The dddInfraApps.pas unit publishes the following ECCAuthorize function and type:

type
  TECCAuthorize = (eaSuccess, eaInvalidSecret, eaMissingUnlockFile,
    eaInvalidUnlockFile, eaInvalidJson);

function ECCAuthorize(aContent: TObject; aSecretDays: integer; const aSecretPass, aDPAPI, aDecryptSalt, aAppLockPublic64: RawUTF8; const aSearchFolder: TFileName = ''; aSecretInfo: PECCCertificateSigned = nil; aLocalFile: PFileName = nil): TECCAuthorize;

This function will use several asymmetric key sets:

  • A main key set, named e.g. applock.public and applock.private, shared for all users of the system;
  • Several user-specific key sets, named e.g. userhost.public and userhost.secret, one for each user and associated computer host name.

When the ECCAuthorize function is executed, it will search for a local userhost.unlock file, named after the current logged user and the computer host name. Of course, the first time the application is launched for this user, there will be no such file. It will create two local userhost.public and userhost.secret files and return eaMissingUnlockFile.

The main key set will be used to digitally sign the unlock file.
User-specific key sets will be used to encrypt the unlock file.

Please check for updated information in our online documentation!

Feedback is welcome in our forum, as usual.