PKIBlackbox package

PKIBlackbox includes the components and functions, related to Public Key Infrastructure. This includes X.509 certificates, CRLs (certificate revocation lists), certificate requests, certificate storages.

PKIBlackbox includes classes for accessing and using cryptographic hardware (USB tokens, smartcards) via CryptoAPI or PKCS#11 interfaces.

With PKIBlackbox you can perform digital signing, timestamping and encryption of the data using PKCS#7 standard.

PKIBlackbox includes the following components:

Component name Summary X.509 certificates ElX509Certificate Main certificate class which provides methods to generate the certificate and a private key, load and save the certificate to/from different formats and validate the child certificate with CA certificate. Certificate storages ElCustomCertStorage The base certificate storage class that holds one or many certificates, lets you validate certificates and load and save them to/from various formats. Descendants of this class implement actual containers for the certificates being held. ElMemoryCertStorage The class extends ElCustomCertStorage and lets you hold the certificates in memory. ElWinCertStorage Provides access to certificates via Windows CryptoAPI. ElPKCS11CertStorage Provides access to certificate storages via PKCS#11 API CRL and CRL extensions ElCertificateRevocationList This class represents a CertificateRevocation List (CRL). OCSP ElOCSPClient Provides client-side functionality for Online Certificate Status Protocol (OCSP). ElOCSPServer Provides server-side functionality for Online Certificate Status Protocol (OCSP). ElHTTPOCSPClient Implements OCSP (online certificate status protocol) functionality over HTTP transport. ElFileOCSPClient Implements OCSP client-side protocol functionality with file transport. CMS ElSignedCMSMessage Represents a signed message according to Crytographic Message Syntax (CMS) standard. Simple data security ElMessageEncryptor This class is used to encrypt blocks of data and save encrypted data in PKCS#7 format. ElMessageDecryptor This class is used to decrypt data saved in PKCS#7 format. ElMessageSigner This class is used to sign the data and save the signed data in PKCS7 format. ElMessageVerifier This class is used to verify digital signature for a signed data. PKI-based timestamping ElFileTSPClient Implements TSP client functionality with file transport. ElFileTSPServer Implements TSP-server functionality with file transport. ElHTTPTSPClient Implements TSP protocol functionality and sends requests to the server using HTTP transport. Authenticode ElAuthenticodeSigner This class is used to sign EXE and DLL files with certificates. ElAuthenticodeVerifier This class is used to verify and remove file signatures in EXE and DLL files.

Supplementary classes included into PKIBlackbox are

Class name Summary X.509 certificates ElX509CertificateChain Represents a chain of X.509 certificates. ElCertificateLookup This class is designed for searching certificates in storage. ElCertificateRequest This class represents information stored in certificate request in PKCS#10 format. ElAccessDescription Defines single Access Description element in Authority Information Access extension. ElDistributionPoint Contains information about single distribution point. ElEDIPartyName This class is used to keep the EDI (Electronic Data Interchange) Party Name. ElGeneralName This class is used to store various information about identity. ElGeneralNames Represents a list of ElGeneralName objects. ElNameConstraint This class is used to store information about a single Permitted/Excluded tree. ElOtherName This class is used to contain various data in form of «ObjectID = Value» which represent "names". ElPolicyMapping This class corresponds to a single Policy Mapping. ElRelativeDistinguishedName This class is used to contain various data in form of «Object Identifier = Value» which represent "names". ElSinglePolicyInformation Provides storing information about a single certificate policy. ElUserNotice Represents a user notice, which is displayed to a relying party when a certificate is used. Certificate storages ElFileCertStorage Provides access to certificate storages stored in files (PKCS#7 file format) ElPKCS11SessionInfo Provides information about a session established with a security token. ElPKCS11SlotInfo This class provides information about the slot and the token plugged in at the moment. ElPKCS11Module Provides functionality to access the cryptographic token. ElPKCS11Manager ElPKCS11Manager provides functionality to manage Cryptoki objects. ElPKCS11Object This class represents a PKCS#11 object: data, a certificate, or a key, stored on cryptographic token. ElPKCS11DataObject This class represents a data object stored on cryptographic token ElPKCS11CertificateObject This class represents a certificate stored on cryptographic token. ElPKCS11KeyObject This class represents a key stored on cryptographic token. ElPKCS11PublicKeyObject This class represents a public key stored on cryptographic token. ElPKCS11PrivateKeyObject This class represents a private key stored on cryptographic token. ElPKCS11SecretKeyObject This class represents a secret key stored on cryptographic token. Certificate extensions ElCustomExtension The base class for other certificate extensions. ElNetscapeString The base class for certificate extensions classes which main point is one string. ElCertificateExtensions This class stores extensions of a single X.509 certificate. ElAlternativeNameExtension Represents an Alternative Name extension. ElAuthorityInformationAccessExtension The authority information access extension indicates how to access CA information for the issuer of the certificate. ElAuthorityKeyIdentifierExtension This extension is used to keep a «Fingerprint» of issuer's public key. ElBasicConstraintsExtension The basic constraints extension defines whether the subject of the certificate is a CA and how deep the certification path starting from this CA may be. ElCertificatePoliciesExtension Represents a Certificate Policies extension. ElCRLDistributionPointsExtension Represents a CRL Distribution Points extension. ElExtendedKeyUsageExtension Represents an Extended Key Usage extension. ElKeyUsageExtension This extension defines the purpose of the key contained in the certificate. ElNameConstraintsExtension Indicates a name space within which all subject names in subsequent certificates in a certification path shall be located. ElNetscapeCertTypeExtension Specifies the intended purpose of certificate. ElPolicyConstraintsExtension Represents a Policy Constraints extension. ElPolicyMappingsExtension Represents a Policy Mappings extension. ElPrivateKeyUsagePeriodExtension Represents a Private Key Usage Period extension. ElSubjectKeyIdentifierExtension Represents a Subject Key Identifier extension. ElSubjectDirectoryAttributesExtension Represents a Subject Directory Attributes extension. CRL and CRL extensions ElRevocationItem This class represents each certificate in the CRL. ElCRLExtension The base class for all CRL extensions. ELCRLExtensions This class is used to specify the extensions of the CRL itself. ElCRLEntryExtensions Specifies extensions for each certificate information item in the CRL. ElAuthorityKeyIdentifierCRLExtension Represents a Authority Key Identifier CRL extension. ElCertificateIssuerCRLExtension This extension is used to identify the certificate issuer. ElCRLNumberCRLExtension This extension contains a CRL Number. ElDeltaCRLIndicatorCRLExtension This extension contains delta CRL indicator. ElHoldInstructionCodeCRLExtension This extension is contains a registered instruction identifier which indicates the action to be taken after encountering a certificate that has been placed on hold. ElInvalidityDateCRLExtension This extension contains the date of the certificate compromise. ElReasonCodeCRLExtension This extension contains the reason of the certificate revocation. OCSP ElOCSPResponse Represents a single response from OCSP server. ElOCSPResponderID Identifies an OCSP responder. ElOCSPSingleResponse This class represents a SingleResponse element of the Responses list contained in the OCSP response. CMS ElCMSSignature Represents a CMS signature. ElASN1DirectoryString Represents an ASN.1 string used in X.500 directory services. ElCMSCertificateRefs Provides functionality to store and manage the list of certificate identifiers. ElCMSCommitmentTypeIndication Stores information about the commitment type of a CMS signature. ElCMSContent Stores content of a CMS message. ElCMSContentHints Stores the description of the CMS message content. ElCMSContentReference References the content of the CMS message. ElCMSCRLIdentifier This class contains identifier of the CRL. ElCMSCRLValidatedID This class stores information which identifies a CRL. ElCMSHash This class serves to keep the hash calculated on some data. ElCMSMessage The base class for ElSignedCMSMessage. It provides basic functionality to create, open, and save a CMS message. ElCMSOCSPIdentifier This class identifies an OCSP responce. ElCMSOCSPResponsesID This class represents an identifier of the OCSP response. ElCMSProperty The base class for all properties of the CMS signature. ElCMSRevocationRef This class stores references to various revocation information. ElCMSRevocationRefs Represents a list of ElCMSRevocationRef elements. ElCMSRevocationValues Stores all revocation information of the CMS signature. ElCMSSignaturePolicy Stores information about the signature policy of a CMS signature. ElCMSSignerIdentifier This class stores information about the signer. ElCMSSignerLocation Stores information about signer's location. ElCMSSigningCertificate Containes a list of references to certificates and digest values computed on them. ElCMSSigPolicyQualifier Contains additional information qualifying the signature policy identifier. ElCMSTimestamp Represents a timestamp to be used with CMS signatures. Simple data security ElPKCS7Attributes This class is used to store auxiliary information for a signed message. ElPKCS7Issuer This class is used as a certificate identifier. ElPKCS7Signer Identifies message signer according to PKCS#7 standard. PKI-based timestamping ElCustomTSPServer Implements functionality common for all TSP servers. ElCustomTSPClient Provides common interface for all TSP clients. ElTSPInfo This class is a container for storing parameters for or from timestamp signature. ElClientTSPInfo Contains parameters to be sent to the server or the ones received in the server response. ElServerTSPInfo Provides access to timestamp parameters. Low-level cryptography ElKeyMaterial The base class for all key material classes. It provides base interface for accessing the containers for public/private and secret key data, stored as a sequence of bytes. Asymmetric (public key based) ElPublicKeyCryptoFactory This class is used to create instances of algorithm-specific ElPublicKeyCrypto classes. ElPublicKeyMaterial Descendants of this class are responsible for storing key material for particular public key encryption algorithms. ElPublicKeyCrypto This class is an ancestor for classes that implement particular public key encryption algorithms. ElRSAKeyMaterial This class is responsible for storing RSA key material. ElRSAPublicKeyCrypto This class is responsible for cryptographic computations according to RSA algorithm specification (PKCS#1). ElDSAKeyMaterial This class is responsible for storing DSA key material. ElDSAPublicKeyCrypto This class is responsible for cryptographic computations according to DSA (DSS) specification (FIPS186-2). ElElgamalKeyMaterial This class is responsible for storing ElGamal key material. ElElgamalPublicKeyCrypto This class is responsible for cryptographic computations implicating the Elgamal signature algorithm. Symmetric (secret key based) ElSymmetricCryptoFactory This class is used to create instances of algorithm-specific ElSymmetricCrypto classes. ElSymmetricKeyMaterial This class is responsible for storing key material for symmetric encryption algorithms. ElHMACKeyMaterial This class is responsible for storing key material for HMAC algorithm. ElHashFunction Provides functionality for hash computation. ElSymmetricCrypto This class is a base class for all symmetric encryption classes. El3DESSymmetricCrypto This class provides functionality for encryption and decryption using 3DES (TripleDES) block symmetric algorithm. ElAESSymmetricCrypto This class provides functionality for encryption and decryption using AES block symmetric algorithm. ElBlowfishSymmetricCrypto This class provides functionality for encryption and decryption using Blowfish block symmetric algorithm. ElCamelliaSymmetricCrypto This class provides functionality for encryption and decryption using Camellia block symmetric algorithm. ElCAST128SymmetricCrypto This class provides functionality for encryption and decryption using CAST128 block symmetric algorithm. ElDESSymmetricCrypto This class provides functionality for encryption and decryption using DES block symmetric algorithm. ElIDEASymmetricCrypto This class provides functionality for encryption and decryption using IDEA block symmetric algorithm. ElRC2SymmetricCrypto This class provides functionality for encryption and decryption using RC2 block symmetric algorithm. ElRC4SymmetricCrypto This class provides functionality for encryption and decryption using RC4 block symmetric algorithm. ElSerpentSymmetricCrypto This class provides functionality for encryption and decryption using Serpent block symmetric algorithm. ElTwofishSymmetricCrypto This class provides functionality for encryption and decryption using Twofish block symmetric algorithm. Crypto providers ElCustomCryptoProvider This is a basic class for all Crypto Providers. ElBuiltInCryptoProvider This class represents a built-in SecureBlackbox crypto provider. ElWin32CryptoProvider This class represents a Win32 crypto provider. ElPKCS11CryptoProvider This class represents a PKCS#11 crypto provider. ElDLLCryptoProvider This class represents a DLL crypto provider.