlg As CipherAlgorithm, _
	pad As Padding _
) As String

Parameters

inputHex
Hex-encoded data to be padded
cipherAlg
Type: CipherAlgorithm
Block cipher being used
pad
Type: Padding
Padding method to use (default is PKCS#5/#7)

Return Value

Padded data in hex-encoded string

Cipher.Unpad Method (Byte[], CipherAlgorithm, Padding)

Remove padding from an encryption block.

Syntax

[C#]
public static byte[] Unpad(
	byte[] input,
	CipherAlgorithm cipherAlg,
	Padding pad
)
[VB.NET]
Public Shared Function Unpad ( _
	input As Byte(), _
	cipherAlg As CipherAlgorithm, _
	pad As Padding _
) As Byte()

Parameters

input
Padded data
cipherAlg
Type: CipherAlgorithm
Block cipher being used
pad
Type: Padding
Padding method to use (default is PKCS#5/#7)

Return Value

Unpadded data in byte array.

Remarks

Unless pad is NoPad, the unpadded output is always shorter than the padded input. An error is indicated by returning the original data. If the output length equals the input length, then error.

Cipher.Unpad Method (String, CipherAlgorithm, Padding)

Remove padding from a hex-encoded encryption block.

Syntax

[C#]
public static string Unpad(
	string inputHex,
	CipherAlgorithm cipherAlg,
	Padding pad
)
[VB.NET]
Public Shared Function Unpad ( _
	inputHex As String, _
	cipherAlg As CipherAlgorithm, _
	pad As Padding _
) As String

Parameters

inputHex
Hex-encoded padded data
cipherAlg
Type: CipherAlgorithm
Block cipher being used
pad
Type: Padding
Padding method to use (default is PKCS#5/#7)

Return Value

Unpadded data in hex-encoded string.

Remarks

Unless pad is NoPad, the unpadded output is always shorter than the padded input. An error is indicated by returning the original data. If the output length equals the input length, then error.

Cms.GetSigDataDigest Method

Extract the message digest from a signed-data CMS object file and verify the signature.

Syntax

[C#]
public static string GetSigDataDigest(
	string inputFile,
	string certFile
)
[VB.NET]
Public Shared Function GetSigDataDigest ( _
	inputFile As String, _
	certFile As String _
) As String

Parameters

inputFile
name of file containing CMS signed-data object
certFile
an (optional) X.509 certificate file to be used to identify the signer

Return Value

Hash value in hex format or an empty string if error

Remarks

If no certificate is given, it will use the first valid SignerInfo and certificate pair it finds in the SignedData. RSASSA-PKCS1V1_5 only.

Cms.GetSigHashAlgorithm Method

Find ID of message digest hash algorithm used to make signature.

Syntax

[C#]
public static int GetSigHashAlgorithm(
	string inputFile,
	string certFile
)
[VB.NET]
Public Shared Function GetSigHashAlgorithm ( _
	inputFile As String, _
	certFile As String _
) As Integer

Parameters

inputFile
name of file containing CMS signed-data object
certFile
an (optional) X.509 certificate file to be used to identify the signer

Return Value

0=SHA-1, 1=MD5, 2=MD2, 3=SHA-256, 4=SHA-384, 5=SHA-512, 6=SHA-224; or a negative error code

Remarks

This method returns an integer ID number. Alternatively, use Cms.QuerySigData(inputFile, "digestAlgorithm") to get the name directly as a string, e.g. "sha1". See QuerySigData(String, String)

Cms.MakeComprData Method

Create a new CMS compressed-data file (.p7z) from an existing input file.

Syntax

[C#]
public static int MakeComprData(
	string outputFile,
	string inputFile
)
[VB.NET]
Public Shared Function MakeComprData ( _
	outputFile As String, _
	inputFile As String _
) As Integer

Parameters

outputFile
Output file to be created
inputFile
Input data file

Return Value

Zero if successful; otherwise it returns a non-zero error code

Cms.MakeDetachedSig Method

Create a "detached signature" CMS signed-data object file from a message digest of the content (advanced algorithms).

Syntax

[C#]
public static int MakeDetachedSig(
	string outputFile,
	string hexDigest,
	string certList,
	string privateKey,
	HashAlgorithm hashAlg,
	Cms.SigDataOptions advOptions
)
[VB.NET]
Public Shared Function MakeDetachedSig ( _
	outputFile As String, _
	hexDigest As String, _
	certList As String, _
	privateKey As String, _
	hashAlg As HashAlgorithm, _
	advOptions As Cms.SigDataOptions _
) As Integer

Parameters

outputFile
name of output file to be created
hexDigest
string containing message digest in hex format
certList
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
privateKey
Private key data for the sender.
hashAlg
Type: HashAlgorithm
Message digest algorithm to be used in signature [default=SHA-1]
advOptions
Type: Cms.SigDataOptions
Advanced option flags. See Cms.SigDataOptions.

Return Value

Zero if successful; otherwise it returns an error code

Remarks

RSASSA-PKCS1V1_5 only.

Cms.MakeEnvData Method (String, String, String, CipherAlgorithm, Cms.EnvDataOptions)

Create a CMS enveloped-data object (default recipient parameters).

Syntax

[C#]
public static int MakeEnvData(
	string outputFile,
	string inputFile,
	string certList,
	CipherAlgorithm cipherAlg,
	Cms.EnvDataOptions advOptions
)
[VB.NET]
Public Shared Function MakeEnvData ( _
	outputFile As String, _
	inputFile As String, _
	certList As String, _
	cipherAlg As CipherAlgorithm, _
	advOptions As Cms.EnvDataOptions _
) As Integer

Parameters

outputFile
Name of output file to be created.
inputFile
Input data file.
certList
List of recipient X.509 certificate filename(s), separated by semi-colons (;). Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).
cipherAlg
Type: CipherAlgorithm
Content encryption algorithm [default=Triple DES].
advOptions
Type: Cms.EnvDataOptions
Advanced options. See Cms.EnvDataOptions.

Return Value

Number of successful recipients or a negative error code.

Cms.MakeEnvData Method (String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)

Create a CMS enveloped-data object (advanced options).

Syntax

[C#]
public static int MakeEnvData(
	string outputFile,
	string inputFile,
	string certList,
	CipherAlgorithm cipherAlg,
	Cms.KeyEncrAlgorithm keyEncrAlg,
	HashAlgorithm hashAlg,
	Cms.EnvDataOptions advOptions,
	Kdf.KdfAlg kdfAlg,
	Kdf.KeyWrapAlg keyWrapAlg,
	string keyString,
	int count,
	Cms.ContentEncrAlg contEncrAlg
)
[VB.NET]
Public Shared Function MakeEnvData ( _
	outputFile As String, _
	inputFile As String, _
	certList As String, _
	cipherAlg As CipherAlgorithm, _
	keyEncrAlg As Cms.KeyEncrAlgorithm, _
	hashAlg As HashAlgorithm, _
	advOptions As Cms.EnvDataOptions, _
	kdfAlg As Kdf.KdfAlg, _
	keyWrapAlg As Kdf.KeyWrapAlg, _
	keyString As String, _
	count As Integer, _
	contEncrAlg As Cms.ContentEncrAlg _
) As Integer

Parameters

outputFile
Name of output file to be created.
inputFile
Input data file.
certList
List of one or more recipient X.509 certificate filenames, separated by semicolons (;). A certificate's representation in base64 or as a PEM string may be used instead of a filename. Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).

Special cases: Set as "type=@pwri" to create a single recipientInfo of the PasswordRecipientInfo (pwri) type; or set as "type=@kekri,keyid=<string>" to create a single recipientInfo of the KEKRecipientInfo (kekri) type. See Remarks.

cipherAlg
Type: CipherAlgorithm
Content encryption algorithm [default=Triple DES]. Deprecated: use contEncrAlg.
keyEncrAlg
Type: Cms.KeyEncrAlgorithm
Key encryption algorithm for ktri type [default=RSAES-PKCS-v1_5)]
hashAlg
Type: HashAlgorithm
Hash function for RSAES-OAEP or ECDH KDF or pwri PBKDF2, if required. Must be one of the SHA-* family [default=SHA-1]
advOptions
Type: Cms.EnvDataOptions
Advanced options. See Cms.EnvDataOptions.
kdfAlg
Type: Kdf.KdfAlg
Key derivation function (KDF) for ECDH key agreement scheme (where applicable)
keyWrapAlg
Type: Kdf.KeyWrapAlg
Key wrap algorithm for ECDH key agreement scheme or kekri type (default=match content encryption algorithm)
keyString
(formerly ukmString) Use to pass optional additional user key material (ukm) for KDF where KeyAgreement (kari) type is used. Or use to pass the password for a pwri type or the key encryption key (KEK) for a kekri type. Either pass a plain ASCII string, e.g. "abc" or use the format "#x<hex-digits>" to pass a string of arbitrary octet values, e.g. "#xdeadbeef01" to pass the 5 bytes 0xde,0xad,0xbe,0xef,0x01. Required for pwri and kekri types.
count
Optional iteration count for KDF in pwri type (default=4096) or tag length for AuthEnvelopedData (in range 12-16, default=16). Otherwise ignored.
contEncrAlg
Type: Cms.ContentEncrAlg
Alternative way to specify content encryption algorithm with more options. Takes precedence over cipherAlg.

Return Value

Number of successful recipients or a negative error code.

Remarks

The output is a file containing a CMS EnvelopedData object or AuthEnvelopedData object. New in [v22.0] use the preferred contEncrAlg parameter to specify the content-encryption algorithm rather than cipherAlg. If a list of certificates is passed in certList, the recipientInfo type is set automatically depending on the public key found in each certificate, one for each certificate. If the public key is RSA (rsaEncryption) then the key transport technique (ktri) will be used for that particular recipientInfo. If the public key is a supported ECC key, then the standard ECDH ephemeral-static key agreement technique (kari) will be used as per [RFC5753] and [RFC8418].

If certList is set to "type=@pwri" then a single recipientInfo will be created of PasswordRecipientInfo type (pwri). The password must be passed in the keyString parameter. The parameters keyEncrAlg, kdfAlg and keyWrapAlg are ignored in this case. If certList is set to "type=@kekri,keyid=<string>" then a single recipientInfo will be created of KEKRecipientInfo type (kekri). The key encryption key (KEK) must be passed in the keyString parameter. The parameters keyEncrAlg, hashAlg and kdfAlg are ignored in this case.

Example

[C#]
// Create an enveloped CMS object (ktri type) to Bob using Bob's RSA key
n = Cms.MakeEnvData("cms2bob_aes128.p7m", "excontent.txt", "BobRSASignByCarl.cer", CipherAlgorithm.Aes128, Cms.KeyEncrAlgorithm.Rsa_Oaep);

// Create an enveloped CMS object (kekri type) using a previously distributed symmetric key-encryption key (KEK) 
n = Cms.MakeEnvData("cms_envdata_kekri.p7m", "excontent.txt", "type=@kekri,keyid=ourcommonkey", CipherAlgorithm.Aes256, 
        hashAlg: HashAlgorithm.Sha256, keyWrapAlg:Kdf.KeyWrapAlg.Aes128_wrap, keyString: "#x0123456789ABCDEFF0E1D2C3B4A59687");

Cms.MakeEnvDataFromBytes Method

Create a CMS enveloped-data object from data in a byte array.

Syntax

[C#]
public static int MakeEnvDataFromBytes(
	string outputFile,
	byte[] inputData,
	string certList,
	CipherAlgorithm cipherAlg,
	Cms.KeyEncrAlgorithm keyEncrAlg,
	HashAlgorithm hashAlg,
	Cms.EnvDataOptions advOptions,
	Kdf.KdfAlg kdfAlg,
	Kdf.KeyWrapAlg keyWrapAlg,
	string keyString,
	int count,
	Cms.ContentEncrAlg contEncrAlg
)
[VB.NET]
Public Shared Function MakeEnvDataFromBytes ( _
	outputFile As String, _
	inputData As Byte(), _
	certList As String, _
	cipherAlg As CipherAlgorithm, _
	keyEncrAlg As Cms.KeyEncrAlgorithm, _
	hashAlg As HashAlgorithm, _
	advOptions As Cms.EnvDataOptions, _
	kdfAlg As Kdf.KdfAlg, _
	keyWrapAlg As Kdf.KeyWrapAlg, _
	keyString As String, _
	count As Integer, _
	contEncrAlg As Cms.ContentEncrAlg _
) As Integer

Parameters

outputFile
Output file to be created
inputData
Input data.
certList
List of one or more recipient X.509 certificate filenames, separated by semicolons (;). A certificate's representation in base64 or as a PEM string may be used instead of a filename. Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).

Special cases: Set as "type=@pwri" to create a single recipientInfo of the PasswordRecipientInfo (pwri) type; or set as "type=@kekri,keyid=<string>" to create a single recipientInfo of the KEKRecipientInfo (kekri) type. See Remarks.

cipherAlg
Type: CipherAlgorithm
Content encryption algorithm [default=Triple DES]. Deprecated: use contEncrAlg.
keyEncrAlg
Type: Cms.KeyEncrAlgorithm
Key encryption algorithm for ktri type [default=RSAES-PKCS-v1_5)]
hashAlg
Type: HashAlgorithm
Hash function for RSAES-OAEP or ECDH KDF or pwri PBKDF2, if required. Must be one of the SHA-* family [default=SHA-1]
advOptions
Type: Cms.EnvDataOptions
Advanced options. See Cms.EnvDataOptions.
kdfAlg
Type: Kdf.KdfAlg
Key derivation function (KDF) for ECDH key agreement scheme (where applicable)
keyWrapAlg
Type: Kdf.KeyWrapAlg
Key wrap algorithm for ECDH key agreement scheme or kekri type (default=match content encryption algorithm)
keyString
(formerly ukmString) Use to pass optional additional user key material (ukm) for KDF where KeyAgreement (kari) type is used. Or use to pass the password for a pwri type or the key encryption key (KEK) for a kekri type. Either pass a plain ASCII string, e.g. "abc" or use the format "#x<hex-digits>" to pass a string of arbitrary octet values, e.g. "#xdeadbeef01" to pass the 5 bytes 0xde,0xad,0xbe,0xef,0x01. Required for pwri and kekri types.
count
Optional iteration count for KDF in pwri type (default=4096) or tag length for AuthEnvelopedData (in range 12-16, default=16). Otherwise ignored.
contEncrAlg
Type: Cms.ContentEncrAlg
Alternative way to specify content encryption algorithm with more options. Takes precedence over cipherAlg.

Return Value

Number of successful recipients or negative error code

Remarks

See remarks for MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)

Cms.MakeEnvDataFromString Method (String, String, String, CipherAlgorithm, Cms.EnvDataOptions)

Create a CMS enveloped-data object from an ASCII string (default recipient parameters).

Syntax

[C#]
public static int MakeEnvDataFromString(
	string outputFile,
	string inputData,
	string certList,
	CipherAlgorithm cipherAlg,
	Cms.EnvDataOptions advOptions
)
[VB.NET]
Public Shared Function MakeEnvDataFromString ( _
	outputFile As String, _
	inputData As String, _
	certList As String, _
	cipherAlg As CipherAlgorithm, _
	advOptions As Cms.EnvDataOptions _
) As Integer

Parameters

outputFile
Output file to be created
inputData
Input data string, expected plain ASCII text.
certList
List of recipient X.509 certificate filename(s), separated by semi-colons (;). Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).
cipherAlg
Type: CipherAlgorithm
Content encryption algorithm [default=Triple DES]
advOptions
Type: Cms.EnvDataOptions
Advanced options. See Cms.EnvDataOptions.

Return Value

Number of successful recipients or negative error code

Cms.MakeEnvDataFromString Method (String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)

Create a CMS enveloped-data object from an ASCII string (advanced options).

Syntax

[C#]
public static int MakeEnvDataFromString(
	string outputFile,
	string inputData,
	string certList,
	CipherAlgorithm cipherAlg,
	Cms.KeyEncrAlgorithm keyEncrAlg,
	HashAlgorithm hashAlg,
	Cms.EnvDataOptions advOptions,
	Kdf.KdfAlg kdfAlg,
	Kdf.KeyWrapAlg keyWrapAlg,
	string keyString,
	int count,
	Cms.ContentEncrAlg contEncrAlg
)
[VB.NET]
Public Shared Function MakeEnvDataFromString ( _
	outputFile As String, _
	inputData As String, _
	certList As String, _
	cipherAlg As CipherAlgorithm, _
	keyEncrAlg As Cms.KeyEncrAlgorithm, _
	hashAlg As HashAlgorithm, _
	advOptions As Cms.EnvDataOptions, _
	kdfAlg As Kdf.KdfAlg, _
	keyWrapAlg As Kdf.KeyWrapAlg, _
	keyString As String, _
	count As Integer, _
	contEncrAlg As Cms.ContentEncrAlg _
) As Integer

Parameters

outputFile
Output file to be created
inputData
Input data string, expected plain ASCII text.
certList
List of recipient X.509 certificate filename(s), separated by semi-colons (;). Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).

Special cases: Set as "type=@pwri" to create a single recipientInfo of the PasswordRecipientInfo type (pwri); or set as "type=@kekri,keyid=<string>" to create a single recipientInfo of the KEKRecipientInfo type (kekri). See Remarks.

cipherAlg
Type: CipherAlgorithm
Content encryption algorithm [default=Triple DES]. Deprecated: use contEncrAlg.
keyEncrAlg
Type: Cms.KeyEncrAlgorithm
Key encryption algorithm [default=rsaEncryption)]
hashAlg
Type: HashAlgorithm
Hash function for RSAES-OAEP or ECDH KDF or PBKDF2 for pwri, if required. Must be one of the SHA-* family [default=SHA-1]
advOptions
Type: Cms.EnvDataOptions
Advanced options. See Cms.EnvDataOptions.
kdfAlg
Type: Kdf.KdfAlg
Key derivation function (KDF) for ECDH key agreement scheme (where applicable)
keyWrapAlg
Type: Kdf.KeyWrapAlg
Key wrap algorithm for ECDH key agreement scheme (default=match content encryption algorithm)
keyString
(formerly ukmString) Use to pass optional additional user key material (ukm) for KDF where KeyAgreement (kari) type is used. Or use to pass the password for a pwri type or the key encryption key (KEK) for a kekri type. Either pass a plain ASCII string, e.g. "abc" or use the format "#x<hex-digits>" to pass a string of arbitrary octet values, e.g. "#xdeadbeef01" to pass the 5 bytes 0xde,0xad,0xbe,0xef,0x01. Optional for kari types but required for pwri and kekri types.
count
Optional iteration count for KDF in pwri type (default=4096) or tag length for AuthEnvelopedData (in range 12-16, default=16). Otherwise ignored.
contEncrAlg
Type: Cms.ContentEncrAlg
Alternative way to specify content encryption algorithm with more options. Takes precedence over cipherAlg.

Return Value

Number of successful recipients or negative error code

Remarks

See remarks for MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)

Cms.MakeSigData Method (String, String, String, String, Cms.SigAlg, Cms.SigDataOptions)

Create a CMS object of type SignedData from an input data file (advanced options including RSA-PSS).

Syntax

[C#]
public static int MakeSigData(
	string outputFile,
	string inputFile,
	string certList,
	string privateKey,
	Cms.SigAlg sigAlg,
	Cms.SigDataOptions advOptions
)
[VB.NET]
Public Shared Function MakeSigData ( _
	outputFile As String, _
	inputFile As String, _
	certList As String, _
	privateKey As String, _
	sigAlg As Cms.SigAlg, _
	advOptions As Cms.SigDataOptions _
) As Integer

Parameters

outputFile
name of output file to be created
inputFile
name of file containing message data to be signed
certList
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
privateKey
private key data for the sender
sigAlg
Type: Cms.SigAlg
Signature algorithm.
advOptions
Type: Cms.SigDataOptions
Advanced option flags. See Cms.SigDataOptions.

Return Value

Zero if successful; otherwise it returns an error code

Example

[C#]
StringBuilder sbPrivateKey = Rsa.ReadPrivateKey("AlicePrivRSASign.p8e", "password");
string fnameOutput = "BasicSignByAlice.bin";
string fnameInput = "excontent.txt";
string fnameCert = "AliceRSASignByCarl.cer";
int n = Cms.MakeSigData(fnameOutput, fnameInput, fnameCert, sbPrivateKey.ToString(), Cms.SigAlg.Default, 0);

Cms.MakeSigData Method (String, String, String, String, HashAlgorithm, Cms.SigDataOptions)

Create a CMS object of type SignedData from an input data file using RSASSA-PKCS1V1_5 with options.

Syntax

[C#]
public static int MakeSigData(
	string outputFile,
	string inputFile,
	string certList,
	string privateKey,
	HashAlgorithm hashAlg,
	Cms.SigDataOptions advOptions
)
[VB.NET]
Public Shared Function MakeSigData ( _
	outputFile As String, _
	inputFile As String, _
	certList As String, _
	privateKey As String, _
	hashAlg As HashAlgorithm, _
	advOptions As Cms.SigDataOptions _
) As Integer

Parameters

outputFile
name of output file to be created
inputFile
name of file containing message data to be signed
certList
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
privateKey
private key data for the sender
hashAlg
Type: HashAlgorithm
Message digest algorithm to be used in signature [default=SHA-1].
advOptions
Type: Cms.SigDataOptions
Advanced option flags. See Cms.SigDataOptions.

Return Value

Zero if successful; otherwise it returns an error code

Remarks

RSASSA-PKCS1V1_5 only.

Cms.MakeSigDataFromBytes Method

Create a CMS object of type SignedData from an array of bytes.

Syntax

[C#]
public static int MakeSigDataFromBytes(
	string outputFile,
	byte[] inputData,
	string certList,
	string privateKey,
	Cms.SigAlg sigAlg,
	Cms.SigDataOptions advOptions
)
[VB.NET]
Public Shared Function MakeSigDataFromBytes ( _
	outputFile As String, _
	inputData As Byte(), _
	certList As String, _
	privateKey As String, _
	sigAlg As Cms.SigAlg, _
	advOptions As Cms.SigDataOptions _
) As Integer

Parameters

outputFile
name of output file to be created.
inputData
message data to be signed in a byte array.
certList
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
privateKey
Private key data for the sender.
sigAlg
Type: Cms.SigAlg
Signature algorithm.
advOptions
Type: Cms.SigDataOptions
Advanced option flags. See Cms.SigDataOptions.

Return Value

Zero if successful; otherwise it returns an error code

Cms.MakeSigDataFromPseudo Method

Create a SignedData object from a "pseudo" object.

Syntax

[C#]
public static int MakeSigDataFromPseudo(
	string outputFile,
	string inputPseudoFile,
	byte[] sigValue,
	Cms.Format format
)
[VB.NET]
Public Shared Function MakeSigDataFromPseudo ( _
	outputFile As String, _
	inputPseudoFile As String, _
	sigValue As Byte(), _
	format As Cms.Format _
) As Integer

Parameters

outputFile
Name of output file to be created.
inputPseudoFile
Input "pseudo" file with dummy placeholder signature.
sigValue
Signature value computed by external service.
format
Type: Cms.Format
Output format (default = binary)

Return Value

Zero if successful; otherwise it returns an error code

Remarks

RSASSA-PKCS1V1_5 only.

Cms.MakeSigDataFromSigValue Method

Create a CMS object of type SignedData using a pre-computed signature (advanced algorithms).

Syntax

[C#]
public static int MakeSigDataFromSigValue(
	string outputFile,
	byte[] sigValue,
	byte[] contentData,
	string certList,
	HashAlgorithm hashAlg,
	Cms.SigDataOptions advOptions
)
[VB.NET]
Public Shared Function MakeSigDataFromSigValue ( _
	outputFile As String, _
	sigValue As Byte(), _
	contentData As Byte(), _
	certList As String, _
	hashAlg As HashAlgorithm, _
	advOptions As Cms.SigDataOptions _
) As Integer

Parameters

outputFile
name of output file to be created
sigValue
signature value
contentData
string containing content data that has been signed
certList
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
hashAlg
Type: HashAlgorithm
Message digest algorithm to be used in signature [default=SHA-1]
advOptions
Type: Cms.SigDataOptions
Advanced option flags. See Cms.SigDataOptions.

Return Value

Zero if successful; otherwise it returns an error code

Remarks

RSASSA-PKCS1V1_5 only.

Cms.MakeSigDataFromString Method (String, String, String, String, Cms.SigAlg, Cms.SigDataOptions)

Create a CMS object of type SignedData from an input string (advanced options including RSA-PSS).

Syntax

[C#]
public static int MakeSigDataFromString(
	string outputFile,
	string inputData,
	string certList,
	string privateKey,
	Cms.SigAlg sigAlg,
	Cms.SigDataOptions advOptions
)
[VB.NET]
Public Shared Function MakeSigDataFromString ( _
	outputFile As String, _
	inputData As String, _
	certList As String, _
	privateKey As String, _
	sigAlg As Cms.SigAlg, _
	advOptions As Cms.SigDataOptions _
) As Integer

Parameters

outputFile
name of output file to be created
inputData
string containing message data to be signed
certList
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
privateKey
private key data for the sender
sigAlg
Type: Cms.SigAlg
Signature algorithm.
advOptions
Type: Cms.SigDataOptions
Advanced option flags. See Cms.SigDataOptions.

Return Value

Zero if successful; otherwise it returns an error code

Cms.MakeSigDataFromString Method (String, String, String, String, HashAlgorithm, Cms.SigDataOptions)

Create a CMS object of type SignedData from an input string using RSASSA-PKCS1V1_5 with options.

Syntax

[C#]
public static int MakeSigDataFromString(
	string outputFile,
	string inputData,
	string certList,
	string privateKey,
	HashAlgorithm hashAlg,
	Cms.SigDataOptions advOptions
)
[VB.NET]
Public Shared Function MakeSigDataFromString ( _
	outputFile As String, _
	inputData As String, _
	certList As String, _
	privateKey As String, _
	hashAlg As HashAlgorithm, _
	advOptions As Cms.SigDataOptions _
) As Integer

Parameters

outputFile
name of output file to be created
inputData
string containing message data to be signed
certList
filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
privateKey
private key data for the sender
hashAlg
Type: HashAlgorithm
Message digest algorithm to be used in signature [default=SHA-1]
advOptions
Type: Cms.SigDataOptions
Advanced option flags. See Cms.SigDataOptions.

Return Value

Zero if successful; otherwise it returns an error code

Remarks

RSASSA-PKCS1V1_5 only.

Cms.QueryEnvData Method

Query a CMS enveloped-data object file for selected information.

Syntax

[C#]
public static string QueryEnvData(
	string inputFile,
	string query
)
[VB.NET]
Public Shared Function QueryEnvData ( _
	inputFile As String, _
	query As String _
) As String

Parameters

inputFile
file containing CMS enveloped-data object
query
Query string (case insensitive)

Return Value

String containing the result or an empty string if not found or error.

Remarks

Valid queries are:

"version" envelopedData CMSVersion (edVer) value, e.g. "0".
"recipientInfoVersion" recipientInfo version (riVer) value.
"recipientInfoType" Type of recipientInfo, e.g. ktri, kari, ...
"CountOfRecipientInfos" Number of RecipientInfos included in the data.
"recipientIssuerName" Distinguished Name of recipient's certificate issuer.
"recipientSerialNumber" serialNumber of recipient's certificate in hex format
"keyEncryptionAlgorithm" keyEncryptionAlgorithm, e.g. "rsaEncryption".
"keyEncryptionFlags" Bit flags used for the key encryption algorithm (ktri only).
"SizeOfEncryptedKey" Size (in bytes) of the EncryptedKey.
"encryptedKey" EncryptedKey value encoded in hex.
"oaepParams" Parameters used for RSA-OAEP (if applicable).
"keyWrapAlgorithm" Key wrap algorithm, e.g. "aes128-wrap" (kari and kekri only).
"originatorKeyAlgorithm" OriginatorPublicKey algorithm, e.g. "ecPublicKey" (kari only).
"originatorPublicKey" OriginatorPublicKey publicKey value encoded in hex (kari only).
"keyid" keyIdentifier for KEKRecipientInfo (kekri) type.
"contentEncryptionAlgorithm" contentEncryptionAlgorithm, e.g. "des-EDE3-CBC".
"SizeOfEncryptedContent" Size (in bytes) of the EncryptedContent.
"encryptedContent" EncryptedContent encoded in hex.
"iv" Initialization vector encoded in hex.
By default, the function queries the first recipientInfo in the file. To query the Nth recipientInfo append "/N" to the query string, e.g. "recipientInfoVersion/2" to find the version number of the second recipientInfo in the file.

Cms.QuerySigData Method

Query a CMS signed-data object for selected information.

Syntax

[C#]
public static string QuerySigData(
	string inputFile,
	string query
)
[VB.NET]
Public Shared Function QuerySigData ( _
	inputFile As String, _
	query As String _
) As String

Parameters

inputFile
file containing CMS signed-data object
query
Query string (case insensitive)

Return Value

String containing the result or an empty string if not found or error.

Remarks

Valid queries are:

"version" signedData version (sdVer) value, e.g. "1".
"eContentType" ContentType of the EncapsulatedContentInfo, e.g. "data".
"HASeContent" "1" if eContent is present; "0" if not.
"CountOfCertificates" Number of certificates included in the data.
"CountOfSignerInfos" Number of SignerInfos included in the data.
"signerInfoVersion" signerInfo version (siVer) value.
"digestAlgorithm" digestAlgorithm, e.g. "sha1".
"signatureAlgorithm" signatureAlgorithm, e.g. "rsaEncryption".
"signatureValue" Signature value encoded in hex.
"HASsignedAttributes" "1" if signedAttributes (authenticatedAttributes) are present; "0" if not.
"DigestOfSignedAttrs" Computed digest over signed attributes, if present, using digestAlgorithm.
"DigestOfeContent" Computed digest over eContent, if present, using digestAlgorithm.
"signingTime" signingTime attribute in format "2005-12-31 23:30:59"
"messageDigest" messageDigest attribute in hexadecimal format, if present
"pssParams" Parameters used for RSA-PSS (if applicable).
"HASsigningCertificate" "1" if an ESS signingCertificate is present; "0" if not.
"signingCertHash" certHash value of ESS signing certificate, if present, encoded in hex.
"HASalgorithmProtection" "1" if a cmsAlgorithmProtection attribute is present; "0" if not.
By default, the function queries the first signerInfo in the file. To query the Nth signerInfo append "/N" to the query string, e.g. "signerInfoVersion/2" to find the version number of the second signerInfo in the file.

Cms.ReadComprData Method

Read and extract the decompressed contents of a CMS compressed-data file.

Syntax

[C#]
public static int ReadComprData(
	string outputFile,
	string inputFile,
	Cms.ComprDataOptions opts
)
[VB.NET]
Public Shared Function ReadComprData ( _
	outputFile As String, _
	inputFile As String, _
	opts As Cms.ComprDataOptions _
) As Integer

Parameters

outputFile
Output file to be created
inputFile
Input data file
opts
Type: Cms.ComprDataOptions
Options [default=inflate contents]

Return Value

If successful the return value is the number of bytes in the output file; otherwise it returns a non-zero error code

Cms.ReadEnvDataToBytes Method

Read and decrypt a CMS enveloped-data object to a byte array.

Syntax

[C#]
public static byte[] ReadEnvDataToBytes(
	string inputFile,
	string x509File,
	string privateKey
)
[VB.NET]
Public Shared Function ReadEnvDataToBytes ( _
	inputFile As String, _
	x509File As String, _
	privateKey As String _
) As Byte()

Parameters

inputFile
Name of file containing CMS enveloped-data object (binary or base64-encoded) or the data as a base64 or PEM string.
x509File
(optional) filename of the recipient's X.509 certificate.
privateKey
Internal representation of private key.

Return Value

Decrypted content in a byte array, or empty array on error.

Example

[C#]
// Read in content to a byte array
byte[] b = Cms.ReadEnvDataToBytes(inputFile, "", privateKey);
// Convert to a .NET string (assuming UTF-8 encoded)
string s = System.Text.Encoding.UTF8.GetString(b);

Cms.ReadEnvDataToFile Method

Read and decrypt a CMS enveloped-data object to a file.

Syntax

[C#]
public static int ReadEnvDataToFile(
	string outputFile,
	string inputFile,
	string x509File,
	string privateKey,
	Cms.ReadOptions opts
)
[VB.NET]
Public Shared Function ReadEnvDataToFile ( _
	outputFile As String, _
	inputFile As String, _
	x509File As String, _
	privateKey As String, _
	opts As Cms.ReadOptions _
) As Integer

Parameters

outputFile
Name of output file to be created.
inputFile
Name of file containing CMS enveloped-data object (binary or base64-encoded) or the data as a base64 or PEM string.
x509File
(optional) filename of the recipient's X.509 certificate.
privateKey
Internal representation of private key.
opts
Type: Cms.ReadOptions
Use Cms.ReadOptions for faster handling of large files (binary only).

Return Value

Zero if successful; otherwise it returns an error code.

Cms.ReadEnvDataToString Method

Read and decrypt a CMS enveloped-data object to a string.

Syntax

[C#]
public static string ReadEnvDataToString(
	string inputFile,
	string x509File,
	string privateKey
)
[VB.NET]
Public Shared Function ReadEnvDataToString ( _
	inputFile As String, _
	x509File As String, _
	privateKey As String _
) As String

Parameters

inputFile
Name of file containing CMS enveloped-data object (binary or base64-encoded) or the data as a base64 or PEM string.
x509File
(optional) filename of the recipient's X.509 certificate
privateKey
Internal representation of private key.

Return Value

Decrypted content in a string or empty string on error.

Remarks

Use this only when the decrypted text is known to be plain ASCII text, otherwise use ReadEnvDataToBytes.

Cms.ReadSigDataToBytes Method

Read the content from a CMS signed-data object directly into a byte array.

Syntax

[C#]
public static byte[] ReadSigDataToBytes(
	string inputFile
)
[VB.NET]
Public Shared Function ReadSigDataToBytes ( _
	inputFile As String _
) As Byte()

Parameters

inputFile
Name of file containing CMS signed-data object (binary or base64-encoded) or the data as a base64 or PEM string.

Return Value

Byte array containing the content or a zero-length array if error.

Remarks

Use this if the content contains non-ASCII characters, e.g. UTF-8 encoded.

Example

[C#]
// Read in content to a byte array
byte[] b = Cms.ReadSigDataToBytes(inputFile);
// Convert to a .NET string (assumed UTF-8 encoded)
string s = System.Text.Encoding.UTF8.GetString(b);

Cms.ReadSigDataToFile Method

Read the content from a CMS signed-data object file.

Syntax

[C#]
public static int ReadSigDataToFile(
	string outputFile,
	string inputFile,
	Cms.ReadOptions opts
)
[VB.NET]
Public Shared Function ReadSigDataToFile ( _
	outputFile As String, _
	inputFile As String, _
	opts As Cms.ReadOptions _
) As Integer

Parameters

outputFile
file to receive content
inputFile
Name of file containing CMS signed-data object (binary or base64-encoded) or the data as a base64 or PEM string.
opts
Type: Cms.ReadOptions
Option flags: set as zero for defaults.

Return Value

If successful, the return value is a positive number indicating the number of bytes in the content; otherwise it returns a negative error code.

Cms.ReadSigDataToString Method

Read the content from a CMS signed-data object directly into a string.

Syntax

[C#]
public static string ReadSigDataToString(
	string inputFile
)
[VB.NET]
Public Shared Function ReadSigDataToString ( _
	inputFile As String _
) As String

Parameters

inputFile
Name of file containing CMS signed-data object (binary or base64-encoded) or the data as a base64 or PEM string.

Return Value

String containing the content or an empty string if error

Cms.VerifySigData Method

Verify the signature and content of a signed-data CMS object file.

Syntax

[C#]
public static int VerifySigData(
	string inputFile,
	string certFile,
	string hexDigest,
	Cms.SigDataOptions advOptions
)
[VB.NET]
Public Shared Function VerifySigData ( _
	inputFile As String, _
	certFile As String, _
	hexDigest As String, _
	advOptions As Cms.SigDataOptions _
) As Integer

Parameters

inputFile
file containing CMS signed-data object
certFile
an (optional) X.509 certificate file of the signer
hexDigest
(optional) digest of eContent to be verified (use for "detached-signature" form)
advOptions
Type: Cms.SigDataOptions
Use for BigFile option, otherwise ignored

Return Value

Zero if successfully verified; otherwise it returns a non-zero error code

Cnv.Base64Filter Method

Filter non-base64 characters from a string.

Syntax

[C#]
public static string Base64Filter(
	string s
)
[VB.NET]
Public Shared Function Base64Filter ( _
	s As String _
) As String

Parameters

s
String to be filtered

Return Value

Filtered string

Remarks

Valid base64 characters are [0-9A-Za-z+/=]

Cnv.Base64FromHex Method

Convert hexadecimal-encoded data into base64-encoded data.

Syntax

[C#]
public static string Base64FromHex(
	string s
)
[VB.NET]
Public Shared Function Base64FromHex ( _
	s As String _
) As String

Parameters

s
Hex-encoded data

Return Value

Base64-encoded data

Cnv.ByteEncoding Method

Convert encoding of byte array between UTF-8 and Latin-1.

Syntax

[C#]
public static byte[] ByteEncoding(
	byte[] data,
	Cnv.EncodingConversion direction
)
[VB.NET]
Public Shared Function ByteEncoding ( _
	data As Byte(), _
	direction As Cnv.EncodingConversion _
) As Byte()

Parameters

data
Input data to be converted
direction
Type: Cnv.EncodingConversion
Direction of conversion

Return Value

Converted data (or empty array on error)

Remarks

Converting UTF-8 from Latin-1 assumes the input is from the 8-bit Latin-1 character set and so will always produce output that is valid UTF-8. However, for Latin-1 from UTF-8, the input must contain a valid sequence of UTF-8-encoded bytes and this must be convertible to a single-byte character set, or an error will be returned.

Cnv.CheckUTF8 Method

Check that a byte array contains only valid UTF-8 encoded characters.

Syntax

[C#]
public static int CheckUTF8(
	byte[] b
)
[VB.NET]
Public Shared Function CheckUTF8 ( _
	b As Byte() _
) As Integer

Parameters

b
input byte array to check

Return Value

Zero if the encoded bytes is invalid UTF-8, or a positive number if the input contains valid UTF-8 data, where the value of the number indicates the nature of the encoded characters:

0Not valid UTF-8
1Valid UTF-8, all chars are 7-bit ASCII
2Valid UTF-8, contains at least one multi-byte character equivalent to 8-bit ANSI
3Valid UTF-8, contains at least one multi-byte character that cannot be represented in a single-byte character set

Remarks

'Overlong' UTF-8 sequences and illegal surrogates are rejected as invalid.

Cnv.CheckUTF8File Method

Check that a file contains only valid UTF-8 encoded characters.

Syntax

[C#]
public static int CheckUTF8File(
	string fileName
)
[VB.NET]
Public Shared Function CheckUTF8File ( _
	fileName As String _
) As Integer

Parameters

fileName
name of file to check

Return Value

Zero if the encoded bytes is invalid UTF-8, or a positive number if the input contains valid UTF-8 data, where the value of the number indicates the nature of the encoded characters:

0Not valid UTF-8
1Valid UTF-8, all chars are 7-bit ASCII
2Valid UTF-8, contains at least one multi-byte character equivalent to 8-bit ANSI
3Valid UTF-8, contains at least one multi-byte character that cannot be represented in a single-byte character set

Remarks

'Overlong' UTF-8 sequences and illegal surrogates are rejected as invalid.

Cnv.FromBase58 Method

Convert a base58-encoded string to an equivalent array of 8-bit unsigned integers.

Syntax

[C#]
public static byte[] FromBase58(
	string s
)
[VB.NET]
Public Shared Function FromBase58 ( _
	s As String _
) As Byte()

Parameters

s
Base58-encoded data

Return Value

Data as array of bytes

Remarks

This uses the "Bitcoin" scheme of base58 encoding where the leading character '1' is reserved for representing an entire leading zero byte.

Cnv.FromBase64 Method

Convert a base64-encoded string to an equivalent array of 8-bit unsigned integers.

Syntax

[C#]
public static byte[] FromBase64(
	string s
)
[VB.NET]
Public Shared Function FromBase64 ( _
	s As String _
) As Byte()

Parameters

s
Base64-encoded data

Return Value

Binary data in byte array, or an empty array on error.

Remarks

Whitespace characters are ignored, but other non-base64 characters will cause an error.

Cnv.FromHex Method

Convert the specified string representation of a value consisting of hexadecimal (base 16) digits to an equivalent array of 8-bit unsigned integers.

Syntax

[C#]
public static byte[] FromHex(
	string s
)
[VB.NET]
Public Shared Function FromHex ( _
	s As String _
) As Byte()

Parameters

s
Hex-encoded string

Return Value

Binary data in byte array, or an empty array on error.

Remarks

Whitespace and ASCII punctuation characters are ignored, but other non-hex characters will cause an error.

Cnv.HexFilter Method

Filter non-hexadecimal characters from a string.

Syntax

[C#]
public static string HexFilter(
	string s
)
[VB.NET]
Public Shared Function HexFilter ( _
	s As String _
) As String

Parameters

s
Input string to be filtered

Return Value

Filtered string

Cnv.HexFromBase64 Method

Convert base64-encoded data into hexadecimal-encoded data.

Syntax

[C#]
public static string HexFromBase64(
	string s
)
[VB.NET]
Public Shared Function HexFromBase64 ( _
	s As String _
) As String

Parameters

s
Base64-encoded data

Return Value

Hex-encoded data

Cnv.NumFromBytes Method

Convert the leftmost four bytes of an array to an unsigned 32-bit integer.

Syntax

[C#]
public static uint NumFromBytes(
	byte[] b,
	Cnv.EndianNess endn
)
[VB.NET]
Public Shared Function NumFromBytes ( _
	b As Byte(), _
	endn As Cnv.EndianNess _
) As UInteger

Parameters

b
Byte array to be converted
endn
Type: Cnv.EndianNess
Byte order

Return Value

Integer value

Remarks

An array shorter than 4 bytes will be padded on the right with zeros

Example

[C#]
byte[] b = new byte[4] { 0xde, 0xad, 0xbe, 0xef };
uint nb = Cnv.NumFromBytes(b, Cnv.EndianNess.BigEndian);
Console.WriteLine("0x" + nb.ToString("x8"));  // 0xdeadbeef
uint nl = Cnv.NumFromBytes(b, Cnv.EndianNess.LittleEndian);
Console.WriteLine("0x" + nl.ToString("x8"));  // 0xefbeadde

Cnv.NumToBytes Method

Convert a 32-bit integer to an array of 4 bytes.

Syntax

[C#]
public static byte[] NumToBytes(
	uint n,
	Cnv.EndianNess endn
)
[VB.NET]
Public Shared Function NumToBytes ( _
	n As UInteger, _
	endn As Cnv.EndianNess _
) As Byte()

Parameters

n
Integer to be converted
endn
Type: Cnv.EndianNess
Byte order

Return Value

Byte array containing representation of integer in given order

Example

[C#]
byte[] bb = Cnv.NumToBytes(0xdeadbeef, Cnv.EndianNess.BigEndian);
Console.WriteLine(Cnv.ToHex(bb));  // DEADBEEF
byte[] bl = Cnv.NumToBytes(0xdeadbeef, Cnv.EndianNess.LittleEndian);
Console.WriteLine(Cnv.ToHex(bl));  // EFBEADDE

Cnv.ReverseBytes Method

Reverse the order of a byte array.

Syntax

[C#]
public static byte[] ReverseBytes(
	byte[] data
)
[VB.NET]
Public Shared Function ReverseBytes ( _
	data As Byte() _
) As Byte()

Parameters

data
Input data to be reversed

Return Value

Byte array in reverse order

Cnv.ShortPathName Method

Retrieve the Windows short path form of the specified path.

Syntax

[C#]
public static string ShortPathName(
	string pathName
)
[VB.NET]
Public Shared Function ShortPathName ( _
	pathName As String _
) As String

Parameters

pathName
File path name.

Return Value

Windows short path name of file or the empty string if file does not exist.

Remarks

Windows platforms only. The file path must exist. The short path name is guaranteed to be ASCII.

Cnv.StringFromBase64 Method

Convert a base64-encoded string into a text string.

Syntax

[C#]
public static string StringFromBase64(
	string s
)
[VB.NET]
Public Shared Function StringFromBase64 ( _
	s As String _
) As String

Parameters

s
Base64-encoded data

Return Value

String value

Remarks

Uses the 'Default' encoding for the system's current ANSI code page. This assumes the user knows the resulting characters are all printable.

Cnv.StringFromHex Method

Convert a hexadecimal-encoded string into a text string.

Syntax

[C#]
public static string StringFromHex(
	string s
)
[VB.NET]
Public Shared Function StringFromHex ( _
	s As String _
) As String

Parameters

s
Hex-encoded data

Return Value

String value

Remarks

Uses the 'Default' encoding for the system's current ANSI code page, usually code page 1252 (similar to Latin-1). This assumes the user knows the resulting characters are all printable.

Cnv.ToBase58 Method

Convert 8-bit binary data to equivalent base58-encoded string format.

Syntax

[C#]
public static string ToBase58(
	byte[] binaryData
)
[VB.NET]
Public Shared Function ToBase58 ( _
	binaryData As Byte() _
) As String

Parameters

binaryData
binary data

Return Value

Base58-encoded string

Remarks

This uses the "Bitcoin" scheme of base58 encoding where the leading character '1' is reserved for representing an entire leading zero byte.

Cnv.ToBase64 Method (Byte[])

Convert 8-bit binary data to equivalent base64-encoded string format.

Syntax

[C#]
public static string ToBase64(
	byte[] binaryData
)
[VB.NET]
Public Shared Function ToBase64 ( _
	binaryData As Byte() _
) As String

Parameters

binaryData
binary data

Return Value

Base64-encoded string

Cnv.ToBase64 Method (String)

Convert a string of ANSI characters to equivalent base64-encoded string format.

Syntax

[C#]
public static string ToBase64(
	string s
)
[VB.NET]
Public Shared Function ToBase64 ( _
	s As String _
) As String

Parameters

s
String of data to be encoded

Return Value

Base64-encoded data

Remarks

Uses the 'Default' encoding for the system's current ANSI code page

Cnv.ToHex Method (Byte[])

Convert 8-bit binary data to equivalent hexadecimal string format.

Syntax

[C#]
public static string ToHex(
	byte[] binaryData
)
[VB.NET]
Public Shared Function ToHex ( _
	binaryData As Byte() _
) As String

Parameters

binaryData
binary data in byte array

Return Value

Hex-encoded string.

Cnv.ToHex Method (String)

Converts a string of ANSI characters to equivalent hexadecimal string format

Syntax

[C#]
public static string ToHex(
	string s
)
[VB.NET]
Public Shared Function ToHex ( _
	s As String _
) As String

Parameters

s
String of data to be encoded

Return Value

Hex-encoded data

Remarks

Uses the 'Default' encoding for the system's current ANSI code page

Compr.Compress Method

Compress data using zlib compression.

Syntax

[C#]
public static byte[] Compress(
	byte[] data
)
[VB.NET]
Public Shared Function Compress ( _
	data As Byte() _
) As Byte()

Parameters

data
Data to be compressed.

Return Value

Compressed data, or an empty array on error.

Compr.Uncompress Method

Uncompress data using zlib compression.

Syntax

[C#]
public static byte[] Uncompress(
	byte[] data
)
[VB.NET]
Public Shared Function Uncompress ( _
	data As Byte() _
) As Byte()

Parameters

data
Compressed data to be uncompressed.

Return Value

Uncompressed data, or an empty array on error.

Remarks

An empty array may also be returned if the original data was the empty array itself.

Ecc.DHSharedSecret Method

Compute EC Diffie-Hellman (ECDH) shared secret.

Syntax

[C#]
public static byte[] DHSharedSecret(
	string ourIntPrivateKey,
	string theirIntPublicKey
)
[VB.NET]
Public Shared Function DHSharedSecret ( _
	ourIntPrivateKey As String, _
	theirIntPublicKey As String _
) As Byte()

Parameters

ourIntPrivateKey
Our own private key in ephemeral "internal" form.
theirIntPublicKey
Other party's public key in "internal" form.

Return Value

The Diffie-Hellman shared secret.

Ecc.KeyHashCode Method

Compute the hash code of an "internal" ECC public or private key string.

Syntax

[C#]
public static int KeyHashCode(
	string intKeyString
)
[VB.NET]
Public Shared Function KeyHashCode ( _
	intKeyString As String _
) As Integer

Parameters

intKeyString
Internal key string

Return Value

A 32-bit hash code for the key, or zero on error.

Remarks

Should be the same for a matching private and public key.

Ecc.MakeKeys Method

Generate an EC public/private key pair and save as two key files.

Syntax

[C#]
public static int MakeKeys(
	string publicKeyfile,
	string privateKeyFile,
	Ecc.CurveName curveName,
	string password,
	Ecc.PbeScheme pbes,
	string paramString,
	Ecc.Format fileFormat
)
[VB.NET]
Public Shared Function MakeKeys ( _
	publicKeyfile As String, _
	privateKeyFile As String, _
	curveName As Ecc.CurveName, _
	password As String, _
	pbes As Ecc.PbeScheme, _
	paramString As String, _
	fileFormat As Ecc.Format _
) As Integer

Parameters

publicKeyfile
name of public key file to be created
privateKeyFile
name of encrypted private key file to be created
curveName
Type: Ecc.CurveName
name of elliptic curve
password
password to be used for the encrypted key file.
pbes
Type: Ecc.PbeScheme
(optional) Password-based encryption scheme to encrypt private key [default = pbeWithSHAAnd3-KeyTripleDES-CBC]
paramString
Optional parameters. A set of attribute name=value pairs separated by a semicolon ";" (see remarks).
fileFormat
Type: Ecc.Format
(optional) Format to save file [default = DER binary]

Return Value

Zero if successful or non-zero error code

Remarks

Valid name-value pairs for paramString are:

count=integerTo set the iteration count used in the PBKDF2 method, e.g. "count=5000;" [default=2048].
prf=hmac-nameTo change the HMAC algorithm used in the PBKDF2 method, e.g. "prf=hmacwithSHA256;" [default=hmacwithSHA1].
rngseed=stringTo add some user-supplied entropy for the key generation process, e.g. "rngseed=pqrrr1234xyz;".
Valid values for hmac-name are {hmacWithSHA1|hmacWithSHA224|hmacWithSHA256|hmacWithSHA384|hmacWithSHA512}.

Example

[C#]
// All default settings...
n = Ecc.MakeKeys(pubkeyfile, prikeyfile, Ecc.CurveName.Prime192v1, "password");
// With specialist options...
n = Ecc.MakeKeys(pubkeyfile, prikeyfile, Ecc.CurveName.Prime192v1, "password", 
       Ecc.PbeScheme.Pbe_Pbkdf2_aes128_CBC, "count=3999;prf=hmacWithSha256", Ecc.Format.PEM);

Ecc.PublicKeyFromPrivate Method

Convert an internal EC private key string into an internal EC public key string.

Syntax

[C#]
public static string PublicKeyFromPrivate(
	string internalKey
)
[VB.NET]
Public Shared Function PublicKeyFromPrivate ( _
	internalKey As String _
) As String

Parameters

internalKey
the private key as an internal key string

Return Value

The public key in ephemeral "internal" representation, or the empty string on error

Ecc.QueryKey Method

Query an EC key string for selected information.

Syntax

[C#]
public static string QueryKey(
	string internalKey,
	string query
)
[VB.NET]
Public Shared Function QueryKey ( _
	internalKey As String, _
	query As String _
) As String

Parameters

internalKey
containing the key as an internal key string
query
Query string (case insensitive)

Return Value

String containing the result or an empty string if not found or error.

Remarks

Valid queries are:

"curveName" Name of the curve.
"keyBits" Number of bits in the key.
"isPrivate" "1" if key is a private key; "0" if not.
"privateKey" Value of the private key in hex format.
"publicKey" Value of the public key in hex format.

Ecc.ReadKeyByCurve Method

Read an EC key from its hexadecimal representation with options for safe curves.

Syntax

[C#]
public static string ReadKeyByCurve(
	string hexKey,
	Ecc.CurveName curveName,
	Ecc.KeyType keyType
)
[VB.NET]
Public Shared Function ReadKeyByCurve ( _
	hexKey As String, _
	curveName As Ecc.CurveName, _
	keyType As Ecc.KeyType _
) As String

Parameters

hexKey
hexadecimal representation of the key, private or public
curveName
Type: Ecc.CurveName
name of the elliptic curve
keyType
Type: Ecc.KeyType
(optional) Specify PrivateKey or PublicKey (safe curves Ed25519 and X25519 only, otherwise ignored)

Return Value

The key in ephemeral "internal" representation, or the empty string on error

Remarks

The safe curves Ed25519 and X25519 have the same length for both private and public keys, so, for these safe curves, you must specify whether the key value represents a public or a private key.

Ecc.ReadPrivateKey Method

Read from a file or string containing an EC private key into an "internal" private key string.

Syntax

[C#]
public static StringBuilder ReadPrivateKey(
	string keyFileOrString,
	string password
)
[VB.NET]
Public Shared Function ReadPrivateKey ( _
	keyFileOrString As String, _
	password As String _
) As StringBuilder

Parameters

keyFileOrString
Name of private key file or a PEM String containing the key
password
Password for private key, if encrypted; or "" if not

Return Value

StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string, to allow secure wiping. Use sb.ToString() to obtain a string. Use Wipe.String(sb) to clear.

Ecc.ReadPublicKey Method

Read from a file or string containing an EC public key into an "internal" public key string.

Syntax

[C#]
public static StringBuilder ReadPublicKey(
	string keyFileOrString
)
[VB.NET]
Public Shared Function ReadPublicKey ( _
	keyFileOrString As String _
) As StringBuilder

Parameters

keyFileOrString
Name of public key file or a PEM String containing the key

Return Value

StringBuilder containing an internal representation of the public key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.

Ecc.SaveEncKey Method

Save an internal EC private key string to an encrypted private key file.

Syntax

[C#]
public static int SaveEncKey(
	string outputFile,
	string internalKey,
	string password,
	Ecc.PbeScheme pbes,
	string paramString,
	Ecc.Format fileFormat
)
[VB.NET]
Public Shared Function SaveEncKey ( _
	outputFile As String, _
	internalKey As String, _
	password As String, _
	pbes As Ecc.PbeScheme, _
	paramString As String, _
	fileFormat As Ecc.Format _
) As Integer

Parameters

outputFile
name of key file to be created
internalKey
the private key in an internal key string
password
the password to be used for the encrypted key file
pbes
Type: Ecc.PbeScheme
Password-based encryption scheme to encrypt private key [default = pbeWithSHAAnd3-KeyTripleDES-CBC]
paramString
Optional parameters. A set of attribute name=value pairs separated by a semicolon ";" (see remarks). Set as "" for defaults.
fileFormat
Type: Ecc.Format
Format to save file [default = DER binary]

Return Value

Zero if successful or non-zero error code

Remarks

Valid name-value pairs for paramString are:

count=integerTo set the iteration count used in the PBKDF2 method, e.g. "count=5000;" [default=2048].
prf=hmac-nameTo change the HMAC algorithm used in the PBKDF2 method, e.g. "prf=hmacwithSHA256;" [default=hmacwithSHA1].
Valid values for hmac-name are {hmacWithSHA1|hmacWithSHA224|hmacWithSHA256|hmacWithSHA384|hmacWithSHA512}.

Ecc.SaveKey Method

Save an internal EC key string (public or private) to an unencrypted key file.

Syntax

[C#]
public static int SaveKey(
	string outputFile,
	string internalKey,
	Ecc.KeyType keyType,
	Ecc.Format fileFormat
)
[VB.NET]
Public Shared Function SaveKey ( _
	outputFile As String, _
	internalKey As String, _
	keyType As Ecc.KeyType, _
	fileFormat As Ecc.Format _
) As Integer

Parameters

outputFile
Name of key file to be created
internalKey
the private or public EC key in an internal key string
keyType
Type: Ecc.KeyType
Key structure for private key (ignored for public)
fileFormat
Type: Ecc.Format
Format to save file [default = DER binary]

Return Value

If successful, the return value is zero; otherwise it returns a nonzero error code

General.CompileTime Method

Return date and time the core CryptoSys PKI DLL was last compiled.

Syntax

[C#]
public static string CompileTime()
[VB.NET]
Public Shared Function CompileTime As String

Return Value

Date and time string

General.ErrorCode Method

Return the error code of the first error that occurred when calling the last function.

Syntax

[C#]
public static int ErrorCode()
[VB.NET]
Public Shared Function ErrorCode As Integer

Return Value

Error code

General.ErrorLookup Method

Return a description of an error code.

Syntax

[C#]
public static string ErrorLookup(
	int errCode
)
[VB.NET]
Public Shared Function ErrorLookup ( _
	errCode As Integer _
) As String

Parameters

errCode
Code number

Return Value

Corresponding error message

General.FormatErrorMessage Method

Return an error message string for the last error.

Syntax

[C#]
public static string FormatErrorMessage(
	int errCode,
	string userMsg
)
[VB.NET]
Public Shared Function FormatErrorMessage ( _
	errCode As Integer, _
	userMsg As String _
) As String

Parameters

errCode
Error code returned by last call (optional)
userMsg
Optional message string

Return Value

Error message as a string Error (errCode) ...

General.LastError Method

Retrieve the last error message set by the toolkit.

Syntax

[C#]
public static string LastError()
[VB.NET]
Public Shared Function LastError As String

Return Value

Final error message from last call (may be empty)

General.LicenceType Method

Return licence type.

Syntax

[C#]
public static char LicenceType()
[VB.NET]
Public Shared Function LicenceType As Char

Return Value

D=Developer T=Trial

General.ModuleInfo Method

Get additional information about the core DLL module.

Syntax

[C#]
public static string ModuleInfo()
[VB.NET]
Public Shared Function ModuleInfo As String

Return Value

Additional information, e.g. "Licensed Developer Edition".

General.ModuleName Method

Return full path name of core CryptoSys PKI DLL module.

Syntax

[C#]
public static string ModuleName()
[VB.NET]
Public Shared Function ModuleName As String

Return Value

File name.

Remarks

If using the Win32 DLL in the system folder on a 64-bit system, Windows will return "C:\WINDOWS\SYSTEM32\diCrPKI.dll" when the DLL file path is actually "C:\WINDOWS\SYSWOW64\diCrPKI.dll". Use General.Platform() to find out exactly which DLL is being used.

General.NetVersion Method

Return the version of this .NET module.

Syntax

[C#]
public static string NetVersion()
[VB.NET]
Public Shared Function NetVersion As String

Return Value

Version string, e.g. "20.1.0"

General.Platform Method

Return the platform the core DLL was compiled for.

Syntax

[C#]
public static string Platform()
[VB.NET]
Public Shared Function Platform As String

Return Value

"Win32" or "X64"

General.PowerUpTests Method

Perform FIPS-140-2 start-up tests.

Syntax

[C#]
public static int PowerUpTests()
[VB.NET]
Public Shared Function PowerUpTests As Integer

Return Value

Zero on success

General.Version Method

Return the release version of the core CryptoSys PKI DLL as an integer value.

Syntax

[C#]
public static int Version()
[VB.NET]
Public Shared Function Version As Integer

Return Value

Version number in form Major * 10000 + Minor * 100 + Release. For example, version 3.10.1 would return 31001.

Hash.BytesFromBytes Method

Create hash digest in byte format of byte input.

Syntax

[C#]
public static byte[] BytesFromBytes(
	byte[] message,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function BytesFromBytes ( _
	message As Byte(), _
	hashAlg As HashAlgorithm _
) As Byte()

Parameters

message
Message data in byte format
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

Message digest in byte format

Hash.BytesFromFile Method

Create hash digest of a binary file.

Syntax

[C#]
public static byte[] BytesFromFile(
	string fileName,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function BytesFromFile ( _
	fileName As String, _
	hashAlg As HashAlgorithm _
) As Byte()

Parameters

fileName
Name of file containing message data
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

Message digest in byte format

Hash.Double Method

Create double hash, i.e. hash of hash, in byte format of byte input.

Syntax

[C#]
public static byte[] Double(
	byte[] message,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function Double ( _
	message As Byte(), _
	hashAlg As HashAlgorithm _
) As Byte()

Parameters

message
Message data in byte format
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

Message digest HASH(HASH(m)) in byte format

Hash.HexFromBytes Method

Create hash digest in hex format of byte input.

Syntax

[C#]
public static string HexFromBytes(
	byte[] message,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function HexFromBytes ( _
	message As Byte(), _
	hashAlg As HashAlgorithm _
) As String

Parameters

message
Message data in byte format
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

Message digest in hex-encoded format

Hash.HexFromFile Method

Create hash digest in hex format of a binary file.

Syntax

[C#]
public static string HexFromFile(
	string fileName,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function HexFromFile ( _
	fileName As String, _
	hashAlg As HashAlgorithm _
) As String

Parameters

fileName
Name of file containing message data
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

Message digest in hex-encoded format

Hash.HexFromHex Method

Create hash digest in hex format of hex-encoded input.

Syntax

[C#]
public static string HexFromHex(
	string messageHex,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function HexFromHex ( _
	messageHex As String, _
	hashAlg As HashAlgorithm _
) As String

Parameters

messageHex
Message data in hex-encoded format
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

Message digest in hex-encoded format

Hash.HexFromString Method

Create hash digest in hex format of string input.

Syntax

[C#]
public static string HexFromString(
	string message,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function HexFromString ( _
	message As String, _
	hashAlg As HashAlgorithm _
) As String

Parameters

message
Message data string
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

Message digest in hex-encoded format

Hash.HexFromTextFile Method

Create hash digest in hex format of a text file, treating CR-LF (0x13, 0x10) pairs as a single LF (0x10).

Syntax

[C#]
public static string HexFromTextFile(
	string fileName,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function HexFromTextFile ( _
	fileName As String, _
	hashAlg As HashAlgorithm _
) As String

Parameters

fileName
Name of file containing message data
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

Message digest in hex format

Remarks

This should give the same message digest of a text file on both Unix and Windows systems.

Hash.Length Method

Return length of message digest output in bytes.

Syntax

[C#]
public static int Length(
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function Length ( _
	hashAlg As HashAlgorithm _
) As Integer

Parameters

hashAlg
Type: HashAlgorithm
Hash algorithm

Return Value

Length of the hash function output in bytes.

Hmac.BytesFromBytes Method

Create a keyed-hash HMAC in byte format from byte input.

Syntax

[C#]
public static byte[] BytesFromBytes(
	byte[] message,
	byte[] key,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function BytesFromBytes ( _
	message As Byte(), _
	key As Byte(), _
	hashAlg As HashAlgorithm _
) As Byte()

Parameters

message
Message to be signed in byte format
key
Key in byte format
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

HMAC in byte format

Hmac.HexFromBytes Method

Create a keyed-hash HMAC in hex-encoded format from byte input.

Syntax

[C#]
public static string HexFromBytes(
	byte[] message,
	byte[] key,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function HexFromBytes ( _
	message As Byte(), _
	key As Byte(), _
	hashAlg As HashAlgorithm _
) As String

Parameters

message
Message to be signed in byte format
key
Key in byte format
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

HMAC in hex-encoded format

Hmac.HexFromHex Method

Create a keyed-hash HMAC in hex-encoded format from hex-encoded input.

Syntax

[C#]
public static string HexFromHex(
	string messageHex,
	string keyHex,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function HexFromHex ( _
	messageHex As String, _
	keyHex As String, _
	hashAlg As HashAlgorithm _
) As String

Parameters

messageHex
Message to be signed in hex-encoded format
keyHex
Key in hex-encoded format
hashAlg
Type: HashAlgorithm
Hash algorithm to be used

Return Value

HMAC in hex-encoded format

Hpke.DerivePrivateKey Method

Derive an EC private key in a deterministic manner from input keying material using the DeriveKeyPair algorithm in RFC9180.

Syntax

[C#]
public static string DerivePrivateKey(
	byte[] ikm,
	Hpke.CurveName curveName,
	Hpke.OutputOpts opts
)
[VB.NET]
Public Shared Function DerivePrivateKey ( _
	ikm As Byte(), _
	curveName As Hpke.CurveName, _
	opts As Hpke.OutputOpts _
) As String

Parameters

ikm
Input key material (ikm). This must have length in bytes at least as long as the key to be produced.
curveName
Type: Hpke.CurveName
Curve name
opts
Type: Hpke.OutputOpts
Output options (default=internal key format)

Return Value

Derived private key in string form or an empty string on error.

Remarks

By default the key is output as an ephemeral "internal" key string, which can be used directly with Ecc.SaveKey, Ecc.SaveEncKey, Ecc.PublicKeyFromPrivate, Ecc.DHSharedSecret and Ecc.QueryKey. If opts is set to `OutputOpts.KeyAsHex` then the key is output in serialized hexadecimal form in the same manner as the test vectors in [RFC9180] (without the clamping). The KDF to be used is fixed by the EC curve group as follows:
EC curveKDF
P-256HKDF-SHA256
P-384HKDF-SHA384
P-521HKDF-SHA512
X25519HKDF-SHA256
X448HKDF-SHA512

Example

[C#]
string ikmhex = "7268600d403fce431561aef583ee1613527cff655c1343f29812e66706df3234";
string skhex = Hpke.DerivePrivateKey(Cnv.FromHex(ikmhex), Hpke.CurveName.X25519, Hpke.OutputOpts.KeyAsHex);
// 52c4a758a802cd8b936eceea314432798d5baf2d7e9235dc084ab1b9cfa2f736

Hpke.LabeledExpand Method

Compute the output of the LabeledExpand function as defined in RFC9180.

Syntax

[C#]
public static byte[] LabeledExpand(
	int numBytes,
	byte[] prk,
	string label,
	byte[] info,
	Hpke.CurveName curveName,
	Hpke.AeadAlg aeadAlg
)
[VB.NET]
Public Shared Function LabeledExpand ( _
	numBytes As Integer, _
	prk As Byte(), _
	label As String, _
	info As Byte(), _
	curveName As Hpke.CurveName, _
	aeadAlg As Hpke.AeadAlg _
) As Byte()

Parameters

numBytes
Required number of bytes (L) of output keying material.
prk
Pseudorandom key (prk)
label
Label string
info
Byte string info
curveName
Type: Hpke.CurveName
ECDH curve used in scheme
aeadAlg
Type: Hpke.AeadAlg
AEAD encryption algorithm used in the scheme or 0 (default) to indicate KDF is being used inside a KEM algorithm.

Return Value

L bytes of output keying material.

Remarks

The LabeledExpand function is defined in section 4 of [RFC9180]. It uses the "expand" stage of the HKDF function [RFC5869]. The ECDH curve group used in the scheme must be specified, which automatically fixes the KDF and associated HMAC algorithm to be used.

Example

[C#]
int Nk = 16;
// key = LabeledExpand(secret, 'key', key_schedule_context, Nk)
byte[] key = Hpke.LabeledExpand(Nk, Cnv.FromHex("12fff91991e93b48de37e7daddb52981084bd8aa64289c3788471d9a9712f397"), "key",
   Cnv.FromHex("00725611c9d98c07c03f60095cd32d400d8347d45ed67097bbad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637abb05449"),
   Hpke.CurveName.X25519, Hpke.AeadAlg.Aes_128_Gcm);
// 4531685d41d65f03dc48f6b8302c05b0

Hpke.LabeledExtract Method

Compute the output of the LabeledExtract function as defined in RFC9180.

Syntax

[C#]
public static byte[] LabeledExtract(
	byte[] salt,
	string label,
	byte[] ikm,
	Hpke.CurveName curveName,
	Hpke.AeadAlg aeadAlg
)
[VB.NET]
Public Shared Function LabeledExtract ( _
	salt As Byte(), _
	label As String, _
	ikm As Byte(), _
	curveName As Hpke.CurveName, _
	aeadAlg As Hpke.AeadAlg _
) As Byte()

Parameters

salt
Byte string salt
label
Label string
ikm
Input keying material (ikm)
curveName
Type: Hpke.CurveName
ECDH curve used in scheme
aeadAlg
Type: Hpke.AeadAlg
AEAD encryption algorithm used in the scheme or 0 (default) to indicate KDF is being used inside a KEM algorithm.

Return Value

A pseudorandom key of fixed length Nh bytes.

Remarks

The LabeledExtract function is defined in section 4 of [RFC9180]. It uses the "extract" stage of the HKDF function [RFC5869] and outputs a fixed value of bytes equal to the length (Nh) of the underlying HMAC function used by the KDF algorithm. The ECDH curve group used in the scheme must be specified, which automatically fixes the KDF and associated HMAC algorithm to be used.

Example

[C#]
// Used inside KEM
string ikmhex = "7268600d403fce431561aef583ee1613527cff655c1343f29812e66706df3234";
Console.WriteLine(Cnv.ToHex(Hpke.LabeledExtract(null, "dkp_prk", Cnv.FromHex(ikmhex), Hpke.CurveName.X25519)));
// 7B8BFE1D6F3D0CB45C585E133299C64AC998BF46CAF2DC13BA874F23413EC23A
// Used outside KEM
Console.WriteLine(Cnv.ToHex(Hpke.LabeledExtract(null, "psk_id_hash", null, Hpke.CurveName.X25519, Hpke.AeadAlg.Aes_128_Gcm)));
// 725611C9D98C07C03F60095CD32D400D8347D45ED67097BBAD50FC56DA742D07

Kdf.Bytes Method

Generate a key-encryption key (KEK) from input keying material (IKM) using a key derivation function (KDF).

Syntax

[C#]
public static byte[] Bytes(
	int dkLen,
	byte[] ikm,
	Kdf.KdfAlg kdfAlg,
	Kdf.HashAlg hashAlg,
	byte[] sharedInfo,
	string paramString
)
[VB.NET]
Public Shared Function Bytes ( _
	dkLen As Integer, _
	ikm As Byte(), _
	kdfAlg As Kdf.KdfAlg, _
	hashAlg As Kdf.HashAlg, _
	sharedInfo As Byte(), _
	paramString As String _
) As Byte()

Parameters

dkLen
Required length of output key material in bytes.
ikm
Input key material/shared secret.
kdfAlg
Type: Kdf.KdfAlg
Key derivation function to use.
hashAlg
Type: Kdf.HashAlg
Hash algorithm to use with the key derivation function (default is SHA-1)
sharedInfo
SharedInfo (optional)
paramString
Optional parameters. Set as "" for defaults. Pass attribute-value salt=<hex-digits> to set the optional salt parameter for the HKDF algorithm, e.g. "salt=606162636465666768696a6b6c6d6e6f;"

Return Value

Output key material (KEK).

Kdf.ForCms Method

Generate a key-encryption key (KEK) for ECDH key exchange in a CMS EnvelopedData object.

Syntax

[C#]
public static byte[] ForCms(
	byte[] zz,
	Kdf.KeyWrapAlg keyWrapAlg,
	Kdf.KdfAlg kdfAlg,
	Kdf.HashAlg hashAlg,
	byte[] ukm
)
[VB.NET]
Public Shared Function ForCms ( _
	zz As Byte(), _
	keyWrapAlg As Kdf.KeyWrapAlg, _
	kdfAlg As Kdf.KdfAlg, _
	hashAlg As Kdf.HashAlg, _
	ukm As Byte() _
) As Byte()

Parameters

zz
Input key material/shared secret value (denoted variously as ZZ/Z/K/IKM)
keyWrapAlg
Type: Kdf.KeyWrapAlg
Key wrap algorithm (required, cannot be Default)
kdfAlg
Type: Kdf.KdfAlg
Key derivation function to use.
hashAlg
Type: Kdf.HashAlg
Hash algorithm to use with the key derivation function (default is SHA-1)
ukm
Optional user key material (ukm)

Return Value

Output key material (KEK).

Remarks

This is a specialist function using the key definition algorithms described in [RFC5753] and [RFC8418] when used for key agreement with ECDH in a CMS EnvelopedData object. The key-encryption key is derived using the ECC-CMS-SharedInfo type, described in section 7.2 of [RFC5753].

Ocsp.MakeRequest Method

Create an Online Certification Status Protocol (OCSP) request as a base64 string.

Syntax

[C#]
public static string MakeRequest(
	string issuerCert,
	string certFileOrSerialNumber,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function MakeRequest ( _
	issuerCert As String, _
	certFileOrSerialNumber As String, _
	hashAlg As HashAlgorithm _
) As String

Parameters

issuerCert
name of issuer's X.509 certificate file (or base64 representation)
certFileOrSerialNumber
either the name of X.509 certificate file to be checked or its serial number in hexadecimal format preceded by #x
hashAlg
Type: HashAlgorithm
Hash algorithm to be used [default = SHA-1]

Return Value

A base64 string suitable for an OCSP request to an Online Certificate Status Manager or an empty string on error.

Remarks

The issuer's X.509 certficate must be specified. The certificate to be checked can either be specified directly as a filename or as a serialNumber in hexadecimal format preceded by "#x", e.g. "#x01deadbeef". If the latter format is used, it must be in hexadecimal format, so the serial number 10 would be passed as "#x0a". It is an error (NO_MATCH_ERROR) if the issuer's name of the certificate to be checked does not match the subject name of the issuer's certificate.

Ocsp.ReadResponse Method

Read a response to an Online Certification Status Protocol (OCSP) request and outputs the main results in text form.

Syntax

[C#]
public static string ReadResponse(
	string responseFile,
	string issuerCert
)
[VB.NET]
Public Shared Function ReadResponse ( _
	responseFile As String, _
	issuerCert As String _
) As String

Parameters

responseFile
name of the file containing the response data in BER format.
issuerCert
(optional) name of issuer's X.509 certificate file (or base64 representation)

Return Value

A text string outlining the main results in the response data or an empty string on error.

Remarks

Note that a revoked certificate will still result in a "Successful response", so check the CertStatus. The issuer's X.509 certficate issuerCert is optional. If provided, it will be used to check the signature on the OCSP reponse and and an error will result if the signature is not valid. CAUTION: For some CAs (e.g. VeriSign) the key used to sign the OCSP response is not the same as the key in the issuer's certificate, so specifying the issuer's certificate in this case will result in a signature error. If you can separately obtain the certificate used to sign the OCSP response, then specify this as the issuerCert; otherwise leave as the empty string "".

Pbe.Kdf2 Method (Int32, Byte[], Byte[], Int32, HashAlgorithm)

Derive a key of any length from a password using the PBKDF2 algorithm from PKCS #5 v2.1.

Syntax

[C#]
public static byte[] Kdf2(
	int dkLen,
	byte[] pwdBytes,
	byte[] salt,
	int count,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function Kdf2 ( _
	dkLen As Integer, _
	pwdBytes As Byte(), _
	salt As Byte(), _
	count As Integer, _
	hashAlg As HashAlgorithm _
) As Byte()

Parameters

dkLen
Required length of key in bytes
pwdBytes
Password in byte format
salt
Salt in byte format
count
Iteration count
hashAlg
Type: HashAlgorithm
Hash algorithm to use in HMAC PRF (default is SHA-1)

Return Value

Key in byte[] format

Pbe.Kdf2 Method (Int32, String, String, Int32, HashAlgorithm)

Derive a key in hex format of any length from a password with the salt in hex format.

Syntax

[C#]
public static string Kdf2(
	int dkLen,
	string pwdStr,
	string saltHex,
	int count,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function Kdf2 ( _
	dkLen As Integer, _
	pwdStr As String, _
	saltHex As String, _
	count As Integer, _
	hashAlg As HashAlgorithm _
) As String

Parameters

dkLen
Required length of key in bytes
pwdStr
Password
saltHex
Salt in hex format
count
Iteration count
hashAlg
Type: HashAlgorithm
Hash algorithm to use in HMAC PRF (default is SHA-1)

Return Value

Key in hex format

Pbe.Scrypt Method (Int32, Byte[], Byte[], Int32, Int32, Int32)

Derives a key of any length from a password using the SCRYPT algorithm.

Syntax

[C#]
public static byte[] Scrypt(
	int dkLen,
	byte[] pwdBytes,
	byte[] salt,
	int N,
	int r,
	int p
)
[VB.NET]
Public Shared Function Scrypt ( _
	dkLen As Integer, _
	pwdBytes As Byte(), _
	salt As Byte(), _
	N As Integer, _
	r As Integer, _
	p As Integer _
) As Byte()

Parameters

dkLen
Required length of key in bytes
pwdBytes
Password encoded in byte format
salt
Salt in byte format
N
CPU/Memory cost parameter, a number greater than one and a power of 2.
r
Block size r
p
Parallelization parameter p

Return Value

Key in byte[] format

Pbe.Scrypt Method (Int32, String, String, Int32, Int32, Int32)

Derives a key in hex format from a password with the salt in hex format

Syntax

[C#]
public static string Scrypt(
	int dkLen,
	string pwdStr,
	string saltHex,
	int N,
	int r,
	int p
)
[VB.NET]
Public Shared Function Scrypt ( _
	dkLen As Integer, _
	pwdStr As String, _
	saltHex As String, _
	N As Integer, _
	r As Integer, _
	p As Integer _
) As String

Parameters

dkLen
Required length of key in bytes
pwdStr
Password (normal text)
saltHex
Salt in hex format
N
CPU/Memory cost parameter, a number greater than one and a power of 2.
r
Block size r
p
Parallelization parameter p

Return Value

Key in hex format

Remarks

Password pwdStr is normal text, not hexadecimal

Example

[C#]
string keyHex = Pbe.Scrypt(64, "password", "4E61436C", 1024, 8, 16);

Pem.FileFromBinFile Method

Create a PEM file from a binary file with option for line endings.

Syntax

[C#]
public static int FileFromBinFile(
	string fileToMake,
	string fileIn,
	string header,
	int lineLen,
	bool unixEOL
)
[VB.NET]
Public Shared Function FileFromBinFile ( _
	fileToMake As String, _
	fileIn As String, _
	header As String, _
	lineLen As Integer, _
	unixEOL As Boolean _
) As Integer

Parameters

fileToMake
Name of PEM file to create
fileIn
Name of input binary file
header
Header to be used. Leave empty to omit the PEM header and footer.
lineLen
Maximum length of a line in the resulting PEM file [default = 64 characters]
unixEOL
Set true for Unix/SSL LF line endings [optional, default = Windows CR-LF endings]

Return Value

Zero if successful; otherwise it returns an error code

Pem.FileToBinFile Method

Convert the contents of a PEM file into a binary file.

Syntax

[C#]
public static int FileToBinFile(
	string fileToMake,
	string fileIn
)
[VB.NET]
Public Shared Function FileToBinFile ( _
	fileToMake As String, _
	fileIn As String _
) As Integer

Parameters

fileToMake
Name of binary file to create.
fileIn
Name of input PEM file

Return Value

Zero if successful; otherwise it returns an error code

Pfx.MakeFile Method

Create a PFX (PKCS-12) file from an X.509 certificate and (optional) encrypted private key file with advanced options.

Syntax

[C#]
public static int MakeFile(
	string fileToMake,
	string certFile,
	string privateKeyFile,
	string password,
	string friendlyName,
	Pfx.Options pfxOptions
)
[VB.NET]
Public Shared Function MakeFile ( _
	fileToMake As String, _
	certFile As String, _
	privateKeyFile As String, _
	password As String, _
	friendlyName As String, _
	pfxOptions As Pfx.Options _
) As Integer

Parameters

fileToMake
name of output file to be created
certFile
filename of the subject's X.509 certificate (required)
privateKeyFile
filename of the subject's encrypted private key in pkcs-8 format (optional)
password
password for private key file and new PFX file
friendlyName
friendly name identification for the subject (optional)
pfxOptions
Type: Pfx.Options
Specialist options

Return Value

Zero if successful or a non-zero error code.

Remarks

The default behaviour is to encrypt the certificate using "weak" 40-bit RC2 and the private key (if provided) using "standard" Triple DES (pbeWithSHAAnd3-KeyTripleDES-CBC).

Pfx.SignatureIsValid Method

Verify the MacData signature in a PKCS-12 file.

Syntax

[C#]
public static bool SignatureIsValid(
	string fileName,
	string password
)
[VB.NET]
Public Shared Function SignatureIsValid ( _
	fileName As String, _
	password As String _
) As Boolean

Parameters

fileName
Name of PKCS-12 file to be checked
password
password for file

Return Value

true if signature is OK

Prf.Bytes Method

Generate output bytes using a pseudorandom function (PRF).

Syntax

[C#]
public static byte[] Bytes(
	int numBytes,
	byte[] message,
	byte[] key,
	Prf.Alg prfAlg,
	string customStr
)
[VB.NET]
Public Shared Function Bytes ( _
	numBytes As Integer, _
	message As Byte(), _
	key As Byte(), _
	prfAlg As Prf.Alg, _
	customStr As String _
) As Byte()

Parameters

numBytes
Required number of output bytes.
message
Input message data.
key
Key.
prfAlg
Type: Prf.Alg
PRF algorithm.
customStr
Customization string (optional).

Return Value

Output data in byte array.

Pwd.Prompt Method

Open a dialog box to receive a password with user-supplied prompt.

Syntax

[C#]
public static string Prompt(
	int maxChars,
	string caption,
	string prompt
)
[VB.NET]
Public Shared Function Prompt ( _
	maxChars As Integer, _
	caption As String, _
	prompt As String _
) As String

Parameters

maxChars
Maximum characters expected in password
caption
Caption for dialog window
prompt
Wording for prompt (optional, default="Enter password:")

Return Value

String containing password or Empty string if user cancels

Rng.Bytes Method (Int32)

Generate an array of random bytes.

Syntax

[C#]
public static byte[] Bytes(
	int numBytes
)
[VB.NET]
Public Shared Function Bytes ( _
	numBytes As Integer _
) As Byte()

Parameters

numBytes
Required number of random bytes

Return Value

Array of random bytes

Rng.Bytes Method (Int32, Byte[])

Generate an array of random bytes with user-supplied entropy.

Syntax

[C#]
public static byte[] Bytes(
	int numBytes,
	byte[] arrSeed
)
[VB.NET]
Public Shared Function Bytes ( _
	numBytes As Integer, _
	arrSeed As Byte() _
) As Byte()

Parameters

numBytes
Required number of random bytes
arrSeed
User-supplied entropy in byte format

Return Value

Array of random bytes

Rng.Bytes Method (Int32, String)

Generate an array of random bytes with user-supplied entropy.

Syntax

[C#]
public static byte[] Bytes(
	int numBytes,
	string seedStr
)
[VB.NET]
Public Shared Function Bytes ( _
	numBytes As Integer, _
	seedStr As String _
) As Byte()

Parameters

numBytes
Required number of random bytes
seedStr
User-supplied entropy in string format

Return Value

Array of random bytes

Rng.BytesWithPrompt Method (Int32, Rng.Strength)

Generate an array of random bytes with a prompt for random keyboard input.

Syntax

[C#]
public static byte[] BytesWithPrompt(
	int numBytes,
	Rng.Strength strength
)
[VB.NET]
Public Shared Function BytesWithPrompt ( _
	numBytes As Integer, _
	strength As Rng.Strength _
) As Byte()

Parameters

numBytes
Required number of random bytes
strength
Type: Rng.Strength
Estimated security strength (default=112 bits)

Return Value

Array of random bytes

Rng.BytesWithPrompt Method (Int32, String, Rng.Strength)

Generate an array of random bytes with a prompt for random keyboard input.

Syntax

[C#]
public static byte[] BytesWithPrompt(
	int numBytes,
	string prompt,
	Rng.Strength strength
)
[VB.NET]
Public Shared Function BytesWithPrompt ( _
	numBytes As Integer, _
	prompt As String, _
	strength As Rng.Strength _
) As Byte()

Parameters

numBytes
Required number of random bytes
prompt
Alternative prompt. Set as an empty string "" for the default prompt.
strength
Type: Rng.Strength
Required security strength

Return Value

Array of random bytes

Rng.Guid Method

Generate a random 36-character Global Unique IDentifier (GUID) string according to [RFC4122].

Syntax

[C#]
public static string Guid()
[VB.NET]
Public Shared Function Guid As String

Return Value

String of the form "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" where 'x' is a hexadecimal digit [0-9a-f].

Rng.Initialize Method

Initialize the RNG generator with a seed file.

Syntax

[C#]
public static bool Initialize(
	string seedFile
)
[VB.NET]
Public Shared Function Initialize ( _
	seedFile As String _
) As Boolean

Parameters

seedFile
Full path name of seed file

Return Value

true if successful; false if fails

Remarks

If the seed file does not exist, it will be created (with any available entropy).

Rng.InitializeEx Method

Query and initialize the RNG generator using Intel(R) DRNG, if available.

Syntax

[C#]
public static int InitializeEx(
	Rng.Options opts
)
[VB.NET]
Public Shared Function InitializeEx ( _
	opts As Rng.Options _
) As Integer

Parameters

opts
Type: Rng.Options
Specify Rng.Options.NoIntelDrng to explicitly turn off support.

Return Value

Support status for Intel(R) DRNG. If available, then a positive value (1,2,3); else a negative error code.

Rng.MakeSeedFile Method

Create a new seed file suitable for use with Rng.Initialize.

Syntax

[C#]
public static bool MakeSeedFile(
	string seedFile,
	Rng.Strength strength
)
[VB.NET]
Public Shared Function MakeSeedFile ( _
	seedFile As String, _
	strength As Rng.Strength _
) As Boolean

Parameters

seedFile
Name of seed file to be created
strength
Type: Rng.Strength
Estimated security strength (default=112 bits)

Return Value

true if successful; false if fails

Remarks

Any existing file will be overwritten.

Rng.Number Method

Generate a random number (integer) in a given range.

Syntax

[C#]
public static int Number(
	int lower,
	int upper
)
[VB.NET]
Public Shared Function Number ( _
	lower As Integer, _
	upper As Integer _
) As Integer

Parameters

lower
lower value of range
upper
upper value of range

Return Value

Random integer x: lower <= x <= upper

Rng.Octet Method

Generate a single random octet (byte).

Syntax

[C#]
public static byte Octet()
[VB.NET]
Public Shared Function Octet As Byte

Return Value

Single byte value randomly chosen between 0 and 255

Rng.Test Method

Carry out a NIST SP800-90 health check and FIPS140-2 statistical tests on the random number generator.

Syntax

[C#]
public static bool Test(
	string resultFile
)
[VB.NET]
Public Shared Function Test ( _
	resultFile As String _
) As Boolean

Parameters

resultFile
Name of results file to be created, or null not to create a results file.

Return Value

true if successful; false if fails

Remarks

Any existing file will be overwritten.

Rng.TestDrbgvs Method

Test the RNG for conformance to NIST SP800-90A using the relevant test specified in DRBGVS.

Syntax

[C#]
public static string TestDrbgvs(
	int returnedBitsLen,
	string entropyInput,
	string nonce,
	string personalizationString,
	string additionalInput1,
	string entropyReseed,
	string additionalInputReseed,
	string additionalInput2
)
[VB.NET]
Public Shared Function TestDrbgvs ( _
	returnedBitsLen As Integer, _
	entropyInput As String, _
	nonce As String, _
	personalizationString As String, _
	additionalInput1 As String, _
	entropyReseed As String, _
	additionalInputReseed As String, _
	additionalInput2 As String _
) As String

Parameters

returnedBitsLen
Number of bits to be returned from each call to the generate function in the test
entropyInput
the EntropyInput value in hex format
nonce
the Nonce value in hex format
personalizationString
the PersonalizationString value in hex format
additionalInput1
the first AdditionalInput value in hex format
entropyReseed
the EntropyReseed value in hex format
additionalInputReseed
the AdditionalInputReseed value in hex format
additionalInput2
the second AdditionalInput value in hex format

Return Value

the ReturnedBits as a string in hexadecimal format

Remarks

The test procedure, the input values and the expected output are described in the DRBGVS document. The relevant DRBG mechanism is HMAC_DRBG SHA-512 without prediction resistance. Use the empty string "" to pass a zero-length input. All hex strings must have an even number of characters.

Rng.UpdateSeedFile Method

Update the RNG seed file.

Syntax

[C#]
public static bool UpdateSeedFile(
	string seedFile
)
[VB.NET]
Public Shared Function UpdateSeedFile ( _
	seedFile As String _
) As Boolean

Parameters

seedFile
Full path name of seed file

Return Value

true if successful; false if fails

Remarks

The seed file must be writable. If it does not exist it will be created (with any available entropy). Any existing file of the same name will be overwritten without warning.

Rsa.CheckKey Method (String)

Check the validity of an "internal" RSA public or private key.

Syntax

[C#]
public static int CheckKey(
	string intKeyString
)
[VB.NET]
Public Shared Function CheckKey ( _
	intKeyString As String _
) As Integer

Parameters

intKeyString
Internal key string

Return Value

0=valid private key, 1=valid publickey, or negative error code

Remarks

A private key is also validated for consistency.

Rsa.CheckKey Method (StringBuilder)

Check the validity of an "internal" RSA public or private key.

Syntax

[C#]
public static int CheckKey(
	StringBuilder sbKeyString
)
[VB.NET]
Public Shared Function CheckKey ( _
	sbKeyString As StringBuilder _
) As Integer

Parameters

sbKeyString
Internal key string

Return Value

0=valid private key, 1=valid publickey, or negative error code

Remarks

A private key is also validated for consistency.

Rsa.DecodeDigestForSignature Method

Decode an encoded message for signature.

Syntax

[C#]
public static byte[] DecodeDigestForSignature(
	byte[] data,
	bool getFullDigestInfo
)
[VB.NET]
Public Shared Function DecodeDigestForSignature ( _
	data As Byte(), _
	getFullDigestInfo As Boolean _
) As Byte()

Parameters

data
Encoded message for signature
getFullDigestInfo
(optional) If true, extract the full DigestInfo; otherwise just extract the message digest itself

Return Value

Decoded data or an empty array on error

Remarks

Only EMSA-PKCS1-v1_5 is supported in this function.

Rsa.DecodeMsgForEncryption Method

Decode a message for encryption.

Syntax

[C#]
public static byte[] DecodeMsgForEncryption(
	byte[] data,
	Rsa.EME method
)
[VB.NET]
Public Shared Function DecodeMsgForEncryption ( _
	data As Byte(), _
	method As Rsa.EME _
) As Byte()

Parameters

data
Encoded message
method
Type: Rsa.EME
Encoding method used

Return Value

Decoded message

Rsa.DecodeMsgIso9796 Method

Decode a message padded using ISO/IEC 9796-1 formatting.

Syntax

[C#]
public static byte[] DecodeMsgIso9796(
	byte[] data,
	int keyBits
)
[VB.NET]
Public Shared Function DecodeMsgIso9796 ( _
	data As Byte(), _
	keyBits As Integer _
) As Byte()

Parameters

data
encoded message for signature
keyBits
exact length of key in bits

Return Value

Recovered message or an empty array on error

Rsa.Decrypt Method

Decrypt a message encrypted using an RSA encryption scheme.

Syntax

[C#]
public static byte[] Decrypt(
	byte[] data,
	string privateKeyFile,
	string password,
	Rsa.EME method,
	Rsa.HashAlg hashAlg,
	Rsa.AdvOptions advOpts
)
[VB.NET]
Public Shared Function Decrypt ( _
	data As Byte(), _
	privateKeyFile As String, _
	password As String, _
	method As Rsa.EME, _
	hashAlg As Rsa.HashAlg, _
	advOpts As Rsa.AdvOptions _
) As Byte()

Parameters

data
Data to be decrypted (must be exactly the same length as the key modulus size).
privateKeyFile
Name of the private key file, or a string containing the key in PEM format, or a valid internal private key string.
password
Password for encrypted private key, or "" if password is not required.
method
Type: Rsa.EME
Encoding method [optional, default = EME.PKCSv1_5]
hashAlg
Type: Rsa.HashAlg
Hash function for EME-OAEP encoding, otherwise ignored.
advOpts
Type: Rsa.AdvOptions
Advanced options for EME-OEAP only.

Return Value

Decrypted data.

Remarks

For RSA-OAEP you must set the correct options to match the parameters used for the encryption.

Rsa.EncodeDigestForSignature Method

Encode a message digest for signature.

Syntax

[C#]
public static byte[] EncodeDigestForSignature(
	int keyBytes,
	byte[] digest,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function EncodeDigestForSignature ( _
	keyBytes As Integer, _
	digest As Byte(), _
	hashAlg As HashAlgorithm _
) As Byte()

Parameters

keyBytes
Number of bytes in the key
digest
Digest of message
hashAlg
Type: HashAlgorithm
Message digest algorithm used to create digest

Return Value

Encoded block

Remarks

Only EMSA-PKCS1-v1_5 is supported in this function.

Rsa.EncodeMsgForEncryption Method

Encode a message for encryption.

Syntax

[C#]
public static byte[] EncodeMsgForEncryption(
	int keyBytes,
	byte[] message,
	Rsa.EME method
)
[VB.NET]
Public Shared Function EncodeMsgForEncryption ( _
	keyBytes As Integer, _
	message As Byte(), _
	method As Rsa.EME _
) As Byte()

Parameters

keyBytes
Number of bytes in the key
message
Message to be encoded
method
Type: Rsa.EME
Encoding method to use

Return Value

Encoded message block

Rsa.EncodeMsgForSignature Method

Encode a message for signature.

Syntax

[C#]
public static byte[] EncodeMsgForSignature(
	int keyBytes,
	byte[] message,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function EncodeMsgForSignature ( _
	keyBytes As Integer, _
	message As Byte(), _
	hashAlg As HashAlgorithm _
) As Byte()

Parameters

keyBytes
Number of bytes in the key
message
Message to be encoded
hashAlg
Type: HashAlgorithm
Message digest algorithm to use

Return Value

Encoded block

Remarks

Only EMSA-PKCS1-v1_5 is supported in this function. Note we can only ever recover the digest from the encoded block.

Rsa.EncodeMsgIso9796 Method

Encode a message using ISO/IEC 9796-1 formatting.

Syntax

[C#]
public static byte[] EncodeMsgIso9796(
	byte[] message,
	int keyBits
)
[VB.NET]
Public Shared Function EncodeMsgIso9796 ( _
	message As Byte(), _
	keyBits As Integer _
) As Byte()

Parameters

message
message to be encoded
keyBits
exact length of key in bits

Return Value

Padded message block ready for signing or an empty array on error

Remarks

The output block will be the same size as the key rounded up to the next whole byte. The message must be no longer than half the key length.

Rsa.Encrypt Method

Encrypt a short message using RSA encryption.

Syntax

[C#]
public static byte[] Encrypt(
	byte[] data,
	string publicKeyFile,
	Rsa.EME method,
	Rsa.HashAlg hashAlg,
	Rsa.AdvOptions advOpts
)
[VB.NET]
Public Shared Function Encrypt ( _
	data As Byte(), _
	publicKeyFile As String, _
	method As Rsa.EME, _
	hashAlg As Rsa.HashAlg, _
	advOpts As Rsa.AdvOptions _
) As Byte()

Parameters

data
Data to be encrypted
publicKeyFile
Name of the public key file or X.509 certificate, or a string containing the key or certificate in PEM format, or a valid internal public key string.
method
Type: Rsa.EME
Encoding method [optional, default = EME.PKCSv1_5]
hashAlg
Type: Rsa.HashAlg
Hash function for EME-OAEP encoding, otherwise ignored.
advOpts
Type: Rsa.AdvOptions
Advanced options for EME-OEAP only.

Return Value

Encrypted data or an empty array on error.

Rsa.FromXMLString Method (String)

Create an RSA key string in internal format from an XML string.

Syntax

[C#]
public static string FromXMLString(
	string xmlString
)
[VB.NET]
Public Shared Function FromXMLString ( _
	xmlString As String _
) As String

Parameters

xmlString
The XML string to use to reconstruct the RSA key

Return Value

Key string in internal format or empty string on error

Remarks

Creates an internal private key string if the XML contains private key parameters, otherwise an internal public key string.

Rsa.FromXMLString Method (String, Rsa.XmlOptions)

Create an RSA key string in internal format from an XML string with options.

Syntax

[C#]
public static string FromXMLString(
	string xmlString,
	Rsa.XmlOptions options
)
[VB.NET]
Public Shared Function FromXMLString ( _
	xmlString As String, _
	options As Rsa.XmlOptions _
) As String

Parameters

xmlString
The XML string to use to reconstruct the RSA key
options
Type: Rsa.XmlOptions
Option flags: set as zero for defaults.

Return Value

Key string in internal format or empty string on error

Rsa.FromXMLString Method (String, Boolean)

Create an RSA key string in internal format from an XML string with flag to exclude private key details.

Syntax

[C#]
public static string FromXMLString(
	string xmlString,
	bool excludePrivateParams
)
[VB.NET]
Public Shared Function FromXMLString ( _
	xmlString As String, _
	excludePrivateParams As Boolean _
) As String

Parameters

xmlString
The XML string to use to reconstruct the RSA key
excludePrivateParams
Reconstruct public key details only

Return Value

Key string in internal format or empty string on error

Rsa.GetPrivateKeyFromPFX Method

Extract an encrypted private key from a PKCS-12 PKCS8ShroudedKeyBag, saving the output directly as a new file.

Syntax

[C#]
public static int GetPrivateKeyFromPFX(
	string outputFile,
	string pfxFile
)
[VB.NET]
Public Shared Function GetPrivateKeyFromPFX ( _
	outputFile As String, _
	pfxFile As String _
) As Integer

Parameters

outputFile
Name of new file to create
pfxFile
PKCS-12 filename

Return Value

If successful, it returns the number of bytes written to the output file; otherwise it returns a negative error code

Rsa.GetPublicKeyFromCert Method

Read public key from X.509 certificate into internal string format.

Syntax

[C#]
[ObsoleteAttribute("Use Rsa.ReadPublicKey() instead", false)]
public static StringBuilder GetPublicKeyFromCert(
	string certFile
)
[VB.NET]
<ObsoleteAttribute("Use Rsa.ReadPublicKey() instead", False)> _
Public Shared Function GetPublicKeyFromCert ( _
	certFile As String _
) As StringBuilder

Parameters

certFile
Filename of certificate file (or its base64 representation)

Return Value

StringBuilder containing an internal representation of the public key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.

Rsa.KeyBits Method (String)

Return number of significant bits in RSA key modulus.

Syntax

[C#]
public static int KeyBits(
	string strRsaKey
)
[VB.NET]
Public Shared Function KeyBits ( _
	strRsaKey As String _
) As Integer

Parameters

strRsaKey
Internal key string

Return Value

Number of significant bits in key

Rsa.KeyBits Method (StringBuilder)

Return number of significant bits in RSA key modulus.

Syntax

[C#]
public static int KeyBits(
	StringBuilder sbRsaKey
)
[VB.NET]
Public Shared Function KeyBits ( _
	sbRsaKey As StringBuilder _
) As Integer

Parameters

sbRsaKey
Internal key string

Return Value

Number of significant bits in key

Rsa.KeyBytes Method (String)

Return number of bytes (octets) in RSA key modulus.

Syntax

[C#]
public static int KeyBytes(
	string strRsaKey
)
[VB.NET]
Public Shared Function KeyBytes ( _
	strRsaKey As String _
) As Integer

Parameters

strRsaKey
Internal key string

Return Value

Number of bytes in key

Rsa.KeyBytes Method (StringBuilder)

Return number of bytes (octets) in RSA key modulus.

Syntax

[C#]
public static int KeyBytes(
	StringBuilder sbRsaKey
)
[VB.NET]
Public Shared Function KeyBytes ( _
	sbRsaKey As StringBuilder _
) As Integer

Parameters

sbRsaKey
Internal key string

Return Value

Number of bytes in key

Rsa.KeyHashCode Method (String)

Compute the hash code of an "internal" RSA public or private key string.

Syntax

[C#]
public static int KeyHashCode(
	string intKeyString
)
[VB.NET]
Public Shared Function KeyHashCode ( _
	intKeyString As String _
) As Integer

Parameters

intKeyString
Internal key string

Return Value

A 32-bit hash code for the key, or zero on error.

Remarks

Should be the same for a matching private and public key.

Rsa.KeyHashCode Method (StringBuilder)

Compute the hash code of an "internal" RSA public or private key string.

Syntax

[C#]
public static int KeyHashCode(
	StringBuilder sbKeyString
)
[VB.NET]
Public Shared Function KeyHashCode ( _
	sbKeyString As StringBuilder _
) As Integer

Parameters

sbKeyString
Internal key string

Return Value

A 32-bit hash code for the key, or zero on error.

Rsa.KeyMatch Method (String, String)

Verify that a pair of "internal" RSA private and public key strings are matched.

Syntax

[C#]
public static int KeyMatch(
	string privateKey,
	string publicKey
)
[VB.NET]
Public Shared Function KeyMatch ( _
	privateKey As String, _
	publicKey As String _
) As Integer

Parameters

privateKey
Internal RSA private key string
publicKey
Internal RSA public key string

Return Value

0=valid key pair, or negative error code

Rsa.KeyMatch Method (StringBuilder, StringBuilder)

Verify that a pair of "internal" RSA private and public key strings are matched.

Syntax

[C#]
public static int KeyMatch(
	StringBuilder sbPrivateKey,
	StringBuilder sbPublicKey
)
[VB.NET]
Public Shared Function KeyMatch ( _
	sbPrivateKey As StringBuilder, _
	sbPublicKey As StringBuilder _
) As Integer

Parameters

sbPrivateKey
Internal RSA private key string
sbPublicKey
Internal RSA public key string

Return Value

0=valid key pair, or negative error code

Rsa.KeyValue Method

Extract a base64-encoded RSA key value from internal key string

Syntax

[C#]
public static string KeyValue(
	string keyString,
	string fieldName
)
[VB.NET]
Public Shared Function KeyValue ( _
	keyString As String, _
	fieldName As String _
) As String

Parameters

keyString
Public or private key in internal string format
fieldName
Name of field to be extracted: "Modulus" or "Exponent"

Return Value

Value encoded in base64 or an empty string on error

Remarks

The output is a continuous string of base64 characters suitable for a <RSAKeyValue> node in an XML-DSIG document.

Rsa.MakeKeys Method (String, String, Int32, Rsa.PublicExponent, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format, Boolean)

Generate an RSA public/private key pair with extended options for encrypting private key [DEPRECATED].

Syntax

[C#]
[ObsoleteAttribute("Use Rsa.MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean) instead", 
	false)]
public static int MakeKeys(
	string publicKeyFile,
	string privateKeyFile,
	int bits,
	Rsa.PublicExponent exponent,
	int iterCount,
	string password,
	CipherAlgorithm cipherAlg,
	HashAlgorithm hashAlg,
	Rsa.Format fileFormat,
	bool showProgress
)
[VB.NET]
<ObsoleteAttribute("Use Rsa.MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean) instead",  _
	False)> _
Public Shared Function MakeKeys ( _
	publicKeyFile As String, _
	privateKeyFile As String, _
	bits As Integer, _
	exponent As Rsa.PublicExponent, _
	iterCount As Integer, _
	password As String, _
	cipherAlg As CipherAlgorithm, _
	hashAlg As HashAlgorithm, _
	fileFormat As Rsa.Format, _
	showProgress As Boolean _
) As Integer

Parameters

publicKeyFile
Output filename for public key
privateKeyFile
Output filename for (encrypted) private key
bits
Required key modulus size in bits (min 96)
exponent
Type: Rsa.PublicExponent
Exponent (Fermat Prime)
iterCount
Iteration count for encrypted private key
password
Password string for encrypted private key
cipherAlg
Type: CipherAlgorithm
Block cipher to use for encryption scheme [default = des-ede3-cbc]
hashAlg
Type: HashAlgorithm
Hash function to use in PRF HMAC algorithm [default = hmacWithSHA1]
fileFormat
Type: Rsa.Format
Format to save file [default = DER binary]
showProgress
Indicate progress in console

Return Value

Zero if successful or non-zero error code

Remarks

The private key is saved in encrypted PKCS#8 format using the PBES2 encryption scheme from PKCS#5 with key derivation function PBKDF2.

Rsa.MakeKeys Method (String, String, Int32, Rsa.PublicExponent, Int32, String, Rsa.PbeOptions, Boolean, Byte[])

Generate an RSA public/private key pair [DEPRECATED].

Syntax

[C#]
[ObsoleteAttribute("Use Rsa.MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean) instead", 
	false)]
public static int MakeKeys(
	string publicKeyFile,
	string privateKeyFile,
	int bits,
	Rsa.PublicExponent exponent,
	int iterCount,
	string password,
	Rsa.PbeOptions cryptOption,
	bool showProgress,
	byte[] seedBytes
)
[VB.NET]
<ObsoleteAttribute("Use Rsa.MakeKeys(String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean) instead",  _
	False)> _
Public Shared Function MakeKeys ( _
	publicKeyFile As String, _
	privateKeyFile As String, _
	bits As Integer, _
	exponent As Rsa.PublicExponent, _
	iterCount As Integer, _
	password As String, _
	cryptOption As Rsa.PbeOptions, _
	showProgress As Boolean, _
	seedBytes As Byte() _
) As Integer

Parameters

publicKeyFile
Output filename for public key
privateKeyFile
Output filename for (encrypted) private key
bits
Required key modulus size in bits (min 96)
exponent
Type: Rsa.PublicExponent
Exponent (Fermat Prime)
iterCount
Iteration count for encrypted private key
password
Password string for encrypted private key
cryptOption
Type: Rsa.PbeOptions
Option to specify encryption algorithm for private key
showProgress
Indicate progress in console
seedBytes
(optional) User-supplied-entropy in byte format

Return Value

Zero if successful or non-zero error code

Rsa.MakeKeys Method (String, String, String, Int32, Rsa.PublicExponent, Rsa.PbeOptions, String, Rsa.Format, Boolean)

Generate an RSA public/private key pair.

Syntax

[C#]
public static int MakeKeys(
	string publicKeyFile,
	string privateKeyFile,
	string password,
	int bits,
	Rsa.PublicExponent exponent,
	Rsa.PbeOptions pbes,
	string paramString,
	Rsa.Format fileFormat,
	bool showProgress
)
[VB.NET]
Public Shared Function MakeKeys ( _
	publicKeyFile As String, _
	privateKeyFile As String, _
	password As String, _
	bits As Integer, _
	exponent As Rsa.PublicExponent, _
	pbes As Rsa.PbeOptions, _
	paramString As String, _
	fileFormat As Rsa.Format, _
	showProgress As Boolean _
) As Integer

Parameters

publicKeyFile
Output filename for public key
privateKeyFile
Output filename for (encrypted) private key
password
Password for encrypted private key
bits
Required key modulus size in bits (min 96)
exponent
Type: Rsa.PublicExponent
Exponent [default=65537=F4]
pbes
Type: Rsa.PbeOptions
Encryption scheme to encrypt private key [default=pbeWithSHAAnd3-KeyTripleDES-CBC from PKCS#12]
paramString
Optional parameters. A set of attribute name=value pairs separated by a semicolon ";" (see remarks)
fileFormat
Type: Rsa.Format
Format to save file [default = DER binary]
showProgress
Indicate progress in console

Return Value

Zero if successful or non-zero error code

Remarks

Valid name-value pairs for paramString are:

count=integerTo set the iteration count used in the PBKDF2 method, e.g. "count=5000;" [default=2048].
prf=hmac-nameTo change the HMAC algorithm used in the PBKDF2 method, e.g. "prf=hmacwithSHA256;" [default=hmacwithSHA1].
Valid values for hmac-name are {hmacWithSHA1|hmacWithSHA224|hmacWithSHA256|hmacWithSHA384|hmacWithSHA512}.

Rsa.PublicKeyFromPrivate Method

Convert an internal private key string into a public one.

Syntax

[C#]
public static StringBuilder PublicKeyFromPrivate(
	StringBuilder sbKeyString
)
[VB.NET]
Public Shared Function PublicKeyFromPrivate ( _
	sbKeyString As StringBuilder _
) As StringBuilder

Parameters

sbKeyString
StringBuilder containing private key in "internal" format

Return Value

StringBuilder containing an internal representation of the public key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.

Rsa.RawPrivate Method (Byte[], String)

Carry out RSA transformation using private key.

Syntax

[C#]
public static byte[] RawPrivate(
	byte[] data,
	string privateKeyStr
)
[VB.NET]
Public Shared Function RawPrivate ( _
	data As Byte(), _
	privateKeyStr As String _
) As Byte()

Parameters

data
Data (must be same byte length as key modulus)
privateKeyStr
Private key in internal string format

Return Value

Transformed data

Rsa.RawPrivate Method (Byte[], String, Int32)

Carry out RSA transformation using private key (with specialist options).

Syntax

[C#]
public static byte[] RawPrivate(
	byte[] data,
	string privateKeyStr,
	int options
)
[VB.NET]
Public Shared Function RawPrivate ( _
	data As Byte(), _
	privateKeyStr As String, _
	options As Integer _
) As Byte()

Parameters

data
Data (must be same byte length as key modulus)
privateKeyStr
Private key in internal string format
options
Specialist options value

Return Value

Transformed data

Rsa.RawPublic Method (Byte[], String)

Carry out RSA transformation using public key.

Syntax

[C#]
public static byte[] RawPublic(
	byte[] data,
	string publicKeyStr
)
[VB.NET]
Public Shared Function RawPublic ( _
	data As Byte(), _
	publicKeyStr As String _
) As Byte()

Parameters

data
Data (must be same byte length as key modulus)
publicKeyStr
Public key in internal string format

Return Value

Transformed data

Rsa.RawPublic Method (Byte[], String, Int32)

Carry out RSA transformation using public key (with specialist options).

Syntax

[C#]
public static byte[] RawPublic(
	byte[] data,
	string publicKeyStr,
	int options
)
[VB.NET]
Public Shared Function RawPublic ( _
	data As Byte(), _
	publicKeyStr As String, _
	options As Integer _
) As Byte()

Parameters

data
Data (must be same byte length as key modulus)
publicKeyStr
Public key in internal string format
options
Specialist options value

Return Value

Transformed data

Rsa.ReadEncPrivateKey Method

Read encrypted private key file into internal string format.

Syntax

[C#]
[ObsoleteAttribute("Use Rsa.ReadPrivateKey() instead", false)]
public static StringBuilder ReadEncPrivateKey(
	string privateKeyFile,
	string password
)
[VB.NET]
<ObsoleteAttribute("Use Rsa.ReadPrivateKey() instead", False)> _
Public Shared Function ReadEncPrivateKey ( _
	privateKeyFile As String, _
	password As String _
) As StringBuilder

Parameters

privateKeyFile
filename of a binary BER-encoded encrypted private key info file
password
password for key file

Return Value

StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.

Rsa.ReadPrivateKey Method

Read from a file or string containing a private key into an "internal" private key string.

Syntax

[C#]
public static StringBuilder ReadPrivateKey(
	string privateKeyFile,
	string password
)
[VB.NET]
Public Shared Function ReadPrivateKey ( _
	privateKeyFile As String, _
	password As String _
) As StringBuilder

Parameters

privateKeyFile
Name of private key file or a PEM String containing the key
password
Password for private key, if encrypted

Return Value

StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string, to allow secure wiping. Use sb.ToString() to obtain a string.

Rsa.ReadPrivateKeyFromPFX Method

Read a private key directly from an encrypted PFX/PKCS-12 file into an "internal" private key string.

Syntax

[C#]
[ObsoleteAttribute("Use Rsa.ReadPrivateKey() instead", false)]
public static StringBuilder ReadPrivateKeyFromPFX(
	string pfxFile,
	string password
)
[VB.NET]
<ObsoleteAttribute("Use Rsa.ReadPrivateKey() instead", False)> _
Public Shared Function ReadPrivateKeyFromPFX ( _
	pfxFile As String, _
	password As String _
) As StringBuilder

Parameters

pfxFile
PKCS-12 filename
password
Password for PFX file

Return Value

StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.

Rsa.ReadPrivateKeyInfo Method

Read from an (unencrypted) PKCS-8 private key info file into a private key string.

Syntax

[C#]
[ObsoleteAttribute("Use Rsa.ReadPrivateKey() instead", false)]
public static StringBuilder ReadPrivateKeyInfo(
	string prikeyinfoFile
)
[VB.NET]
<ObsoleteAttribute("Use Rsa.ReadPrivateKey() instead", False)> _
Public Shared Function ReadPrivateKeyInfo ( _
	prikeyinfoFile As String _
) As StringBuilder

Parameters

prikeyinfoFile
Name of file

Return Value

StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.

Rsa.ReadPublicKey Method

Read from a file or string containing a public key into an "internal" public key string.

Syntax

[C#]
public static StringBuilder ReadPublicKey(
	string certOrPublicKeyFile
)
[VB.NET]
Public Shared Function ReadPublicKey ( _
	certOrPublicKeyFile As String _
) As StringBuilder

Parameters

certOrPublicKeyFile
Name of X.509 certificate or public key file or a PEM String containing the key

Return Value

StringBuilder containing an internal representation of the public key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.

Rsa.SaveEncKey Method

Save an internal RSA key string to an encrypted key file.

Syntax

[C#]
public static int SaveEncKey(
	string outputFile,
	string privateKey,
	string password,
	Rsa.PbeOptions pbeOption,
	string paramString,
	Rsa.Format format
)
[VB.NET]
Public Shared Function SaveEncKey ( _
	outputFile As String, _
	privateKey As String, _
	password As String, _
	pbeOption As Rsa.PbeOptions, _
	paramString As String, _
	format As Rsa.Format _
) As Integer

Parameters

outputFile
Name of output file to be created
privateKey
The private RSA key as an internal key string.
password
Password to be used for the encrypted key file.
pbeOption
Type: Rsa.PbeOptions
Encryption scheme to encrypt private key [default = pbeWithSHAAnd3-KeyTripleDES-CBC from PKCS#12]
paramString
Optional parameters. A set of attribute name=value pairs separated by a semicolon ";" (see remarks).
format
Type: Rsa.Format
File format

Return Value

If successful, the return value is zero; otherwise it returns a nonzero error code

Remarks

Valid name-value pairs for paramString are:

count=integerTo set the iteration count used in the PBKDF2 method, e.g. "count=5000;" [default=2048].
prf=hmac-nameTo change the HMAC algorithm used in the PBKDF2 method, e.g. "prf=hmacwithSHA256;" [default=hmacwithSHA1].
Valid values for hmac-name are {hmacWithSHA1|hmacWithSHA224|hmacWithSHA256|hmacWithSHA384|hmacWithSHA512}.

Rsa.SaveEncPrivateKey Method (String, String, Int32, String, CipherAlgorithm, HashAlgorithm, Rsa.Format)

Save a private key string to a PKCS-8 EncryptedPrivateKeyInfo file using PBES2 algorithm [DEPRECATED].

Syntax

[C#]
public static int SaveEncPrivateKey(
	string outputFile,
	string privateKey,
	int iterationCount,
	string password,
	CipherAlgorithm cipherAlg,
	HashAlgorithm hashAlg,
	Rsa.Format format
)
[VB.NET]
Public Shared Function SaveEncPrivateKey ( _
	outputFile As String, _
	privateKey As String, _
	iterationCount As Integer, _
	password As String, _
	cipherAlg As CipherAlgorithm, _
	hashAlg As HashAlgorithm, _
	format As Rsa.Format _
) As Integer

Parameters

outputFile
Name of file to create
privateKey
Private key in internal format
iterationCount
Iteration count to be used when encrypting file
password
Password string
cipherAlg
Type: CipherAlgorithm
Block cipher to use for encryption scheme [default = des-ede3-cbc]
hashAlg
Type: HashAlgorithm
Hash function to use in PRF HMAC algorithm [default = hmacWithSHA1]
format
Type: Rsa.Format
File format

Return Value

If successful, the return value is zero; otherwise it returns a nonzero error code

Rsa.SaveEncPrivateKey Method (String, String, Int32, String, Rsa.PbeOptions, Rsa.Format)

Save a private key string to a PKCS-8 EncryptedPrivateKeyInfo file [DEPRECATED].

Syntax

[C#]
public static int SaveEncPrivateKey(
	string outputFile,
	string privateKey,
	int iterationCount,
	string password,
	Rsa.PbeOptions pbeOption,
	Rsa.Format format
)
[VB.NET]
Public Shared Function SaveEncPrivateKey ( _
	outputFile As String, _
	privateKey As String, _
	iterationCount As Integer, _
	password As String, _
	pbeOption As Rsa.PbeOptions, _
	format As Rsa.Format _
) As Integer

Parameters

outputFile
Name of file to create
privateKey
Private key in internal format
iterationCount
Iteration count to be used when encrypting file
password
Password string
pbeOption
Type: Rsa.PbeOptions
Type of password-based encryption to use [default = pbeWithSHAAnd3-KeyTripleDES-CBC]
format
Type: Rsa.Format
File format

Return Value

If successful, the return value is zero; otherwise it returns a nonzero error code

Rsa.SavePrivateKeyInfo Method

Save a private key string to an (unencrypted) PKCS-8 private key info file.

Syntax

[C#]
public static int SavePrivateKeyInfo(
	string outputFile,
	string privateKey,
	Rsa.Format format
)
[VB.NET]
Public Shared Function SavePrivateKeyInfo ( _
	outputFile As String, _
	privateKey As String, _
	format As Rsa.Format _
) As Integer

Parameters

outputFile
Name of file to create
privateKey
Private key in internal format
format
Type: Rsa.Format
File format

Return Value

If successful, the return value is zero; otherwise it returns a nonzero error code

Remarks

Do not use for a production key.

Rsa.SavePublicKey Method

Save a public key string to PKCS-1 public key file.

Syntax

[C#]
public static int SavePublicKey(
	string outputFile,
	string publicKey,
	Rsa.Format format
)
[VB.NET]
Public Shared Function SavePublicKey ( _
	outputFile As String, _
	publicKey As String, _
	format As Rsa.Format _
) As Integer

Parameters

outputFile
Name of file to create
publicKey
Public key in internal format
format
Type: Rsa.Format
File format

Return Value

If successful, the return value is zero; otherwise it returns a nonzero error code

Rsa.ToXMLString Method (String, Rsa.XmlOptions)

Create an XML string representation of an RSA internal key string.

Syntax

[C#]
public static string ToXMLString(
	string intKeyString,
	Rsa.XmlOptions options
)
[VB.NET]
Public Shared Function ToXMLString ( _
	intKeyString As String, _
	options As Rsa.XmlOptions _
) As String

Parameters

intKeyString
Internal key string
options
Type: Rsa.XmlOptions
Option flags: set as zero for defaults.

Return Value

XML string or empty string on error

Rsa.ToXMLString Method (String, String, Rsa.XmlOptions)

Create an XML string representation of an RSA internal key string with option to add a namespace prefix.

Syntax

[C#]
public static string ToXMLString(
	string intKeyString,
	string prefix,
	Rsa.XmlOptions options
)
[VB.NET]
Public Shared Function ToXMLString ( _
	intKeyString As String, _
	prefix As String, _
	options As Rsa.XmlOptions _
) As String

Parameters

intKeyString
Internal key string
prefix
Prefix to add to elements, e.g. "ds" or "ds:".
options
Type: Rsa.XmlOptions
Option flags: set as zero for defaults.

Return Value

XML string or empty string on error

Remarks

Use this extended function to add a namespace prefix to all elements in the XML output; for example, <ds:RSAKeyValue>. Note that it's up to the user to map the prefix to a URI somewhere in the final XML document.

Sig.GetHashAlgFromSigAlg Method

Get the hash algorithm used in the signature algorithm.

Syntax

[C#]
public static HashAlgorithm GetHashAlgFromSigAlg(
	SigAlgorithm sigAlg
)
[VB.NET]
Public Shared Function GetHashAlgFromSigAlg ( _
	sigAlg As SigAlgorithm _
) As HashAlgorithm

Parameters

sigAlg
Type: SigAlgorithm
Signature algorithm

Return Value

Hash algorithm used in sigAlg

Sig.SignData Method

Compute a signature value over data in a byte array.

Syntax

[C#]
public static string SignData(
	byte[] data,
	string privateKeyFile,
	string password,
	SigAlgorithm sigAlg,
	Sig.SigOptions sigOpts,
	Sig.Encoding sigEncoding
)
[VB.NET]
Public Shared Function SignData ( _
	data As Byte(), _
	privateKeyFile As String, _
	password As String, _
	sigAlg As SigAlgorithm, _
	sigOpts As Sig.SigOptions, _
	sigEncoding As Sig.Encoding _
) As String

Parameters

data
input data to be signed
privateKeyFile
Name of private key file (or a string containing the key in PEM format, or an internal private key)
password
Password for the private key, if encrypted
sigAlg
Type: SigAlgorithm
Signature algorithm to be used
sigOpts
Type: Sig.SigOptions
(optional) Options for ECDSA and RSA-PSS signatures
sigEncoding
Type: Sig.Encoding
Optional encodings for output [default=base64]

Return Value

The encoded signature, or an empty string on error

Sig.SignDigest Method

Compute a signature value over a message digest value.

Syntax

[C#]
public static string SignDigest(
	byte[] digest,
	string privateKeyFile,
	string password,
	SigAlgorithm sigAlg,
	Sig.SigOptions sigOpts,
	Sig.Encoding sigEncoding
)
[VB.NET]
Public Shared Function SignDigest ( _
	digest As Byte(), _
	privateKeyFile As String, _
	password As String, _
	sigAlg As SigAlgorithm, _
	sigOpts As Sig.SigOptions, _
	sigEncoding As Sig.Encoding _
) As String

Parameters

digest
digest value in a byte array
privateKeyFile
Name of private key file (or a string containing the key in PEM format, or an internal private key)
password
Password for the private key, if encrypted
sigAlg
Type: SigAlgorithm
Signature algorithm to be used
sigOpts
Type: Sig.SigOptions
(optional) Options for ECDSA and RSA-PSS signatures
sigEncoding
Type: Sig.Encoding
Optional encodings for output [default=base64]

Return Value

The encoded signature, or an empty string on error

Sig.SignFile Method

Compute a signature value over binary data in a file.

Syntax

[C#]
public static string SignFile(
	string dataFile,
	string privateKeyFile,
	string password,
	SigAlgorithm sigAlg,
	Sig.SigOptions sigOpts,
	Sig.Encoding sigEncoding
)
[VB.NET]
Public Shared Function SignFile ( _
	dataFile As String, _
	privateKeyFile As String, _
	password As String, _
	sigAlg As SigAlgorithm, _
	sigOpts As Sig.SigOptions, _
	sigEncoding As Sig.Encoding _
) As String

Parameters

dataFile
Name of input file containing data to be signed
privateKeyFile
Name of private key file (or a string containing the key in PEM format, or an internal private key)
password
Password for the private key, if encrypted
sigAlg
Type: SigAlgorithm
Signature algorithm to be used
sigOpts
Type: Sig.SigOptions
(optional) Options for ECDSA and RSA-PSS signatures
sigEncoding
Type: Sig.Encoding
Optional encodings for output [default=base64]

Return Value

The encoded signature, or an empty string on error

Sig.VerifyData Method

Verify a signature value over data in a byte array.

Syntax

[C#]
public static int VerifyData(
	string sigStr,
	byte[] data,
	string certOrKeyFile,
	SigAlgorithm sigAlg,
	Sig.VerifyOpts opts
)
[VB.NET]
Public Shared Function VerifyData ( _
	sigStr As String, _
	data As Byte(), _
	certOrKeyFile As String, _
	sigAlg As SigAlgorithm, _
	opts As Sig.VerifyOpts _
) As Integer

Parameters

sigStr
Encoded signature value
data
Input data to be verified
certOrKeyFile
The X.509 certificate or public key file name (or a string containing the certificate or key in PEM format or base64 representation, or an internal key string).
sigAlg
Type: SigAlgorithm
Signature algorithm used to create signature.
opts
Type: Sig.VerifyOpts
(optional) Advanced options for RSA-PSS only.

Return Value

Zero (0) if the signature is valid; otherwise a negative error code.

Remarks

Any valid encodings of the signature value are detected automatically.

Sig.VerifyDigest Method

Verify a signature value over a message digest value of data.

Syntax

[C#]
public static int VerifyDigest(
	string sigStr,
	byte[] digest,
	string certOrKeyFile,
	SigAlgorithm sigAlg,
	Sig.VerifyOpts opts
)
[VB.NET]
Public Shared Function VerifyDigest ( _
	sigStr As String, _
	digest As Byte(), _
	certOrKeyFile As String, _
	sigAlg As SigAlgorithm, _
	opts As Sig.VerifyOpts _
) As Integer

Parameters

sigStr
Containing the encoded signature value
digest
Byte array containing the message digest value of the data to be verified
certOrKeyFile
Specifying the X.509 certificate or public key file name (or a string containing the certificate or key in PEM format or base64 representation, or an internal key string).
sigAlg
Type: SigAlgorithm
Signature algorithm used to create signature.
opts
Type: Sig.VerifyOpts
Advanced options for RSA-PSS only (optional)

Return Value

Zero (0) if the signature is valid; otherwise a negative error code.

Remarks

Any valid encodings of the signature value are detected automatically.

Sig.VerifyFile Method

Verify a signature value over data in a file.

Syntax

[C#]
public static int VerifyFile(
	string sigStr,
	string dataFile,
	string certOrKeyFile,
	SigAlgorithm sigAlg,
	Sig.VerifyOpts opts
)
[VB.NET]
Public Shared Function VerifyFile ( _
	sigStr As String, _
	dataFile As String, _
	certOrKeyFile As String, _
	sigAlg As SigAlgorithm, _
	opts As Sig.VerifyOpts _
) As Integer

Parameters

sigStr
Containing the encoded signature value
dataFile
Name of file containing data to be verified
certOrKeyFile
Specifying the X.509 certificate or public key file name (or a string containing the certificate or key in PEM format or base64 representation, or an internal key string).
sigAlg
Type: SigAlgorithm
Signature algorithm used to create signature.
opts
Type: Sig.VerifyOpts
Advanced options for RSA-PSS only (optional)

Return Value

Zero (0) if the signature is valid; otherwise a negative error code.

Remarks

Any valid encodings of the signature value are detected automatically.

Smime.Extract Method

Extract the body from an S/MIME entity.

Syntax

[C#]
public static int Extract(
	string outputFile,
	string inputFile,
	Smime.Options opts
)
[VB.NET]
Public Shared Function Extract ( _
	outputFile As String, _
	inputFile As String, _
	opts As Smime.Options _
) As Integer

Parameters

outputFile
Name of output file to be created
inputFile
Name of input file containing S/MIME entity
opts
Type: Smime.Options
Options

Return Value

A positive number giving the size of the output file in bytes; otherwise it returns an error code

Remarks

This is designed to extract the body from an S/MIME entity with a content type of application/pkcs7-mime with base64 or binary transfer encoding. In practice, it will extract the body from almost any type of S/MIME (or MIME) file, except one with quoted-printable transfer encoding. By default the output is encoded in binary. Use the EncodeBase64 option to encode the output in base64.

Smime.Query Method

Query an S/MIME entity for selected information.

Syntax

[C#]
public static string Query(
	string inputFile,
	string query
)
[VB.NET]
Public Shared Function Query ( _
	inputFile As String, _
	query As String _
) As String

Parameters

inputFile
Name of file containing S/MIME entity
query
Query string (case insensitive)

Return Value

String containing the result or an empty string if not found or error.

Remarks

Valid queries are:

"content-type" Value of Content-Type, e.g. "application/pkcs7-mime".
"smime-type" Value of smime-type parameter of Content-Type, e.g. , e.g. "enveloped-data".
"encoding" Value of Content-Transfer-Encoding, e.g. "base64".
"name" Value of name parameter of Content-Type, e.g. "smime.p7m"
"filename" Value of filename parameter of Content-Disposition, e.g. "smime.p7m".

Smime.Wrap Method

Wrap a CMS object in an S/MIME entity.

Syntax

[C#]
public static int Wrap(
	string outputFile,
	string inputFile,
	Smime.Options opts
)
[VB.NET]
Public Shared Function Wrap ( _
	outputFile As String, _
	inputFile As String, _
	opts As Smime.Options _
) As Integer

Parameters

outputFile
Output file to be created
inputFile
Input file containing CMS object
opts
Type: Smime.Options
Options

Return Value

A positive number giving the size of the output file in bytes; otherwise it returns an error code

Remarks

The input file is expected to be a binary CMS object of type enveloped-data, signed-data or compressed-data; otherwise it is an error. The type of input file is detected automatically. By default the body is encoded in base64 encoding. Use the EncodeBinary option to encode the body in binary.

Tdea.Decrypt Method (Byte[], Byte[], Mode, Byte[])

Decrypt data in byte array.

Syntax

[C#]
public static byte[] Decrypt(
	byte[] input,
	byte[] key,
	Mode mode,
	byte[] iv
)
[VB.NET]
Public Shared Function Decrypt ( _
	input As Byte(), _
	key As Byte(), _
	mode As Mode, _
	iv As Byte() _
) As Byte()

Parameters

input
Input data
key
Key of exactly 24 bytes (192 bits)
mode
Type: Mode
Cipher Mode
iv
IV of exactly 8 bytes or null for ECB mode

Return Value

Decrypted data in byte array or empty array on error

Remarks

For ECB and CBC modes, input data length must be an exact multiple of the block length

Tdea.Decrypt Method (String, String, Mode, String)

Decrypt hex-encoded data string.

Syntax

[C#]
public static string Decrypt(
	string inputHex,
	string keyHex,
	Mode mode,
	string ivHex
)
[VB.NET]
Public Shared Function Decrypt ( _
	inputHex As String, _
	keyHex As String, _
	mode As Mode, _
	ivHex As String _
) As String

Parameters

inputHex
Hex-encoded input data
keyHex
Hex-encoded key representing exactly 24 bytes (192 bits)
mode
Type: Mode
Cipher Mode
ivHex
Hex-encoded IV representing exactly 8 bytes or "" for ECB mode

Return Value

Decrypted data in hex-encoded string or empty string on error

Remarks

For ECB and CBC modes, the length of the decoded input bytes must be an exact multiple of the block length

Tdea.Decrypt Method (String, String, Mode, String, EncodingBase)

Decrypt encoded data string.

Syntax

[C#]
public static string Decrypt(
	string inputStr,
	string keyStr,
	Mode mode,
	string ivStr,
	EncodingBase encodingBase
)
[VB.NET]
Public Shared Function Decrypt ( _
	inputStr As String, _
	keyStr As String, _
	mode As Mode, _
	ivStr As String, _
	encodingBase As EncodingBase _
) As String

Parameters

inputStr
Encoded input data
keyStr
Encoded key representing exactly 24 bytes (192 bits)
mode
Type: Mode
Cipher Mode
ivStr
Encoded IV representing exactly 8 bytes or "" for ECB mode
encodingBase
Type: EncodingBase
Type of encoding used

Return Value

Decrypted data in encoded string or empty string on error

Remarks

For ECB and CBC modes, the length of the decoded input bytes must be an exact multiple of the block length

Tdea.Encrypt Method (Byte[], Byte[], Mode, Byte[])

Encrypt data in byte array.

Syntax

[C#]
public static byte[] Encrypt(
	byte[] input,
	byte[] key,
	Mode mode,
	byte[] iv
)
[VB.NET]
Public Shared Function Encrypt ( _
	input As Byte(), _
	key As Byte(), _
	mode As Mode, _
	iv As Byte() _
) As Byte()

Parameters

input
Input data
key
Key of exactly 24 bytes (192 bits)
mode
Type: Mode
Cipher Mode
iv
IV of exactly 8 bytes or null for ECB mode

Return Value

Ciphertext in byte array or empty array on error

Remarks

For ECB and CBC modes, input data length must be an exact multiple of the block length

Tdea.Encrypt Method (String, String, Mode, String)

Encrypt hex-encoded data string.

Syntax

[C#]
public static string Encrypt(
	string inputHex,
	string keyHex,
	Mode mode,
	string ivHex
)
[VB.NET]
Public Shared Function Encrypt ( _
	inputHex As String, _
	keyHex As String, _
	mode As Mode, _
	ivHex As String _
) As String

Parameters

inputHex
Hex-encoded input data
keyHex
Hex-encoded key representing exactly 24 bytes (192 bits)
mode
Type: Mode
Cipher Mode
ivHex
Hex-encoded IV representing exactly 8 bytes or "" for ECB mode

Return Value

Ciphertext in hex-encoded string or empty string on error

Remarks

For ECB and CBC modes, the length of the decoded input bytes must be an exact multiple of the block length

Tdea.Encrypt Method (String, String, Mode, String, EncodingBase)

Encrypt encoded data string.

Syntax

[C#]
public static string Encrypt(
	string inputStr,
	string keyStr,
	Mode mode,
	string ivStr,
	EncodingBase encodingBase
)
[VB.NET]
Public Shared Function Encrypt ( _
	inputStr As String, _
	keyStr As String, _
	mode As Mode, _
	ivStr As String, _
	encodingBase As EncodingBase _
) As String

Parameters

inputStr
Encoded input data
keyStr
Encoded key representing exactly 24 bytes (192 bits)
mode
Type: Mode
Cipher Mode
ivStr
Encoded IV representing exactly 8 bytes or "" for ECB mode
encodingBase
Type: EncodingBase
Type of encoding used

Return Value

Ciphertext in hex-encoded string or empty string on error

Remarks

For ECB and CBC modes, the length of the decoded input bytes must be an exact multiple of the block length

Tdea.FileDecrypt Method (String, String, Byte[], Mode, Byte[])

Decrypt a file.

Syntax

[C#]
public static int FileDecrypt(
	string fileOut,
	string fileIn,
	byte[] key,
	Mode mode,
	byte[] iv
)
[VB.NET]
Public Shared Function FileDecrypt ( _
	fileOut As String, _
	fileIn As String, _
	key As Byte(), _
	mode As Mode, _
	iv As Byte() _
) As Integer

Parameters

fileOut
Name of output file to be created or overwritten
fileIn
Name of input file
key
Key of exactly 8 bytes (64 bits)
mode
Type: Mode
Cipher Mode
iv
IV of exactly 8 bytes or null for ECB mode

Return Value

0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same

Tdea.FileDecrypt Method (String, String, String, Mode, String)

Decrypt a file passing key and IV as hex strings.

Syntax

[C#]
public static int FileDecrypt(
	string fileOut,
	string fileIn,
	string keyHex,
	Mode mode,
	string ivHex
)
[VB.NET]
Public Shared Function FileDecrypt ( _
	fileOut As String, _
	fileIn As String, _
	keyHex As String, _
	mode As Mode, _
	ivHex As String _
) As Integer

Parameters

fileOut
Name of output file to be created or overwritten
fileIn
Name of input file
keyHex
Hex-encoded key of exact length
mode
Type: Mode
Cipher Mode
ivHex
Hex-encoded IV or "" for ECB mode

Return Value

0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same. The output file is in binary format.

Tdea.FileEncrypt Method (String, String, Byte[], Mode, Byte[])

Encrypt a file.

Syntax

[C#]
public static int FileEncrypt(
	string fileOut,
	string fileIn,
	byte[] key,
	Mode mode,
	byte[] iv
)
[VB.NET]
Public Shared Function FileEncrypt ( _
	fileOut As String, _
	fileIn As String, _
	key As Byte(), _
	mode As Mode, _
	iv As Byte() _
) As Integer

Parameters

fileOut
Name of output file to be created or overwritten
fileIn
Name of input file
key
Key of exactly 24 bytes (192 bits)
mode
Type: Mode
Cipher Mode
iv
IV of exactly 8 bytes or null for ECB mode

Return Value

0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same

Tdea.FileEncrypt Method (String, String, String, Mode, String)

Encrypt a file passing key and IV as hex strings.

Syntax

[C#]
public static int FileEncrypt(
	string fileOut,
	string fileIn,
	string keyHex,
	Mode mode,
	string ivHex
)
[VB.NET]
Public Shared Function FileEncrypt ( _
	fileOut As String, _
	fileIn As String, _
	keyHex As String, _
	mode As Mode, _
	ivHex As String _
) As Integer

Parameters

fileOut
Name of output file to be created or overwritten
fileIn
Name of input file
keyHex
Hex-encoded key of exact length
mode
Type: Mode
Cipher Mode
ivHex
Hex-encoded IV or "" for ECB mode

Return Value

0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same. The output file is in binary format.

Wipe.Data Method

Zeroise data in memory.

Syntax

[C#]
public static bool Data(
	byte[] data
)
[VB.NET]
Public Shared Function Data ( _
	data As Byte() _
) As Boolean

Parameters

data
data to be wiped

Return Value

true if successful; false if fails

Wipe.File Method

Securely wipe and delete a file with options.

Syntax

[C#]
public static bool File(
	string fileName,
	Wipe.Options opts
)
[VB.NET]
Public Shared Function File ( _
	fileName As String, _
	opts As Wipe.Options _
) As Boolean

Parameters

fileName
Name of file to be wiped
opts
Type: Wipe.Options
Options (optional, default = DOD 7-pass)

Return Value

true if successful; false if fails

Wipe.String Method

Zeroise a StringBuilder.

Syntax

[C#]
public static bool String(
	StringBuilder sb
)
[VB.NET]
Public Shared Function String ( _
	sb As StringBuilder _
) As Boolean

Parameters

sb
StringBuilder to be wiped

Return Value

true if successful; false if fails

Remarks

NB You can't wipe an ordinary string as they are immutable in C#, so store any sensitive string data in a StringBuilder.

X509.CertExpiresOn Method

Return date and time certificate expires.

Syntax

[C#]
public static string CertExpiresOn(
	string certFile
)
[VB.NET]
Public Shared Function CertExpiresOn ( _
	certFile As String _
) As String

Parameters

certFile
Filename of certificate file (or its base64 representation)

Return Value

Date and time in ISO format or Empty string if error

X509.CertIssuedOn Method

Return date and time certificate was issued.

Syntax

[C#]
public static string CertIssuedOn(
	string certFile
)
[VB.NET]
Public Shared Function CertIssuedOn ( _
	certFile As String _
) As String

Parameters

certFile
Filename of certificate file (or its base64 representation)

Return Value

Date and time in ISO format or Empty string if error

X509.CertIssuerName Method

Get the issuer name of an X.509 certificate.

Syntax

[C#]
public static string CertIssuerName(
	string certFile,
	string delimiter
)
[VB.NET]
Public Shared Function CertIssuerName ( _
	certFile As String, _
	delimiter As String _
) As String

Parameters

certFile
Filename of certificate file (or its base64 representation)
delimiter
Optional character for delimiter [default = semicolon ";"]

Return Value

Issuer name or Empty string if error

Remarks

Use X509.QueryCert with query "issuerName" for more output options.

X509.CertIsValidNow Method

Verify that an X.509 certificate is currently valid as per system clock.

Syntax

[C#]
public static bool CertIsValidNow(
	string certFile
)
[VB.NET]
Public Shared Function CertIsValidNow ( _
	certFile As String _
) As Boolean

Parameters

certFile
Filename of certificate file (or its base64 representation)

Return Value

True if certificate is currently valid, otherwise false

X509.CertRequest Method

Create a PKCS #10 certificate signing request (CSR).

Syntax

[C#]
public static int CertRequest(
	string reqFile,
	string privateKeyFile,
	string distName,
	string extensions,
	string password,
	SigAlgorithm sigAlg,
	X509.CsrOptions opts
)
[VB.NET]
Public Shared Function CertRequest ( _
	reqFile As String, _
	privateKeyFile As String, _
	distName As String, _
	extensions As String, _
	password As String, _
	sigAlg As SigAlgorithm, _
	opts As X509.CsrOptions _
) As Integer

Parameters

reqFile
Name of Certificate Signing Request file to be created
privateKeyFile
Name of subject's encrypted private key file
distName
Specifying the subject's distinguished name as a set of attribute key=value pairs separated with semi-colons (;). See Specifying Distinguished Names
extensions
A list of attribute-value pairs to be included in an extensionRequest field. See X.509 Extensions
password
password for Subject's encrypted private key file
sigAlg
Type: SigAlgorithm
Signature algorithm (must match key type)
opts
Type: X509.CsrOptions
Option flags: set as zero for defaults.

Return Value

Zero if successful or a non-zero error code

Remarks

An ECC key must use an ECDSA signature algorithm, and an RSA key must use an RSA signature algorithm.

X509.CertSerialNumber Method

Return serial number in hex format.

Syntax

[C#]
public static string CertSerialNumber(
	string certFile
)
[VB.NET]
Public Shared Function CertSerialNumber ( _
	certFile As String _
) As String

Parameters

certFile
Filename of certificate file (or its base64 representation)

Return Value

Serial number in hex format or Empty string if error

X509.CertSubjectName Method

Get the subject name of an X.509 certificate.

Syntax

[C#]
public static string CertSubjectName(
	string certFile,
	string delimiter
)
[VB.NET]
Public Shared Function CertSubjectName ( _
	certFile As String, _
	delimiter As String _
) As String

Parameters

certFile
Filename of certificate file (or its base64 representation)
delimiter
Optional character for delimiter [default = semicolon ";"]

Return Value

Subject name or Empty string if error

Remarks

Use X509.QueryCert with query "subjectName" for more output options.

X509.CertThumb Method

Calculate the thumbprint (message digest hash) of an X.509 certificate.

Syntax

[C#]
public static string CertThumb(
	string certFile,
	HashAlgorithm hashAlg
)
[VB.NET]
Public Shared Function CertThumb ( _
	certFile As String, _
	hashAlg As HashAlgorithm _
) As String

Parameters

certFile
Filename of certificate file (or its base64 representation)
hashAlg
Type: HashAlgorithm
HashAlgorithm

Return Value

String containing the message digest in hexadecimal format

X509.CheckCertInCRL Method

Check whether an X.509 certificate has been revoked in a Certificate Revocation List (CRL).

Syntax

[C#]
public static int CheckCertInCRL(
	string certFile,
	string crlFile,
	string issuerCert,
	string dateStr
)
[VB.NET]
Public Shared Function CheckCertInCRL ( _
	certFile As String, _
	crlFile As String, _
	issuerCert As String, _
	dateStr As String _
) As Integer

Parameters

certFile
name of X.509 certificate to be checked (or base64 representation)
crlFile
name of CRL file
issuerCert
(optional) with name of X.509 certificate file for the entity that issued the CRL (or base64 representation)
dateStr
(optional) with date in ISO format (yyyy-mm-dd[Thh[:nn:ss]][Z]) on or after you wish to check for revocation. Leave empty "" for any date. The time must be in GMT (UTC, Zulu time)

Return Value

Zero if the certificate is NOT in the CRL; X509.Revoked (REVOCATION_ERROR +42) if the certificate has been revoked; otherwise a nonzero error code.

Remarks

The optional dateStr parameter allows you check whether a certificate was revoked only after the given date-time, which must be GMT (UTC). If the optional issuerCert is specified, the signature of the CRL will be checked against the key in the issuer's certificate and a SIGNATURE_ERROR will result if the signature is invalid.

X509.GetCertCountInP7Chain Method

Return number of certificates in a PKCS-7 "certs-only" certificate chain file.

Syntax

[C#]
public static int GetCertCountInP7Chain(
	string inputFile
)
[VB.NET]
Public Shared Function GetCertCountInP7Chain ( _
	inputFile As String _
) As Integer

Parameters

inputFile
Name of the PKCS-7 "certs-only" file, or a string containing its PEM textual representation.

Return Value

Number of X.509 certificates found or a negative error code.

X509.GetCertFromP7Chain Method

Extract an X.509 certificate from a PKCS-7 "certs-only" certificate chain file, saving the output directly as a new file.

Syntax

[C#]
public static int GetCertFromP7Chain(
	string outputFile,
	string inputFile,
	int index
)
[VB.NET]
Public Shared Function GetCertFromP7Chain ( _
	outputFile As String, _
	inputFile As String, _
	index As Integer _
) As Integer

Parameters

outputFile
Name of output file to be created
inputFile
Name of the PKCS-7 "certs-only" file, or a string containing its PEM textual representation.
index
specifying which certificate (1,2,...) in the chain to extract.

Return Value

If successful and index is greater than zero, it returns the number of bytes written to the output file, which may be zero if no certificate could be found at the given index. If an error occurred, it returns a negative error code.

Remarks

[New in v12.2] To find the number of certificates in the chain, use GetCertCountInP7Chain. The old (deprecated) way to find the count of certificates was to set index to zero.

X509.GetCertFromPFX Method

Extract an X.509 certificate from a PKCS-12 PFX/.p12 file, saving the output directly as a new file.

Syntax

[C#]
public static int GetCertFromPFX(
	string outputFile,
	string inputFile,
	string password
)
[VB.NET]
Public Shared Function GetCertFromPFX ( _
	outputFile As String, _
	inputFile As String, _
	password As String _
) As Integer

Parameters

outputFile
Name of output file to be created
inputFile
Name of the PKCS-12 file, or a string containing its PEM textual representation.
password
Password or "" if not encrypted (default="")

Return Value

If successful, it returns the number of bytes written to the output file; otherwise it returns a negative error code

Remarks

Only supports weak 40-bit RC2 encryption for the certificate.

X509.GetP7ChainFromPFX Method

Extract all X.509 certificates from a PKCS-12 PFX/.p12 file, saving the output directly as a new PKCS-7 "certs-only" certificate chain file.

Syntax

[C#]
public static int GetP7ChainFromPFX(
	string outputFile,
	string inputFile,
	string password
)
[VB.NET]
Public Shared Function GetP7ChainFromPFX ( _
	outputFile As String, _
	inputFile As String, _
	password As String _
) As Integer

Parameters

outputFile
Name of output file to be created
inputFile
Name of the PKCS-12 file, or a string containing its PEM textual representation.
password
Password or "" if not encrypted

Return Value

If successful, it returns the number of bytes written to the output file; otherwise it returns a negative error code

Remarks

Only supports weak 40-bit RC2 encryption for the certificate.

X509.HashIssuerAndSN Method

Create a message digest of the Issuer's name and the cert serial number.

Syntax

[C#]
public static string HashIssuerAndSN(
	string certFile,
	HashAlgorithm algorithm
)
[VB.NET]
Public Shared Function HashIssuerAndSN ( _
	certFile As String, _
	algorithm As HashAlgorithm _
) As String

Parameters

certFile
Filename of certificate file (or its base64 representation)
algorithm
Type: HashAlgorithm
Hash algorithm to use [default = SHA-1]

Return Value

Message digest in hex format or Empty string if error

Remarks

This (should) give a unique identifier for any certificate

X509.KeyUsageFlags Method

Returns a bitfield containing the keyUsage flags.

Syntax

[C#]
public static int KeyUsageFlags(
	string certFile
)
[VB.NET]
Public Shared Function KeyUsageFlags ( _
	certFile As String _
) As Integer

Parameters

certFile
Filename of certificate file (or its base64 representation)

Return Value

If successful, it returns a positive integer containing the keyUsage flags; or 0 if no keyUsage flags are set; otherwise it returns a negative error code

Remarks

See X509.KeyUsageOptions.

X509.MakeCert Method

Create a new X.509 certificate using subject's public key and issuer's private key files with signature options.

Syntax

[C#]
public static int MakeCert(
	string certFile,
	string issuerCert,
	string subjectPubKeyFile,
	string issuerPriKeyFile,
	int certNum,
	int yearsValid,
	string distName,
	string extensions,
	X509.KeyUsageOptions keyUsageOptions,
	string password,
	SigAlgorithm sigAlg,
	X509.CertOptions options
)
[VB.NET]
Public Shared Function MakeCert ( _
	certFile As String, _
	issuerCert As String, _
	subjectPubKeyFile As String, _
	issuerPriKeyFile As String, _
	certNum As Integer, _
	yearsValid As Integer, _
	distName As String, _
	extensions As String, _
	keyUsageOptions As X509.KeyUsageOptions, _
	password As String, _
	sigAlg As SigAlgorithm, _
	options As X509.CertOptions _
) As Integer

Parameters

certFile
Name of file to be created
issuerCert
Name of issuer's certificate file
subjectPubKeyFile
File containing subjects public key data
issuerPriKeyFile
File containing issuer's private key data
certNum
Issue number for new certificate
yearsValid
How many years to be valid
distName
Distinguished name string. See Distinguished Names in the main manual.
extensions
Extensions: a list of attribute-value pairs separated by semicolons (;). See X.509 Extensions Parameter in the main manual.
keyUsageOptions
Type: X509.KeyUsageOptions
Key usage options
password
For issuer's private key, if encrypted.
sigAlg
Type: SigAlgorithm
Signature algorithm to sign certificate.
options
Type: X509.CertOptions
Option flags: set as zero for defaults.

Return Value

Zero if successful or a non-zero error code

Remarks

Valid extensions are:
rfc822Name=string;To set the rfc822 email address in the subjectAltName extension, e.g. rfc822Name=myname@testorg.com.
serialNumber=hex-digits;To override the serial number set by certNum with a larger, unlimited integer in hexadecimal format, e.g. serialNumber=12deadbeefcafe0123.
subjectKeyIdentifier=hex-digits;To set the subjectAltName extension with an octet string (binary) value specified in hex format e.g. subjectKeyIdentifier=fedcba9876543210.
notAfter=iso-date-string;To override the validity period set by yearsValid with a specific date and time in ISO format, e.g. notAfter=2020-12-31 or notAfter=2020-12-31T14:03:59. If no time is given it will default to 23:59:59. Note that this time is UTC (GMT) not local.
notBefore=iso-date-string;To override the default start time from one minute ago to a specific date and time in ISO format, e.g. notBefore=2008-12-31. If no time is given it will default to 00:00:01. Note that this time is UTC (GMT) not local.
<dotted-oid>=#<hexstring>;Add an arbitrary X.509 version 3 Extension with typeID set to decoded <dotted-oid> and extnValue set to ASN.1 value encoded in <hexstring>.

As an alternative, you can create a new X.509 certificate using a PKCS-10 certificate signing request (CSR) file. Pass the name of the CSR file in the subjectPubkeyFile parameter and set the distName empty "". The empty distinguished name parameter is a flag that a CSR file is being used.

X509.MakeCertSelf Method

Create a self-signed X.509 certificate with signature options.

Syntax

[C#]
public static int MakeCertSelf(
	string certFile,
	string privateKeyFile,
	int certNum,
	int yearsValid,
	string distName,
	string extensions,
	X509.KeyUsageOptions keyUsageOptions,
	string password,
	SigAlgorithm sigAlg,
	X509.CertOptions options
)
[VB.NET]
Public Shared Function MakeCertSelf ( _
	certFile As String, _
	privateKeyFile As String, _
	certNum As Integer, _
	yearsValid As Integer, _
	distName As String, _
	extensions As String, _
	keyUsageOptions As X509.KeyUsageOptions, _
	password As String, _
	sigAlg As SigAlgorithm, _
	options As X509.CertOptions _
) As Integer

Parameters

certFile
Name of file to be created
privateKeyFile
File containing issuer's private key data
certNum
Issue number for new certificate
yearsValid
How many years to be valid
distName
Distinguished name string. See Distinguished Names in the main manual.
extensions
Extensions: a list of attribute-value pairs separated by semicolons (;). See X.509 Extensions Parameter in the main manual.
keyUsageOptions
Type: X509.KeyUsageOptions
Key usage options
password
For issuer's private key
sigAlg
Type: SigAlgorithm
Signature algorithm to sign certificate.
options
Type: X509.CertOptions
Option flags: set as zero for defaults.

Return Value

Zero if successful or a non-zero error code

X509.MakeCRL Method

Create an X.509 Certificate Revocation List (CRL).

Syntax

[C#]
public static int MakeCRL(
	string crlFile,
	string issuerCert,
	string issuerKeyFile,
	string password,
	string revokedCertList,
	string extensions,
	SigAlgorithm sigAlg,
	X509.CrlOptions opts
)
[VB.NET]
Public Shared Function MakeCRL ( _
	crlFile As String, _
	issuerCert As String, _
	issuerKeyFile As String, _
	password As String, _
	revokedCertList As String, _
	extensions As String, _
	sigAlg As SigAlgorithm, _
	opts As X509.CrlOptions _
) As Integer

Parameters

crlFile
name of new CRL file to be created
issuerCert
name of issuer's X.509 certificate file (or base64 representation)
issuerKeyFile
name of issuer's encrypted private key file
password
password for Issuer's encrypted private key file
revokedCertList
list of revoked certificates in format serialNumber,revocationDate; ... or the empty string "" for no revoked certificates. See the Remarks section below for more details
extensions
A list of attribute-value pairs separated by semicolons (;) or the empty string "". Valid attribute-value pairs are:
sigAlg
Type: SigAlgorithm
Signature algorithm.
opts
Type: X509.CrlOptions
Options

Return Value

If successful, the return value is zero; otherwise it returns a non-zero error code.

Remarks

This creates a version 1 CRL file with no extensions or cRLReason's. The parameter revokedCertList must be in the form serialNumber,revocationDate;serialNumber,revocationDate; .... The serialNumber must either be a positive decimal integer (e.g. 123) or the number in hex format preceded by #x (e.g. #x0102deadbeef). The revocation date must be in ISO date format (e.g. 2009-12-31T12:59:59Z). For example,

"1,2007-12-31; 2, 2009-12-31T12:59:59Z; 66000,2066-01-01; #x0102deadbeef,2010-02-28T01:01:59"

By default, the lastUpdate time in the CRL is set to the time given by the system clock, and nextUpdate time is left empty. You can specify your own times using the lastUpdate and nextUpdate attributes in the extensions parameter. Times, if specified, must be in ISO 8601 format and are always interpreted as GMT times whether or not you add a "Z".

X509.QueryCert Method

Query an X.509 certificate file for selected information.

Syntax

[C#]
public static string QueryCert(
	string certFile,
	string query,
	X509.OutputOpts outOpts
)
[VB.NET]
Public Shared Function QueryCert ( _
	certFile As String, _
	query As String, _
	outOpts As X509.OutputOpts _
) As String

Parameters

certFile
Filename of certificate file (or its base64 representation)
query
Query string (case insensitive)
outOpts
Type: X509.OutputOpts
Optional options for output (default = 0)

Return Value

String containing the result, or an empty string if query not found or on error.

Remarks

Both binary BER and PEM-format certificates can be read, as can a base64 representation of the certificate.

Valid queries are:

"version"X.509 version number, e.g. "3".
"serialNumber"Serial number in hex-encoded format.
"signatureAlgorithm"Signature algorithm used, e.g. "sha1WithRSAEncryption".
"signatureValue"Signature value in hex-encoded format.
"notBefore"Date on which the certificate validity period begins in ISO format yyyy-mm-ddThh:nn:ssZ
"notAfter"Date on which the certificate validity period ends in ISO format yyyy-mm-ddThh:nn:ssZ
"issuerName"Distinguished name (DN) of entity who has signed and issued the certificate.
"subjectName"Distinguished name (DN) of the subject.
"subjectPublicKeyAlgorithm"Algorithm used in subject's public key, e.g. "dsa".
"subjectKeyIdentifier"The subject key identifier extension, if present, in hex-encoded format.
"authorityKeyIdentifier"The authority key identifier extension, if present, in hex-encoded format.
"rfc822Name"Internet mail address contained in a subjectAltName extension, if present.
"isCA"Returns "1" if the subject type is a CA, otherwise returns "0".
"keyUsageString"keyUsage flags in text format, e.g. "digitalSignature,nonRepudiation".
"extKeyUsageString"extKeyUsage purposes in text format, e.g. "codeSigning,timeStamping".
"cRLDistributionPointsURI"First URI found in cRLDistributionPoints, if any.
"authorityInfoAccessURI"First URI found in authorityInfoAccess, if any.
"subjectAltName"Subject alternative name extension, if present.
"hashAlgorithm"Hash algorithm used in signature, e.g. "sha256".
"pssParams"Parameters used for RSA-PSS (if applicable).

X509.ReadCertStringFromP7Chain Method

Read an X.509 certificate into a base64 string from PKCS-7 "certs-only" data.

Syntax

[C#]
public static string ReadCertStringFromP7Chain(
	string inputFile,
	int index
)
[VB.NET]
Public Shared Function ReadCertStringFromP7Chain ( _
	inputFile As String, _
	index As Integer _
) As String

Parameters

inputFile
filename of a PKCS-7 "certs-only" file, or a string containing its PEM textual representation.
index
specifying which certificate (1,2,...) in the chain to extract.

Return Value

String in continuous base64 format, or an empty string on error.

Remarks

[New in v12.2] To find the number of certificates in the chain, use GetCertCountInP7Chain. The old (deprecated) way to find the count of certificates was to set index to zero.

X509.ReadCertStringFromPFX Method

Read an X.509 certificate into a base64 string from PKCS-12 PFX/.p12 data.

Syntax

[C#]
public static string ReadCertStringFromPFX(
	string inputFile,
	string password
)
[VB.NET]
Public Shared Function ReadCertStringFromPFX ( _
	inputFile As String, _
	password As String _
) As String

Parameters

inputFile
filename of a PFX file, or a string containing its PEM textual representation.
password
password for PFX or "" if certificate is not encrypted

Return Value

String in continuous base64 format, or an empty string on error.

Remarks

Only supports weak 40-bit RC2 encryption for the certificate.

X509.ReadStringFromFile Method

Create a base64 string representation of a X.509 certificate file.

Syntax

[C#]
public static string ReadStringFromFile(
	string certFile
)
[VB.NET]
Public Shared Function ReadStringFromFile ( _
	certFile As String _
) As String

Parameters

certFile
Filename of certificate file (or its base64 representation)

Return Value

String in continuous base64 format, or an empty string on error.

X509.SaveFileFromString Method

Create a new X.509 certificate file from a base64 string representation.

Syntax

[C#]
public static int SaveFileFromString(
	string newCertFile,
	string certString,
	bool inPEMFormat
)
[VB.NET]
Public Shared Function SaveFileFromString ( _
	newCertFile As String, _
	certString As String, _
	inPEMFormat As Boolean _
) As Integer

Parameters

newCertFile
Name of new certificate file to be created.
certString
String containing certificate data in base64 format.
inPEMFormat
True to save in base64 PEM format, or false to save in binary DER format.

Return Value

Zero if successful or non-zero error code

Remarks

Any existing file of the same name will be overwritten without warning.

A PEM format file will start with -----BEGIN CERTIFICATE-----.

X509.TextDump Method

Dump details of an X.509 certificate or a X.509 certificate revocation list (CRL) or a PKCS-10 certificate signing request (CSR) to a text file.

Syntax

[C#]
public static int TextDump(
	string outputFile,
	string certFile,
	X509.OutputOpts outOpts
)
[VB.NET]
Public Shared Function TextDump ( _
	outputFile As String, _
	certFile As String, _
	outOpts As X509.OutputOpts _
) As Integer

Parameters

outputFile
Filename of text file to be created
certFile
Filename of certificate file (or its base64 representation)
outOpts
Type: X509.OutputOpts
Options for output (optional)

Return Value

If successful, the return value is zero; otherwise it returns a nonzero error code.

Remarks

The notation [!] denotes a critical extension, e.g. Key Usage[!]:.

X509.TextDumpToString Method

Dump details of an X.509 certificate or a X.509 certificate revocation list (CRL) or a PKCS-10 certificate signing request (CSR) to a string.

Syntax

[C#]
public static string TextDumpToString(
	string certFile,
	X509.OutputOpts outOpts
)
[VB.NET]
Public Shared Function TextDumpToString ( _
	certFile As String, _
	outOpts As X509.OutputOpts _
) As String

Parameters

certFile
Filename of certificate file (or its base64 representation)
outOpts
Type: X509.OutputOpts
Options for output

Return Value

String containing the result, or an empty string on error.

Remarks

The notation [!] denotes a critical extension, e.g. Key Usage[!]:.

X509.ValidatePath Method

Validate a certificate path.

Syntax

[C#]
public static int ValidatePath(
	string certListOrP7File,
	string trustedCert,
	bool noTimeCheck
)
[VB.NET]
Public Shared Function ValidatePath ( _
	certListOrP7File As String, _
	trustedCert As String, _
	noTimeCheck As Boolean _
) As Integer

Parameters

certListOrP7File
either a list of certificate names separated by a semicolon or the name of a PKCS-7 "certs-only" file containing the certificates to be validated
trustedCert
(optional) name of the trusted certificate (or base64 representation)
noTimeCheck
Set True to avoid checking if the certificates are valid now [default = check validity dates against system clock].

Return Value

Zero if the certification path is valid; X509.Invalid (CERT_PATH_ERROR +43) if the path is invalid; otherwise a negative error code.

X509.VerifyCert Method

Verify that an X.509 certificate has been signed by its issuer.

Syntax

[C#]
public static int VerifyCert(
	string certToVerify,
	string issuerCert
)
[VB.NET]
Public Shared Function VerifyCert ( _
	certToVerify As String, _
	issuerCert As String _
) As Integer

Parameters

certToVerify
Filename of certificate to verify
issuerCert
Filename of purported issuer's certificate

Return Value

Zero if the certificate's signature is valid; X509.Failure (SIGNATURE_ERROR +22) if the validation fails; otherwise a positive error code.

Remarks

This can also be used to verify that an X.509 Certificate Revocation List (CRL) or PKCS#10 Certification Signing Request (CSR) has been signed by the owner of the issuer's certificate. Just pass the name of the file (or its base64/PEM string form) as certToVerify.

Xof.Bytes Method

Generate bytes using an eXtendable-Output Function (XOF).

Syntax

[C#]
public static byte[] Bytes(
	int numBytes,
	byte[] message,
	Xof.Alg xofAlg
)
[VB.NET]
Public Shared Function Bytes ( _
	numBytes As Integer, _
	message As Byte(), _
	xofAlg As Xof.Alg _
) As Byte()

Parameters

numBytes
Required number of output bytes.
message
Input message data.
xofAlg
Type: Xof.Alg
XOF algorithm.

Return Value

Output data in byte array.

Enumerations

AeadAlgorithm Enumeration

Authenticated encryption algorithm.

Syntax

[C#]
public enum AeadAlgorithm
[VB.NET]
Public Enumeration AeadAlgorithm

Members

Member nameDescription
Aes_128_Gcm
Use the AEAD_AES_128_GCM authenticated encryption algorithm from RFC 5116.
Aes_192_Gcm
Use the AES-192-GCM authenticated encryption algorithm in the same manner as RFC 5116.
Aes_256_Gcm
Use the AEAD_AES_256_GCM authenticated encryption algorithm from RFC 5116.
ChaCha20_Poly1305
Use the AEAD_CHACHA20_POLY1305 authenticated encryption algorithm from RFC 8439.

Asn1.Options Enumeration

Options for ASN.1 methods

Syntax

[C#]
[FlagsAttribute]
public enum Options
[VB.NET]
<FlagsAttribute> _
Public Enumeration Options

Members

Member nameDescription
Default
Default options
NoComments
Hide the comments [default=show comments]
AddLevels
Show level numbers [default=hide level numbers]

CipherAlgorithm Enumeration

Block Cipher Algorithm

Syntax

[C#]
public enum CipherAlgorithm
[VB.NET]
Public Enumeration CipherAlgorithm

Members

Member nameDescription
Tdea
Triple DES (TDEA, 3DES, des-ede3)
Aes128
AES-128
Aes192
AES-192
Aes256
AES-256

Cipher.Opts Enumeration

Advanced options

Syntax

[C#]
[FlagsAttribute]
public enum Opts
[VB.NET]
<FlagsAttribute> _
Public Enumeration Opts

Members

Member nameDescription
Default
Default options
PrefixIV
Prefix (prepend) the IV before the ciphertext in the output (ignored for ECB mode)

Cms.ComprDataOptions Enumeration

Advanced options for CMS compressed-data objects

Syntax

[C#]
[FlagsAttribute]
public enum ComprDataOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration ComprDataOptions

Members

Member nameDescription
Default
Default options.
NoInflate
Extract the compressed data as is without inflation.

Cms.ContentEncrAlg Enumeration

Content encryption algorithm.

Syntax

[C#]
public enum ContentEncrAlg
[VB.NET]
Public Enumeration ContentEncrAlg

Members

Member nameDescription
Default
Default = Triple DES CAUTION!
Tdea
Triple DES (TDEA, 3DES, des-ede3)
Aes128
AES-128
Aes192
AES-192
Aes256
AES-256
Aes_128_Gcm
AES-128-GCM authenticated encryption algorithm from RFC5116.
Aes_192_Gcm
AES-192-GCM authenticated encryption algorithm in the same manner as RFC5116.
Aes_256_Gcm
AES-256-GCM authenticated encryption algorithm from RFC5116.
ChaCha20_Poly1305
AEAD_CHACHA20_POLY1305 authenticated encryption algorithm from RFC8439.

Remarks

New in [v22.0]. Supersedes CipherAlgorithm parameter.

Cms.EnvDataOptions Enumeration

Advanced options for CMS enveloped-data objects.

Syntax

[C#]
[FlagsAttribute]
public enum EnvDataOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration EnvDataOptions

Members

Member nameDescription
None
Default options.
FormatBase64
Encode output in base64 (default = binary).
AltAlgId
Use alternative (non-standard) alternative TeleTrusT Content Encryption Algorithm Identifier.
BigFile
Use to speed up the encryption of large files (binary file to binary file only).
Mgf1Sha1
Force the MGF1 hash function to be SHA-1 (RSA-OAEP only, default = same as encoding hash function).
Authenticated
Use AES-GCM authenticated encryption instead of AES-CBC (redundant as of [v22.0]).

Cms.Format Enumeration

Output format.

Syntax

[C#]
public enum Format
[VB.NET]
Public Enumeration Format

Members

Member nameDescription
Default
Default output format
Binary
Binary output (default)
FormatBase64
Output is encoded in base64 (default = binary).

Cms.KeyEncrAlgorithm Enumeration

Key encryption algorithm for key transport (ktri) technique

Syntax

[C#]
public enum KeyEncrAlgorithm
[VB.NET]
Public Enumeration KeyEncrAlgorithm

Members

Member nameDescription
Default
Default
Rsa_Pkcs1v1_5
RSAES-PKCS-v1_5 (rsaEncryption)
Rsa_Oaep
RSAES-OAEP

Cms.ReadOptions Enumeration

Options for reading CMS objects.

Syntax

[C#]
[FlagsAttribute]
public enum ReadOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration ReadOptions

Members

Member nameDescription
None
Default options.
BigFile
Use to speed up the encryption of large files (binary file input only).

Cms.SigAlg Enumeration

Signature algorithm for CMS signed-data objects.

Syntax

[C#]
public enum SigAlg
[VB.NET]
Public Enumeration SigAlg

Members

Member nameDescription
Default
Use default signature algorithm (rsa-sha1/sha1WithRSAEncryption)
Rsa_Sha1
Use sha1WithRSAEncryption (rsa-sha1) signature algorithm [default]
Rsa_Sha224
Use sha224WithRSAEncryption (rsa-sha224) signature algorithm
Rsa_Sha256
Use sha256WithRSAEncryption (rsa-sha256) signature algorithm
Rsa_Sha384
Use sha384WithRSAEncryption (rsa-sha384) signature algorithm
Rsa_Sha512
Use sha512WithRSAEncryption (rsa-sha512) signature algorithm
Rsa_Md5
Use md5WithRSAEncryption (rsa-md5) signature algorithm [legacy, not recommended]
Rsa_Pss_Sha1
Use RSA-PSS signature algorithm with SHA-1
Rsa_Pss_Sha224
Use RSA-PSS signature algorithm with SHA-224
Rsa_Pss_Sha256
Use RSA-PSS signature algorithm with SHA-256
Rsa_Pss_Sha384
Use RSA-PSS signature algorithm with SHA-384
Rsa_Pss_Sha512
Use RSA-PSS signature algorithm with SHA-512
Ecdsa_Sha1
Use ecdsaWithSHA1 (ecdsa-sha1) signature algorithm
Ecdsa_Sha224
Use ecdsaWithSHA224 (ecdsa-sha224) signature algorithm
Ecdsa_Sha256
Use ecdsaWithSHA256 (ecdsa-sha256) signature algorithm
Ecdsa_Sha384
Use ecdsaWithSHA384 (ecdsa-sha384) signature algorithm
Ecdsa_Sha512
Use ecdsaWithSHA512 (ecdsa-sha512) signature algorithm
Ed25519
Use Ed25519 signature algorithm [RFC8032]
Ed448
Use Ed448 signature algorithm [RFC8032

Cms.SigDataOptions Enumeration

Advanced options for CMS signed-data objects

Syntax

[C#]
[FlagsAttribute]
public enum SigDataOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration SigDataOptions

Members

Member nameDescription
Default
Default option
ExcludeCerts
Exclude X.509 certs from output.
ExcludeData
Exclude data from output.
CertsOnly
Create a "certs-only" PKCS#7 certficate chain.
IncludeAttributes
To add signed attributes (default = no signed attributes) including content-type and message-digest plus any more added below.
AddSignTime
Add signing time to the signed attributes (requires IncludeAttributes).
AddSmimeCapabilities
Add S/MIME capabilities to the signed attributes (requires IncludeAttributes).
AddSigningCertificate
Add an ESS Signing Certificate attribute to the signed attributes (requires IncludeAttributes).
AddAlgProtection
Add an Algorithm Protection Attribute [RFC6211] to the signed attributes (requires IncludeAttributes).
FormatBase64
Create output/expect input in base64 format (default = binary).
NoOuter
Create a "naked" SignedData object with no outerContentInfo as permitted by PKCS#7 v1.6 (specialist option).
AltAlgId
Use alternative (non-standard) signature algorithm identifiers, e.g. 'sha1withRSAEncryption' instead of 'rsaEncryption'.
BigFile
Use to speed up the processing of large files.
Mgf1Sha1
Force the MGF1 hash function to be SHA-1 (RSASSA-PSS only, default = same as encoding hash function).
Pss_SaltLenZero
Use a zero-length salt in an RSA-PSS signature (default = hLen the length of the digest output).
PseudoSig
Create/sign a "pseudo" SignedData object with dummy placeholder signature.

Cnv.EncodingConversion Enumeration

Conversion directions for ByteEncoding.

Syntax

[C#]
public enum EncodingConversion
[VB.NET]
Public Enumeration EncodingConversion

Members

Member nameDescription
Utf8_From_Latin1
Converts UTF-8-encoded bytes into Latin-1-encoded
Latin1_From_Utf8
Converts Latin-1-encoded bytes into UTF-8-encoded

Cnv.EndianNess Enumeration

Byte order.

Syntax

[C#]
public enum EndianNess
[VB.NET]
Public Enumeration EndianNess

Members

Member nameDescription
BigEndian
Most-significant byte first
LittleEndian
Least-significant byte first

Ecc.CurveName Enumeration

Supported curve names.

Syntax

[C#]
public enum CurveName
[VB.NET]
Public Enumeration CurveName

Members

Member nameDescription
Secp192r1
NIST curve P-192
Secp224r1
NIST curve P-224
Secp256r1
NIST curve P-256
Secp384r1
NIST curve P-384
Secp521r1
NIST curve P-521
Secp256k1
"Bitcoin" curve
P_192
NIST curve P-192 (synonym for secp192r1)
P_224
NIST curve P-256 (synonym for secp256r1)
P_256
NIST curve P-224 (synonym for secp224r1)
P_384
NIST curve P-384 (synonym for secp384r1)
P_521
NIST curve P-521 (synonym for secp521r1)
Prime192v1
Alternative name for NIST curve P-192
Prime256v1
Alternative name for NIST curve P-256
BrainpoolP256r1
ECC Brainpool curve [RFC5639]
BrainpoolP384r1
ECC Brainpool curve [RFC5639]
BrainpoolP512r1
ECC Brainpool curve [RFC5639]
Ed25519
Safe curve for EdDSA
Ed448
Safe curve for EdDSA
X25519
Safe curve for ECDH
X448
Safe curve for ECDH

Ecc.Format Enumeration

Format for output files.

Syntax

[C#]
public enum Format
[VB.NET]
Public Enumeration Format

Members

Member nameDescription
Default
Default = binary
Binary
Binary DER-encoded
PEM
PEM-encoded text file

Ecc.KeyType Enumeration

Key type for unencrypted key file.

Syntax

[C#]
public enum KeyType
[VB.NET]
Public Enumeration KeyType

Members

Member nameDescription
Default
Save key in the default format.
Pkcs8PrivateKeyInfo
Save a NIST/SEC curve private key in PKCS#8 PrivateKeyInfo format (ignored for a public key)
Legacy
Save a safe private key in "legacy" PKCS#8 v1 format (default is v2 OneAsymmetricKey)
PrivateKey
Key value represents a private key (use for reading safe curves)
PublicKey
Key value represents a public key (use for reading safe curves)

Ecc.PbeScheme Enumeration

Password-based encryption scheme to encrypt the private key file.

Syntax

[C#]
public enum PbeScheme
[VB.NET]
Public Enumeration PbeScheme

Members

Member nameDescription
Default
Default option (pbeWithSHAAnd3-KeyTripleDES-CBC)
PbeWithSHAAnd_KeyTripleDES_CBC
pbeWithSHAAnd3-KeyTripleDES-CBC from PKCS#12
Pbe_Pbkdf2_des_EDE3_CBC
"pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "des-EDE3-CBC"
Pbe_Pbkdf2_aes128_CBC
"pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes128-CBC"
Pbe_Pbkdf2_aes192_CBC
"pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes192-CBC"
Pbe_Pbkdf2_aes256_CBC
"pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes256-CBC"

EncodingBase Enumeration

Base for encoding methods

Syntax

[C#]
public enum EncodingBase
[VB.NET]
Public Enumeration EncodingBase

Members

Member nameDescription
Base64
Base64 encoding
Base16
Base16 encoding (i.e. hexadecimal)

HashAlgorithm Enumeration

Message Digest Hash Algorithm

Syntax

[C#]
public enum HashAlgorithm
[VB.NET]
Public Enumeration HashAlgorithm

Members

Member nameDescription
Sha1
SHA-1 (as per FIPS PUB 180-4)
Md5
MD5 (as per RFC 1321) [legacy, not recommended]
Md2
MD2 (as per RFC 1319) [legacy, definitely not recommended]
Sha224
SHA-224 (as per FIPS PUB 180-4)
Sha256
SHA-256 (as per FIPS PUB 180-4)
Sha384
SHA-384 (as per FIPS PUB 180-4)
Sha512
SHA-512 (as per FIPS PUB 180-4)
Sha3_224
SHA-3-224 (as per FIPS PUB 202)
Sha3_256
SHA-3-256 (as per FIPS PUB 202)
Sha3_384
SHA-3-384 (as per FIPS PUB 202)
Sha3_512
SHA-3-256 (as per FIPS PUB 202)
Ripemd160
RIPEMD-160
Bitcoin160
RIPEMD-160 hash of a SHA-256 hash (RIPEMD160(SHA256(m)))

Hpke.AeadAlg Enumeration

AEAD functions supported for HPKE

Syntax

[C#]
public enum AeadAlg
[VB.NET]
Public Enumeration AeadAlg

Members

Member nameDescription
None
No AEAD algorithm.
Aes_128_Gcm
Use the AEAD_AES_128_GCM authenticated encryption algorithm from RFC5116.
Aes_256_Gcm
Use the AEAD_AES_256_GCM authenticated encryption algorithm from RFC5116.
ChaCha20_Poly1305
Use the AEAD_CHACHA20_POLY1305 authenticated encryption algorithm from RFC8439.

Hpke.CurveName Enumeration

Supported ECDH curves for HPKE

Syntax

[C#]
public enum CurveName
[VB.NET]
Public Enumeration CurveName

Members

Member nameDescription
P_256
NIST curve P-256
P_384
NIST curve P-384
P_521
NIST curve P-521
X25519
ECDH curve X25519 from RFC7748
X448
ECDH curve X448 from RFC7748

Hpke.OutputOpts Enumeration

Options to format or re-encode output.

Syntax

[C#]
public enum OutputOpts
[VB.NET]
Public Enumeration OutputOpts

Members

Member nameDescription
Default
Default = output as ephemeral "internal" key string.
KeyAsHex
Output key in hex format compatible with test vectors in [RFC9180]

Kdf.HashAlg Enumeration

Hash algorithms for KDF

Syntax

[C#]
public enum HashAlg
[VB.NET]
Public Enumeration HashAlg

Members

Member nameDescription
Sha1
SHA-1 (as per FIPS PUB 180-4)
Sha224
SHA-224 (as per FIPS PUB 180-4)
Sha256
SHA-256 (as per FIPS PUB 180-4)
Sha384
SHA-384 (as per FIPS PUB 180-4)
Sha512
SHA-512 (as per FIPS PUB 180-4)

Kdf.KdfAlg Enumeration

Key derivation functions

Syntax

[C#]
public enum KdfAlg
[VB.NET]
Public Enumeration KdfAlg

Members

Member nameDescription
X963
ANSI-X9.63-KDF key derivation function (default)
Hkdf
HMAC-based Key Derivation Function (HKDF) from [RFC5869]

Kdf.KeyWrapAlg Enumeration

Key wrap algorithms for KDF

Syntax

[C#]
public enum KeyWrapAlg
[VB.NET]
Public Enumeration KeyWrapAlg

Members

Member nameDescription
Default
Default for Cms.MakeEnvData only.
Cms3DESwrap
Triple-DES Key Wrap algorithm from [RFC3217]
Aes128_wrap
AES-128 key wrap from [RFC3394]
Aes192_wrap
AES-192 key wrap from [RFC3394]
Aes256_wrap
AES-256 key wrap from [RFC3394]

Mode Enumeration

Cipher Mode

Syntax

[C#]
public enum Mode
[VB.NET]
Public Enumeration Mode

Members

Member nameDescription
ECB
Electronic Code Book mode
CBC
Cipher Block Chaining mode
OFB
Output Feedback mode
CFB
Cipher Feedback mode
CTR
Counter mode
GCM
Galois/Counter mode (AES only)

Padding Enumeration

Block Cipher Padding

Syntax

[C#]
public enum Padding
[VB.NET]
Public Enumeration Padding

Members

Member nameDescription
Default
Use default padding
NoPad
No padding is added
Pkcs5
The padding scheme described in PKCS#5/#7
OneAndZeroes
Pad with 0x80 followed by as many zero bytes necessary to fill the block
AnsiX923
The padding scheme described in ANSI X9.23
W3CPadding
The padding scheme described in W3C https://www.w3.org/TR/xmlenc-core1/#sec-Padding

Pfx.Options Enumeration

Specialist options.

Syntax

[C#]
[FlagsAttribute]
public enum Options
[VB.NET]
<FlagsAttribute> _
Public Enumeration Options

Members

Member nameDescription
Default
Default options: re-encrypt private key with "TripleDES-SHA1", encrypt certificate with 40-bit RC2, output in DER binary form.
PlainCert
Store the certificate in unencrypted form (default is encrypted with 40-bit RC2).
StrongCert
Encrypt the certificate with "stronger" TripleDES-SHA1 (default is "weak" 40-bit RC2).
CloneKey
Store the private key in the exact form of the pkcs-8 input file (default is to re-encrypt with Triple DES).
Aes256_Sha256
Override other encryption options and encrypt both the private key and certificate using "AES256-SHA256"
DoubleEncrypt
Double-encrypt the private key (specialist option).
AltFormat
Create a PFX file with the exact peculiarities used by Microsoft (default is OpenSSL).
FormatPem
Create the output file in PEM format (default is DER-encoded binary).

Prf.Alg Enumeration

Pseudorandom function (PRF) algorithm.

Syntax

[C#]
public enum Alg
[VB.NET]
Public Enumeration Alg

Members

Member nameDescription
Kmac128
KMAC128 as per NIST SP 800-185
Kmac256
KMAC256 as per NIST SP 800-185

Rng.Options Enumeration

Rng options

Syntax

[C#]
public enum Options
[VB.NET]
Public Enumeration Options

Members

Member nameDescription
Default
Default option
NoIntelDrng
Turn off support for INTEL(R) DRNG for the current session.

Rng.Strength Enumeration

Required security strength for user-prompted entropy

Syntax

[C#]
public enum Strength
[VB.NET]
Public Enumeration Strength

Members

Member nameDescription
Default
Default option
Bits_112
112 bits of security (default)
Bits_128
128 bits of security
Bits_192
192 bits of security
Bits_256
256 bits of security

Rsa.AdvOptions Enumeration

Advanced options.

Syntax

[C#]
[FlagsAttribute]
public enum AdvOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration AdvOptions

Members

Member nameDescription
Default
Default options.
Mgf1_Sha1
Force the MGF hash function to be SHA-1 (OAEP only, default = same as encoding set by Rsa.HashAlg)

Rsa.EME Enumeration

Encoding method for encryption.

Syntax

[C#]
public enum EME
[VB.NET]
Public Enumeration EME

Members

Member nameDescription
PKCSv1_5
EME-PKCS1-v1_5 encoding method
OAEP
EME-OAEP encoding method

Remarks

See PKCS#1 v2.2 [RFC8017]

Rsa.Format Enumeration

Format for saved RSA key.

Syntax

[C#]
public enum Format
[VB.NET]
Public Enumeration Format

Members

Member nameDescription
Default
Default = Binary
Binary
Binary DER-encoded
PEM
PEM Format
SSL
PEM format compatible with OpenSSL

Rsa.HashAlg Enumeration

Hash function for OAEP encoding.

Syntax

[C#]
public enum HashAlg
[VB.NET]
Public Enumeration HashAlg

Members

Member nameDescription
Sha1
SHA-1 (default)
Sha224
SHA-224
Sha256
SHA-256
Sha384
SHA-384
Sha512
SHA-512

Rsa.PbeOptions Enumeration

Password-based encryption scheme to be used to encrypt the private key file.

Syntax

[C#]
public enum PbeOptions
[VB.NET]
Public Enumeration PbeOptions

Members

Member nameDescription
Default
Default option (pbeWithSHAAnd3-KeyTripleDES-CBC)
PbeWithSHAAnd_KeyTripleDES_CBC
pbeWithSHAAnd3-KeyTripleDES-CBC from PKCS#12
Pbe_Pbkdf2_des_EDE3_CBC
"pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "des-EDE3-CBC"
Pbe_Pbkdf2_aes128_CBC
"pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes128-CBC"
Pbe_Pbkdf2_aes192_CBC
"pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes192-CBC"
Pbe_Pbkdf2_aes256_CBC
"pkcs5PBES2" with key derivation function "pkcs5PBKDF2" and encryption scheme "aes256-CBC"
PbeWithMD5AndDES_CBC
pbeWithMD5AndDES-CBC [legacy, not recommended for new implementations]
PbeWithMD2AndDES_CBC
pbeWithMD2AndDES-CBC [legacy, not recommended for new implementations]
PbeWithSHA1AndDES_CBC
pbeWithSHA1AndDES-CBC [legacy, not recommended for new implementations]
Pkcs5PBES2_des_EDE3_CBC
"pkcs5PBES2" with "pkcs5PBKDF2" and "des-EDE3-CBC" [Synonym retained for backwards compatibility]

Rsa.PublicExponent Enumeration

Choices for public exponent (e)

Syntax

[C#]
public enum PublicExponent
[VB.NET]
Public Enumeration PublicExponent

Members

Member nameDescription
Exp_EQ_3
Set exponent equal to 3 (F0)
Exp_EQ_5
Set exponent equal to 5 (F1)
Exp_EQ_17
Set exponent equal to 17 (F2)
Exp_EQ_257
Set exponent equal to 257 (F3)
Exp_EQ_65537
Set exponent equal to 65537 (F4)

Remarks

Fermat Number F(x) = 2^(2^x) + 1. F0 to F4 are prime.

Rsa.XmlOptions Enumeration

Options when converting between internal RSA key and XML.

Syntax

[C#]
[FlagsAttribute]
public enum XmlOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration XmlOptions

Members

Member nameDescription
ExcludePrivateParams
Exclude private key parameters
ForceRSAKeyValue
Create XML in .NET-compatible RSAKeyValue format (ToXML only)
HexBinaryFormat
Create XML in non-standard hex format (ToXML only)
RequirePrivate
Require private key to exist in the XML input or fail (FromXML only)

SigAlgorithm Enumeration

Signature algorithm

Syntax

[C#]
public enum SigAlgorithm
[VB.NET]
Public Enumeration SigAlgorithm

Members

Member nameDescription
Default
Use default signature algorithm [rsa-sha1/sha1WithRSAEncryption]
Rsa_Sha1
Use sha1WithRSAEncryption (rsa-sha1) signature algorithm [default]
Rsa_Sha224
Use sha224WithRSAEncryption (rsa-sha224) signature algorithm
Rsa_Sha256
Use sha256WithRSAEncryption (rsa-sha256) signature algorithm
Rsa_Sha384
Use sha384WithRSAEncryption (rsa-sha384) signature algorithm
Rsa_Sha512
Use sha512WithRSAEncryption (rsa-sha512) signature algorithm
Rsa_Md5
Use md5WithRSAEncryption (rsa-md5) signature algorithm [legacy, not recommended]
Rsa_Pss_Sha1
Use RSA-PSS signature algorithm with SHA-1
Rsa_Pss_Sha224
Use RSA-PSS signature algorithm with SHA-224
Rsa_Pss_Sha256
Use RSA-PSS signature algorithm with SHA-256
Rsa_Pss_Sha384
Use RSA-PSS signature algorithm with SHA-384
Rsa_Pss_Sha512
Use RSA-PSS signature algorithm with SHA-512
Ecdsa_Sha1
Use ecdsaWithSHA1 (ecdsa-sha1) signature algorithm
Ecdsa_Sha224
Use ecdsaWithSHA224 (ecdsa-sha224) signature algorithm
Ecdsa_Sha256
Use ecdsaWithSHA256 (ecdsa-sha256) signature algorithm
Ecdsa_Sha384
Use ecdsaWithSHA384 (ecdsa-sha384) signature algorithm
Ecdsa_Sha512
Use ecdsaWithSHA512 (ecdsa-sha512) signature algorithm
Ed25519
Use Ed25519 signature algorithm
Ed448
Use Ed448 signature algorithm

Sig.Encoding Enumeration

Encodings for signature output.

Syntax

[C#]
public enum Encoding
[VB.NET]
Public Enumeration Encoding

Members

Member nameDescription
Default
Default encoding (base64)
Base64
Base64 encoding (default)
Base64url
URL-safe base64 encoding as in section 5 of [RFC4648]
Base16
Base16 encoding (i.e. hexadecimal)

Sig.SigOptions Enumeration

Specialist options for signatures.

Syntax

[C#]
[FlagsAttribute]
public enum SigOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration SigOptions

Members

Member nameDescription
Default
Use default options for signature.
UseDeterministic
ECDSA only: Use the deterministic digital signature generation procedure of [RFC6979] for ECDSA signature [default=random k].
Asn1DERStructure
ECDSA only: Form ECDSA signature value as a DER-encoded ASN.1 structure [default=r||s].
PssSaltLenHlen
RSA-PSS only: Set the salt length to hLen, the length of the output of the hash function [default].
PssSaltLenMax
RSA-PSS only: Set the salt length to the maximum possible (like OpenSSL).
PssSaltLen20
RSA-PSS only: Set the salt length to be exactly 20 bytes regardless of the hash algorithm.
PssSaltLenZero
RSA-PSS only: Set the salt length to be zero.
Mgf1Sha1
RSA-PSS only: Force the MGF hash function to be SHA-1 [default = same as signature hash algorithm]

Sig.VerifyOpts Enumeration

Specialist options for verifying a signature.

Syntax

[C#]
[FlagsAttribute]
public enum VerifyOpts
[VB.NET]
<FlagsAttribute> _
Public Enumeration VerifyOpts

Members

Member nameDescription
Default
Use default options.
Mgf1Sha1
RSA-PSS only: Force the MGF hash function to be SHA-1 [default = same as signature hash algorithm]

Smime.Options Enumeration

Options for S/MIME methods

Syntax

[C#]
[FlagsAttribute]
public enum Options
[VB.NET]
<FlagsAttribute> _
Public Enumeration Options

Members

Member nameDescription
Default
Default options
EncodeBase64
Encode output in base64
EncodeBinary
Encode body in binary encoding
AddX
Add an "x-" to the content subtype (for compatibility with legacy applications)

Wipe.Options Enumeration

Wipe options.

Syntax

[C#]
public enum Options
[VB.NET]
Public Enumeration Options

Members

Member nameDescription
Default
Default options (DOD 7-pass)
Dod7Pass
DOD 7-pass (default)
Simple
Overwrite with single pass of zero bytes (quicker but less secure).

X509.CertOptions Enumeration

Options to create X.509 certificate.

Syntax

[C#]
[FlagsAttribute]
public enum CertOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration CertOptions

Members

Member nameDescription
Default
Default options
FormatPem
Create in PEM-encoded text file [default = binary DER-encoded]
UTF8String
Encode distinguished name as UTF8String [default = PrintableString]
NoBasicConstraints
Disable the BasicConstraints extension [default = include]
SetAsCA
Set the BasicConstraints subject type to be a CA [default = End Entity]
VersionOne
Create a Version 1 certificate, i.e. no extensions [default = Version 3]
AuthKeyId
Add the issuer's KeyIdentifier, if present, as an AuthorityKeyIdentifer [default = do not add]
Pss_SaltLenZero
Use a zero-length salt in an RSA-PSS signature [default = hLen the length of the digest output]
Ecdsa_Deterministic
Use the deterministic digital signature generation procedure of [RFC6979] for an ECDSA signature.

X509.CrlOptions Enumeration

Options to create Certificate Revocation List (CRL)

Syntax

[C#]
[FlagsAttribute]
public enum CrlOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration CrlOptions

Members

Member nameDescription
Default
Default options
FormatPem
Create in PEM-encoded text file [default = binary DER-encoded]
Pss_SaltLenZero
Use a zero-length salt in an RSA-PSS signature [default = hLen the length of the digest output]
Ecdsa_Deterministic
Use the deterministic digital signature generation procedure of [RFC6979] for an ECDSA signature.

X509.CsrOptions Enumeration

Options to create PKCS#10 certificate signing request (CSR)

Syntax

[C#]
[FlagsAttribute]
public enum CsrOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration CsrOptions

Members

Member nameDescription
Default
Default options
FormatBinary
Create in binary format [default = PEM-encoded text file]
UTF8String
Encode distinguished name as UTF8String [default = PrintableString]
RequestKludge
Create a request with the "kludge" that omits the strictly mandatory attributes completely [default = include attributes with zero-length field]
Pss_SaltLenZero
Use a zero-length salt in an RSA-PSS signature [default = hLen the length of the digest output]
Ecdsa_Deterministic
Use the deterministic digital signature generation procedure of [RFC6979] for an ECDSA signature.

X509.KeyUsageOptions Enumeration

Options for key usage in certificate

Syntax

[C#]
[FlagsAttribute]
public enum KeyUsageOptions
[VB.NET]
<FlagsAttribute> _
Public Enumeration KeyUsageOptions

Members

Member nameDescription
None
Key usage extension is not included.
DigitalSignature
subject public key is used for verifying digital signatures.
NonRepudiation
subject public key is used to verify digital signatures used to provide a non-repudiation service.
KeyEncipherment
subject public key is used for enciphering private or secret keys, i.e., for key transport.
DataEncipherment
subject public key is used for directly enciphering raw user data (uncommon).
KeyAgreement
subject public key is used for key agreement.
KeyCertSign
subject public key is used for verifying signatures on public key certificates.
CrlSign
subject public key is used for verifying signatures on certificate revocation lists.
EncipherOnly
subject public key may be used only for enciphering data while performing key agreement (only if keyAgreement bit is also set).
DecipherOnly
subject public key may be used only for deciphering data while performing key agreement (only if keyAgreement bit is also set).

Remarks

Reference: [RFC5280] s4.2.1.3 Key Usage

X509.OutputOpts Enumeration

Options to format or re-encode output.

Syntax

[C#]
[FlagsAttribute]
public enum OutputOpts
[VB.NET]
<FlagsAttribute> _
Public Enumeration OutputOpts

Members

Member nameDescription
Default
Default options
Latin1
Encode distinguished name in Latin-1 encoding, if possible.
Unicode
Output distinguished name in Unicode character set (UTF-8 or UTF-16 as appropriate).
Ldap
Output distinguished name in LDAP string representation.
Decimal
Output serial number in decimal format [default = hex].

Xof.Alg Enumeration

eXtendable-Output Function (XOF) algorithm.

Syntax

[C#]
public enum Alg
[VB.NET]
Public Enumeration Alg

Members

Member nameDescription
Shake128
SHAKE128 (as per FIPS PUB 202)
Shake256
SHAKE256 (as per FIPS PUB 202)
Mgf1_Sha1
MGF1-SHA-1 (as per PKCS#1)
Mgf1_Sha256
MGF1-SHA-256 (as per PKCS#1)
Mgf1_Sha512
MGF1-SHA-512 (as per PKCS#1)

Index

Asn1 Class
Cipher Class
Classes
Cms Class
Cnv Class
Compr Class
CryptoSysPKI Namespace
Ecc Class
Enumerations
General Class
Hash Class
Hmac Class
Hpke Class
Kdf Class
Methods
Ocsp Class
Pbe Class
Pem Class
Pfx Class
Prf Class
Pwd Class
Rng Class
Rsa Class
Sig Class
Smime Class
Tdea Class
Wipe Class
X509 Class
Xof Class
Copyright © 2005-24 D.I. Management Services Pty Limited t/a CryptoSys ABN 78 083 210 584 Australia. All rights reserved. <https://di-mgt.com.au> <https://cryptosys.net>. Generated 2024-01-01T09:39:50Z by manDotNetSimplified.pl 1.0.1.