Cryptography
- Create
Declaration
<AMCRYPTOGRAPHY ACTIVITY="create" KEYCONTAINERNAME="text" KEYCONTAINERLEVEL="text (options)" KEYSIZE="number (options)" />
Overview
Creates a machine-level or user-level key container. A key container is a part of the key database in Microsoft Windows operating systems that contains all of the key pairs (public and private keys) belonging to a specific user or computer.
Practical usage
Used to encrypt or decrypt data for applications that run under the specific user or machine identity. Other cryptography activities (for example, Encrypt, Sign, Verify) can be used subsequent to this step.
Parameters
General
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Key container name | Text | Yes | (Empty) | KEYCONTAINERNAME="Automate" | The unique name to assign the key container in which to create. |
| Key container level | Text (options) | No | User |
|
Specifies
if the new key container is set to User-Level or Machine-Level.
Microsoft Windows creates Machine-Level key containers that are available
to all users, whereas a User-Level key container is available
only to the user that created (or imported) the key container.
The available options are:
NOTE: For more information on Machine-Level and User-Level key containers see
Comparing machine-level and user-level RSA key containers. |
| Key size | Text (options) | Yes | 2048 |
|
Indicates
the size or length of the key (in bits) used in a cryptographic
algorithm. Automate Desktop uses standardized key sizes based on the asymmetric
(RSA) system. The key size determines the strength
of encryption as well as the amount of time it takes to generate
the key container (larger key sizes are more secure but take longer
to generate). The available options are:
|
Additional notes
Comparing machine-level and user-level RSA key containers
User-level RSA key containers are stored with the Windows user profile and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that makes use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.
Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are useful because you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all of the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.
Examples
- Copy and paste the sample AML code below directly into the Task Builder Steps Panel.
- To successfully run the sample code, update parameters containing user credentials, files, file paths, or other information specific to the task to match your environment.
Example 1
The following sample task creates a USER-Level Key Container:
<AMCRYPTOGRAPHY ACTIVITY="create" KEYCONTAINERNAME="Automate" KEYCONTAINERLEVEL="user" KEYSIZE="2048" />Example 2
The following sample task creates a MACHINE-Level Key Container:
<AMCRYPTOGRAPHY ACTIVITY="create" KEYCONTAINERNAME="Automate" KEYCONTAINERLEVEL="machine" KEYSIZE="8192" />