Generate Key Files Action

Declaration

<AMGENERATEKEYFILES KEYCONTAINERNAME="Filename"KEYCONTAINERLEVEL="text [options]" PRIKEYFILE="Keyname" PUBKEYFILE="Keyname"/>

See Also

Generate Key Files-Setting Properties, Decrypt Action, Encrypt Action, Create Key Container Action, Delete Key Container Action

Description

Generates public and private key files from the specified key container.

Practical Usage

This action can be used as a task step following Create Key Container action to properly generate public and private key files. Other cryptography actions (i.e. Sign, Encrypt, actions) can follow this step allowing the procedure of encrypting and decrypting files to be fully automated.

Parameters

General Tab

Key Container Name

Text, Required
MARKUP: KEYCONTAINERNAME="Automate"

Specifies the name of the key container to identify which public/private key to use. Clicking the Select Key Container button will open a key container browser in which to select a container from.

Key container level

Options, Required
MARKUP: KEYCONTAINERLEVEL="USER"

Specifies whether to use a machine-level or user-level RSA key container. Microsoft Windows makes machine-level key containers available to all users, whereas a user-level key container is available only to the user that created (or imported) the key container. This parameter is active only if the Decrypt using parameter is set to Key Container.

The available options are:

NOTE: More details regarding Machine-Level and User-Level RSA Key Containers can be found below under the Notes section.

Public key file

Text, Required
MARKUP:: PUBKEYFILE="c:\publicfile.pub"

Specifies the path and file name of the public key to be generated.

Overwrite if public key file exists

Option, Required - Default=NO
MARKUP: OVERWRITEPUBKEYFILE="YES"

Indicate that if a public key file with the same name already exists within the location where the new public key will be stored, the existing key will be overwritten.

Private key file

Text, Required
MARKUP:: PRIKEYFILE="c:\privatefile.pri"

Check this box if the public key file is present.

 

Indicate that if a public key file with the same name already exists within the location where the new public key will be stored, the existing key will be overwritten.

Overwrite Private key file

Option, Required
MARKUP: OVERWRITEPRIKEYFILE="YES"

Indicate that if a private key file with the same name already exists within the location where the new private key will be stored, the existing key will be overwritten.

Notes

Comparing Machine-Level and User-Level RSA Key Containers

User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that makes use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.

Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.

Link: http://msdn2.microsoft.com/en-us/library/f5cs0acs.aspx

Custom Description

This action includes the Description tab for entering a custom step description.

More on setting custom step description

Standard Error Handling Options

This action also includes the standard Error Causes and On Error failure handling options/tabs.

More on Error Handling Options

Variables and Expressions

All text fields allow the use of expressions, which can be entered by surrounding the expression in percentage signs (example: %MYVARIABLE%, %Left('Text',2)%). To help construct these expressions, you can open Expression Builder from these fields by pressing F2.

More on variables
More on expressions

More on the expression builder

 

Example

NOTE: The code below can be copied and pasted directly into the Steps pane of the Task Builder.

 

Example 1 - Generate USER Level Key Files

<AMDELETEKEYCONTAINER KEYCONTAINERNAME="marie.black" KEYCONTAINERLEVEL="USER" />

 
Example 2 - Generate MACHINE Level Key Files

<AMDELETEKEYCONTAINER KEYCONTAINERNAME="JavaWebStart" KEYCONTAINERLEVEL="MACHINE" />