Cryptography - Create
Declaration
<AMCRYPTOGRAPHY ACTIVITY="create" KEYCONTAINERNAME="text" KEYCONTAINERLEVEL="text (options)" KEYSIZE="number (options)" />
Description: Creates a machine-level or user-level key container. A key container is a part of the key database in Microsoft Windows operating systems that contains all the key pairs (public and private keys) belonging to a specific user or computer.
Practical Usage
Used to encrypt or decrypt data for applications that run under the specific user or machine identity. Other cryptography activities (e.g., Encrypt, Sign, Verify) can be used subsequent to this step.
General Parameters
|
Property |
Type |
Required |
Default |
Markup |
Description |
|---|---|---|---|---|---|
|
Key Container Name |
Text |
Yes |
(Empty) |
KEYCONTAINERNAME="Automate" |
The unique name to assign the key container in which to create. |
|
Key Container Level |
Text Options |
No |
User |
|
Specifies whether the new key container should be set to User-Level or Machine-Level. Microsoft Windows makes Machine-Level key containers available to all users, whereas a User-Level key container is available only to the user that created (or imported) the key container. The available options are:
|
Description tab - A custom description can be provided on the Description tab to convey additional information or share special notes about a task step.
Error Causes tab - Specify how this step should behave upon the occurrence of an error. (Refer to Task Builder > Error Causes Tab for details.)
On Error tab - Specify what AWE should do if this step encounters an error as defined on the Error Causes tab. (Refer to Task Builder > On Error Tab for details.)
Comparing Machine-Level and User-Level RSA Key Containers
User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that makes use of the user-level RSA key container to encrypt or decrypt protected configuration sections, they are inconvenient to use.
Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.
Examples
The sample AML code below can be copied and pasted directly into the Steps panel of the Task Builder.
Example 1: Create USER-Level Key Container
<AMCRYPTOGRAPHY ACTIVITY="create" KEYCONTAINERNAME="AutoMate" KEYCONTAINERLEVEL="user" KEYSIZE="2048" />
Example 2: Create MACHINE-Level Key Container
<AMCRYPTOGRAPHY ACTIVITY="create" KEYCONTAINERNAME="AutoMate" KEYCONTAINERLEVEL="machine" KEYSIZE="8192" />