Cryptography
- Generate key files
Declaration
<AMGENERATEKEYFILES KEYCONTAINERNAME="Filename"KEYCONTAINERLEVEL="text [options]" PRIKEYFILE="Keyname" PUBKEYFILE="Keyname"/>
Description
Generates public and private key files from the specified key container.
Practical usage
This action can be used as a task step following Create key container activity to properly generate public and private key files. Other cryptography actions (for example, Sign and Encrypt) can follow this step allowing the procedure of encrypting and decrypting files to be fully automated.
Parameters
General
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Key container name | Text | Yes | (Empty) | KEYCONTAINERNAME="Automate" | Specifies the name of the key container to identify which public/private key to use. Clicking the Select Key Container button will open a key container browser in which to select a container from. |
| Key container level | Text (Options) | Yes | User |
|
Specifies
whether to use a machine-level or user-level RSA key container.
Microsoft Windows makes machine-level key containers available
to all users, whereas a user-level key container is available
only to the user that created (or imported) the key container.
This parameter is active only if the Decrypt
using parameter is set to Key
Container. The available options are:
|
| Public key file | Text | Yes | (Empty) | PUBKEYFILE="c:\publicfile.pub" | The path and file name of the public key to be generated. |
| Overwrite if public key file exists | Yes/No | No | No | OVERWRITEPUBKEYFILE="YES" | If selected, indicates that if a public key file with the same name already exists in the location to store the new public key, the existing file will be overwritten. If disabled, the matching file will not be overwritten, however, a runtime error will be thrown as a result. |
| Private key file | Text | Yes | (Empty) | PRIKEYFILE="c:\privatefile.pri" | The path and file name of the private key to be generated. |
| Overwrite private key file exists | Yes/No | No | No | OVERWRITEPRIKEYFILE="YES" | If selected, indicates that if a private key file with the same name already exists in the location to store the new private key, the existing file will be overwritten. If disabled, the matching file will not be overwritten, however, a runtime error will be thrown as a result. |
Additional notes
Comparing machine-level and user-level RSA key containers
User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that makes use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.
Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.
Examples
- Copy and paste the sample AML code below directly into the Task Builder Steps Panel.
- To successfully run the sample code, update parameters containing user credentials, files, file paths, or other information specific to the task to match your environment.
Example 1
This sample task generates user-level key files.
<AMCRYPTOGRAPHY ACTIVITY="generate_key_files" KEYCONTAINERNAME="marilyn.monroe " PUBKEYFILE="c:\publicfile.pub" PRIKEYFILE="c:\privatefile.pri" />Example 2
This sample task generates machine-level key files.
<AMCRYPTOGRAPHY ACTIVITY="generate_key_files" KEYCONTAINERNAME="JavaWebStart" KEYCONTAINERLEVEL="machine" PUBKEYFILE="c:\publicfile.pub" PRIKEYFILE="c:\privatefile.pri" />