Create Key Container

Creates a new Machine-Level or User-Level key container. A Key container is a part of the key database in Windows that contains all the key pairs (public and private keys) belonging to a specific user or machine. Creates a new user or machine level key container used to encrypt or decrypt information for applications that run under the specific user or machine identity. Other cryptography actions (i.e. Encrypt, Sign, Verify actions) can be used in subsequent steps allowing the procedure of encrypting and decrypting files to be fully automated.

Declaration

<AMCREATEKEYCONTAINER KEYCONTAINERNAME="text" KEYCONTAINERLEVEL="text" KEYSIZE="text" />

Example 1 - Create USER-Level Key Container

<AMCREATEKEYCONTAINER KEYCONTAINERNAME="AMTrigger.Action" KEYCONTAINERLEVEL="USER" KEYSIZE="2048" />

Example 2 - Create MACHINE-Level Key Container

<AMCREATEKEYCONTAINER KEYCONTAINERNAME="AutoMate" KEYCONTAINERLEVEL="MACHINE" KEYSIZE="8192" />

See Also: Delete Key Container, Generate Key Files, Sign, Verify, Encrypt, Decrypt

General Tab

Property

Type

Required

Default

Markup

Description

Key Container Name

Text

Yes

(Empty)

KEYCONTAINERNAME="Automate"

Specifies the name of the key container to be created.

Key Container Level

Text

Options

No

User

KEYCONTAINERLEVEL="machine"

Specifies whether the new key container should be set to User-Level or Machine-Level. Microsoft Windows makes Machine-Level key containers available to all users, whereas a User-Level key container is available only to the user that created (or imported) the key container. The available options are:

  • User (Default)

  • Machine

More details regarding Machine-Level and User-Level key containers can be found below under Comparing Machine-Level and User-Level RSA Key Containers.

Key Size

Text Options

Yes

2048

KEYSIZE="8192"

Indicates the size or length of the key (in bits) used in a cryptographic algorithm. AWE uses standardized key sizes based on the asymmetric (RSA) system. The available options are:

  • 1024 (Default)

  • 2048

  • 4096

  • 8192

NOTE: The amount of time it takes to generate a key container is dependent on the key size selected.

Comparing Machine-Level and User-Level RSA Key Containers

User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that makes use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.

Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.