Share via


Source Schema for the Cryptography Application Block

This topic lists the XML elements and attributes used to configure the Cryptography Application Block. You can manually edit the XML data, but the Enterprise Library configuration tools greatly simplify this task. If you choose to manually edit the XML, use the schema information contained in this topic.

The configuration file has the following section-handler declaration.

<section name="securityCryptographyConfiguration"
         type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Configuration.CryptographySettings,
               Microsoft.Practices.EnterpriseLibrary.Security.Cryptography" />

The section-handler declaration contains the name of the configuration settings section and the name of the section-handler class that processes configuration data in that section. The name of the configuration settings section is securityCryptographyConfiguration. The name of the section-handler class is CryptographySettings. It is in the Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Configuration namespace**.**

securityCryptographyConfiguration Element

This securityCryptographyConfigration element specifies the configuration of a Cryptography Application Block. This element is required.

Attributes and Child Elements

The following sections describe attributes and child elements of the securityCryptographyConfiguration element.

Attributes

The following table lists the attributes for the securityCryptographyConfiguration element.

Attribute

Description

defaultHashInstance

The hash instance to use if none is specified in the code. This attribute is optional.

defaultSymmetricCryptoInstance

The symmetric key instance to use if none is specified in the code. This attribute is optional.

hashProviders Child Element

The hashProviders element is a child of the securityCryptographyConfiguration element. It lists the hash providers that can be used by the application. This element is optional.

add Child Element

The add element is a child element of the hashProviders element. The add element adds the name of a hash provider. This element is optional. There can be multiple add elements.

Attributes

The following table lists the attributes for the add element.

Attribute

Description

name

The name of the hash provider. The name must be unique within the section. This attribute is required.

type

The type name of a class that derives from the HashAlgorithmProvider class. This attribute is required.

algorithmType

The type name of a class that derives from the HashAlgorithm class. This attribute is required.

saltEnabled

Specifies whether SALT is enabled. A SALT value is a random string pre-pended to the plaintext before hashing to improve the security of the algorithm. Possible values are true and false. This attribute is required.

protectedKeyFilename

Specifies the absolute path and the file name of the file that contains the encrypted key. This attribute is required for keyed hash algorithms.

protectedKeyProtectionScope

Specifies whether the machine store is used for storing secrets or the user store. Possible values are CurrentUser and LocalMachine. This attribute is required for keyed hash algorithms.

symmetricCryptoProviders Child Element

The symmetricCryptoProviders element is a child of the securityCryptographyConfiguration element. It lists the symmetric cryptography providers that can be used by the application. This element is optional.

add Child Element

The add element is a child element of the symmetricCryptoProviders element. The add element adds the name of a symmetric cryptography provider. This element is optional. There can be multiple add elements.

Attributes

The following table lists the attributes for the add element.

Attribute

Description

name

The name of the symmetric cryptography provider. The name must be unique within the section. This attribute is required.

type

The type name of a class that derives from either the SymmetricAlgorithmProvider class or the DpapiSymmetricCryptoProvider class. This attribute is required.

algorithmType

The type name of a class that derives from the SymmetricAlgorithm class. This attribute is required for non-DPAPI symmetric providers. It is not valid for DPAPI symmetric providers.

protectedKeyFilename

Specifies the absolute path and the file name of the file that contains the encrypted key. This attribute is required for non-DPAPI symmetric providers. It is not valid for DPAPI symmetric providers.

protectedKeyProtectionScope

Specifies whether the machine store is used for storing secrets or the user store. Possible values are CurrentUser and LocalMachine. This attribute is required for non-DPAPI symmetric providers. It is not valid for DPAPI symmetric providers.