CryptoManager is the main AspEncrypt object which is creatable via the CreateObject or New statement. This object serves as an "object factory" for the other AspEncrypt objects

To create an instance of the CryptoManager object in a VB environment, open your VB project, select References... from the Project menu, check the box next to Persits Software AspEncrypt 1.0 in the References dialog, then click OK.

You can now declare a CryptoManager object variable as follows:

Dim CM As CryptoManager

Create an instance of the CryptoManager object as follows:

Set CM = New CryptoManager

In the ASP environment, you may create an instance of the CryptoManager object with ASP script, as follows:

<%
Set CM = Server.CreateObject("Persits.CryptoManager")
...
%>

You may also use the HTML OBJECT tag, as follows:

<OBJECT RUNAT="Server" ID="CM" PROGID="Persits.CryptoManager">
</OBJECT>

Properties	Methods
IncludeErrorCode Expires Version	LogonUser RevertToSelf SetDefaultProvider OpenContext OpenContextEx OpenStore OpenStoreFromPFX ImportCertFromFile ImportCertFromBlob ImportStoreFromFile ImportCrlFromFile CreateBlob

---

IncludeErrorCode As Boolean (Read/Write)

If set to True, instructs CryptoManager to prepend all system error descriptions with the genuine NT error codes in the Hex format. False by default.

---

Expires As Date (Read-only)

Returns the component's expiration date. If a valid registration key is installed this property returns 9/9/9999. If the expiration value in the registry is missing or currupt, it returns 0 (displayed as 12:00:00 AM).

---

Version As String (Read-only)

Returns the component's current version as a string in the following format:

"2.2.0.0" (Double quotes are not part of the returned value.)

---

---

Sub LogonUser ( Domain As String, Username As String, Password As String, Optional Flags = LOGON_INTERACTIVE )

Impersonates an arbitrary user account. Use this method to avoid an "Access Denied" error caused by the current user (such as IUSR_MACHINENAME) lacking permissions to perform a sensitive operation such as opening a certificate store.

If Domain is empty the local computer will be used to validate the specified username/password.

Flags may be set to values 2 (LOGON_INTERACTIVE, default), 3 (LOGON_NETWORK), 4 (LOGON_BATCH) and 5 (LOGON_SERVICE).

If you are getting the error "A required privilege is not held by the client", see question Q203 of the FAQ for trouble-shooting tips.

Usage:

CM.LogonUser "mydomain", "admin", "xxx"

---

Sub RevertToSelf

Ends impersonation begun by LogonUser.

Usage:

CM.RevertToSelf

---

Sub SetDefaultProvider ( Name As String )

Specifies the default cryptographic service provider for the current user.

Usage:

CM.SetDefaultProvider "Microsoft Enhanced Cryptographic Provider v1.0"

Relevant Task: Learn about Windows Cryptography.

---

Function OpenContext ( Container As String, MachineKey As Boolean, Optional CreateNew = False ) As CryptoContext

Opens a cryptographic context. Container specifies the key container name. MachineKey specifies whether the container is located under the HKEY_LOCAL_MACHINE (if True) or HKEY_CURRENT_USER (if False) section of the system registry. Use True if AspEncrypt is used in an ASP environment, or False otherwise.

If the specified container is empty a key-exchange and signature key pairs will be created automatically. If CreateNew is specified and set to True the key container will be populated by a new set of key pairs.

This method uses the default cryptographic service provider. To specify a provider name explicitly, use OpenContextEx instead.

New in 2.1 When a container name is not specified, AspEncrypt does not attempt to access private keys, which results in a significant improvement in performance and eliminates certain concurrency problems. You should not use the containerless mode if you call the method Context.GetUserKey . You must use this mode if you call the methods Context.CreateExponentOneKey and Context.ImportRawKey.

Return value: a CryptoContext object representing the newly opened cryptographic context.

Usage:

Set Context = CM.OpenContext("mycontainer", True)

or

Set Context = CM.OpenContext("", True)
(containerless mode, requires AspEncrypt 2.1+)

Relevant Task: Manage Cryptographic Providers and Contexts.

---

Function OpenContextEx ( Provider As String, Container As String, MachineKey As Boolean, Optional CreateNew = False ) As CryptoContext

Same as OpenContext, but allows you to specify a Cryptographic Service Provider explicitly rather than relying on the default provider.

Usage:

Set Context = CM.OpenContextEx("Microsoft Enhanced Cryptographic Provider v1.0", "mycontainer", False)

Relevant Task: Manage Cryptographic Providers and Contexts.

---

Function OpenStore ( Name As String, MachineKey As Boolean ) As CryptoStore

Opens a certificate store. Name specifies the store name. MachineKey specifies whether the store is located under the HKEY_LOCAL_MACHINE (if True) or HKEY_CURRENT_USER (if False) section of the system registry.

Return value: a CryptoStore object representing the newly opened certificate store.

Usage:

Set Store = CM.OpenStore("MY", True)

Relevant Task: Manage Certificates and Certificate Stores.

---

Function OpenStoreFromPFX ( Path As String, Password As String ) As CryptoStore

Opens a Personal Information Exchange (a.k.a. PKCS#12) file containing a certificate together with its private key. Path specifies the location of the file. Password specifies the password used to encrypt private key information in the file. A certificate obtained this way can be used to generate digital signatures and send signed mail.

Return value: a CryptoStore object representing the newly opened certificate store. This method uses an undocumented CryptoAPI function PFXImportCertStore from the library Crypt32.dll. For this method to work under IIS 5.0, you must call CM.RevertToSelf prior to calling OpenStoreFromPFX, and your virtual directory's Application Protection option must be set to Low. Otherwise you will receive the error

Persits.CryptoManager.1 (0x800A0055)
The system cannot find the file specified.

Usage:

CM.RevertToSelf
Set Store = CM.OpenStoreFromPFX("c:\path\myfile.pfx", "password")
Set Cert = Store.Certificates(1)
Set SignerContext = Cert.PrivateKeyContext

Relevant Task: Manage Certificates and Certificate Stores.

---

Function ImportCertFromFile ( Path As String ) As CryptoCert

Imports a DER-encoded X.509 certificate (.cer) from a file specified by Path into a CryptoCert object. The file may be either in the binary or Base64-encoded form.

Return value: a CryptoCert object representing the newly opened certificate.

Usage:

Set Cert = CM.ImportCertFromFile("d:\path\somecert.cer")

Relevant Task: Manage Certificates and Certificate Stores.

---

Function ImportCertFromBlob ( Blob As CryptoBlob ) As CryptoCert

Imports a DER-encoded X.509 certificate (.cer) from a Blob. This method is useful when accessing a client certificate received through ASP's Request.ClientCertificate("Certificate") object.

Return value: a CryptoCert object representing the imported certificate.

Usage:

Set Blob = CM.CreateBlob
Blob.Binary = Request.ClientCertificate("Certificate")
Set Cert = CM.ImportCertFromBlob(Blob)

Relevant Task: Manage Certificates and Certificate Stores.

---

Function ImportStoreFromFile ( Path As String ) As CryptoStore

Imports a collection of certificates in the PKCS#7 format (.spc) from a file specified by Path into a CryptoStore object.

Return value: a CryptoStore object representing the newly opened certificate store.

Usage:

Set Store = CM.ImportStoreFromFile("d:\path\store.cer")

Relevant Task: Manage Certificates and Certificate Stores.

---

Function ImportCrlFromFile ( Path As String ) As CryptoCrl

Imports a certificate revocation list (CRL) in the .crl format from a file specified by Path into a CryptoCrl object.

Return value: a CryptoCrl object representing the newly opened CRL.

Usage:

Set CRL = CM.ImportCrlFromFile("d:\path\list.crl")

---

Function CreateBlob

Creates an empty CryptoBlob object which can be used to export, store, convert and import binary data.

Return value: an empty CryptoBlob object.

Usage:

Set Blob = CM.CreateBlob

---

Sub DeleteKeySet ( Container As String, MachineKey As Boolean )

Permanently deletes all keys from a key container specified by Container and MachineKey.

Usage:

CM.DeleteKeySet "mycontainer", True