CryptoManager Object

Overview

CryptoManager is the main AspEncrypt object which is creatable via the CreateObject or New statement. This object serves as an "object factory" for the other AspEncrypt objects.

Member List

Properties

Expires As String (Read-only)
Returns the component's expiration date. If a valid registration key is installed this property returns 9/9/9999. If the expiration value in the registry is missing or currupt, it returns 0 (displayed as 12:00:00 AM).
IncludeErrorCode As Boolean (Read/Write)
If set to True, instructs CryptoManager to prepend all system error descriptions with the genuine NT error codes in the Hex format. False by default.
RegKey As String (Write-only)

Specifies the registration key. If this property is not set, AspEncrypt will look for a registration key in the system registry under HKLM\Software\Persits Software\AspEncrypt\RegKey.

This property was added in Version 2.4.

Version As String (Read-only)

Returns the component's current version as a string in the following format:

"2.5.0.0" (Double quotes are not part of the returned value.)

Methods

Function CreateBlob() As CryptoBlob

Creates an empty CryptoBlob object which can be used to export, store, convert and import binary data.

Usage:

Set Blob = CM.CreateBlob
Sub DeleteKeySet(Container As String, MachineKey As Boolean)

Permanently deletes all keys from a key container specified by Container and MachineKey.

Usage:

CM.DeleteKeySet "mycontainer", True
Function ImportCertFromBlob(Blob As CryptoBlob) As CryptoCert
Imports a DER-encoded X.509 certificate (.cer) from a Blob. This method is useful when accessing a client certificate received through ASP's Request.ClientCertificate("Certificate") object.

Usage:

Set Blob = CM.CreateBlob
Blob.Binary = Request.ClientCertificate("Certificate").Item
Set Cert = CM.ImportCertFromBlob(Blob)

Relevant Section: 4.3 Certificate Exporting and Importing.

Function ImportCertFromFile(Path As String) As CryptoCert

Imports a DER-encoded X.509 certificate (.cer) from a file specified by Path into a CryptoCert object. The file may be either in the binary or Base64-encoded form.

Return value: a CryptoCert object representing the newly opened certificate.

Usage:

Set Cert = CM.ImportCertFromFile("d:\path\somecert.cer")

Relevant Section: 4.3 Certificate Exporting and Importing.

Function ImportCrlFromFile(Path As String) As CryptoCrl

Imports a certificate revocation list (CRL) in the .crl format from a file specified by Path into a CryptoCrl object.

Return value: a CryptoCrl object representing the newly opened CRL.

Usage:

Set CRL = CM.ImportCrlFromFile("d:\path\list.crl")
Function ImportStoreFromBlob(Blob As CryptoBlob) As CryptoStore

Imports a collection of certificates in the PKCS#7 format (.spc) from binary data specified by Blob into a CryptoStore object. This method was added in Version 2.4.

Return value: a CryptoStore object representing the newly opened certificate store.

Usage:

Set Store = CM.ImportStoreFromBlob( Blob )

Relevant Section: 4.3 Certificate Exporting and Importing.

Function ImportStoreFromFile(Path As String) As CryptoStore

Imports a collection of certificates in the PKCS#7 format (.spc) from a file specified by Path into a CryptoStore object.

Return value: a CryptoStore object representing the newly opened certificate store.

Usage:

Set Store = CM.ImportStoreFromFile("d:\path\store.cer")

Relevant Section: 4.3 Certificate Exporting and Importing.

Sub LogonUser(Domain As String, Username As String, Password As String, Optional Flags = LOGON_INTERACTIVE)

Impersonates an arbitrary user account. Use this method to avoid an "Access Denied" error caused by the current user (such as IUSR_MACHINENAME) lacking permissions to perform a sensitive operation such as opening a certificate store.

If Domain is empty the local computer will be used to validate the specified username/password.

Flags may be set to values 2 (LOGON_INTERACTIVE, default), 3 (LOGON_NETWORK), 4 (LOGON_BATCH) and 5 (LOGON_SERVICE).

Usage:

CM.LogonUser "mydomain", "admin", "xxx"
Function OpenContext(Container As String, MachineKey As Boolean, Optional CreateNew = False) As CryptoContext

Opens a cryptographic context. Container specifies the key container name. MachineKey specifies whether the container is located under the HKEY_LOCAL_MACHINE (if True) or HKEY_CURRENT_USER (if False) section of the system registry. Use True if AspEncrypt is used in an ASP environment, or False otherwise.

If the specified container is empty a key-exchange and signature key pairs will be created automatically. If CreateNew is specified and set to True the key container will be populated by a new set of key pairs.

As of Version 2.5, Container may contain public-key length separated from the container name with "##", e.g. "mycontainer##2048". By default, the key length is 1024.

This method uses the default cryptographic service provider. To specify a provider name explicitly, use OpenContextEx instead.

When a container name is not specified, AspEncrypt does not attempt to access private keys, which results in a significant improvement in performance and eliminates certain concurrency problems. You should not use the containerless mode if you call the method Context.GetUserKey . You must use this mode if you call the methods Context.CreateExponentOneKey and Context.ImportRawKey.

Usage:

Set Context = CM.OpenContext("mycontainer", True) ' (key length: 1024)
Set Context = CM.OpenContext("", True)
Set Context = CM.OpenContext("mycontainer##2048", True) ' (key length: 2048, requires version 2.5+)

Relevant Section: 2.2 OpenContext and OpenContextEx Methods.

Function OpenContextEx(Provider As String, Container As String, MachineKey As Boolean, Optional CreateNew = False) As CryptoContext

Same as OpenContext, but allows you to specify a Cryptographic Service Provider explicitly rather than relying on the default provider.

Usage:

Set Context = CM.OpenContextEx("Microsoft Enhanced RSA and AES Cryptographic Provider", "", False)

Relevant Section: 2.2 OpenContext and OpenContextEx Methods.

Function OpenStore(Name As String, MachineKey As Boolean) As CryptoStore

Opens a certificate store. Name specifies the store name. MachineKey specifies whether the store is located under the HKEY_LOCAL_MACHINE (if True) or HKEY_CURRENT_USER (if False) section of the system registry.

Return value: a CryptoStore object representing the newly opened certificate store.

Usage:

Set Store = CM.OpenStore("MY", True)

Relevant Section: 4.2 Working with Certificate Stores.

Function OpenStoreFromPFX(Path As String, Password As String) As CryptoStore

Opens a Personal Information Exchange (a.k.a. PKCS#12) file containing a certificate together with its private key. Path specifies the location of the file. Password specifies the password used to encrypt private key information in the file. A certificate obtained this way can be used to generate digital signatures and send signed mail.

Return value: a CryptoStore object representing the newly opened certificate store.

Usage:

Set Store = CM.OpenStoreFromPFX("c:\path\myfile.pfx", "password")
Set Cert = Store.Certificates(1)
Set SignerContext = Cert.PrivateKeyContext

Relevant Task: 4.4 Support for PKCS#12 (PFX) Format.

Function OpenStoreFromPFXBlob(Blob As CryptoBlob, Password As String) As CryptoStore

Same as OpenStoreFromPFX but opens the PFX file from a memory buffer contained in Blob as opposed to a disk file.

This method was introduced in Version 2.8

Relevant Task: 4.4 Support for PKCS#12 (PFX) Format.

Sub RevertToSelf()

Ends impersonation begun by LogonUser.

Usage:

CM.RevertToSelf
Sub SetDefaultProvider(Name As String)

Specifies the default cryptographic service provider for the current user.

This method is obsolete on Windows 2003 and later.

CryptoContext
Other Products
AspUpload
AspEmail
AspEmail.NET
AspJpeg
AspJpeg.NET
AspHEIF
AspPDF
AspPDF.NET
AspGrid
AspUser