SecureBlackbox Knowledge Base

What SSL/TLS algorithms are implemented in SecureBlackbox?

SecureBlackbox contains complete support for SSL 2, SSL 3, TLS 1.0 and 1.1, including AES and Camellia. SecureBlackbox doesn't support Elliptic Curves at the mom…

Can I detect insertion and removal of the hardware device (token, cryptocard)?

How to detect insertion and removal of the hardware device (token, cryptocard)?

Why can connection to the SSL/TLS (HTTPS, FTPS, SMTP/S, POP3/S) server be closed without any error indication right after connecting?

The data is sent to the socket in large chunks (1Mb by default) and the progress is reported once for each chunk. Decreasing the chunk size would reduce the spee…

During handshake OnAuthenticationFailed event is fired, but authentication succedes. Why is the event triggered?

SSH protocol supports many authentication methods and you can enable all or some of them. Usually just one authentication method is used during handshake. This m…

With what other PGP software is OpenPGPBlackbox compatible?

OpenPGPBlackbox package of SecureBlackbox is implemented according to RFC 2440 and 4880, which define OpenPGP standard. OpenPGPBlackbox is compatible with any so…

Securing PDF documents

Review of encryption and signing schemes, offered by PDF specification and supported by PDF management tools and components.

Signature background image is not printed or corrupted. How to fix it?

Depending on the image format, if the incorrect image dimension ( TElPDFImage. Width and Height properties) is specified, Adobe software will display a corrupted…

SigningTime element shows the time in UTC, but the recipientwants it to be in local timezone. How do I change the behavior?

For example, SigningTime contains "2016-08-30T14:02:40.000Z", and you need a format like "2016-08-30T14:02:400-05:00". To do this you need to set the signing tim…

(WinRT) I am getting a "Connection failed (error code is -2147024891)" exception when trying to set up a network connection from a WinRT application. What's the matter?

The error code above ( 0x80070005 ) stands for the Access Denied error. You might get this error when connecting to network resources (e.g. by using FTP, HTTP or…

Basics of PAdES (PDF Advanced Electronic Signatures)

Introduction A few people can deny the importance of electronic signature, since electronic documents are a major part of a modern business. It is important that…

How can I extract the certificate from the CRL (Certificate Revocation List)?

How to extract the certificate from the CRL (Certificate Revocation List)?

Why does first HTTPS, FTPS or SMTPS connection to the server take more time than subsequent connections?

Why does first HTTPS, FTPS or SMTPS connection to the server take more time than subsequent connections.

When I try to sign the data using the certificate, contained in Windows (with non-exportable private key), only MD5 hash algorithm works, even if I manually specify SHA* algorithm. Why so?

Windows CryptoAPI doesn't support SHA algorithms for signing by default, so SecureBlackbox reverts to MD5 if CryptoAPI must be used for signing (as it happens in…

How do I modify 'QualifyingProperties' element (main element in XAdES) properties like an Id and/or node prefix?

First, set XAdES interface properties like: PolicyId, ProductionPlace, SignerRole, Included, SigningCertificates, XAdESForm and XAdESVersion. Then call Generate …

How do I make PGP 2.6 understand the data, created with SecureBlackbox?

Set the following properties of TElPGPWriter: SymmetricKeyAlgorithm = 1 UseNewFeatures = false UseOldPackets = true Note, that PGP 2.6 doesn't handle password-en…

SSH or SFTP connection to the server is closed or hangs during data transfer stage (after successful handshake). What should I do?

SSH or SFTP connection to the server is closed or hangs during data transfer stage (after successful handshake). What to do:

Why can connection to the SSL/TLS (HTTPS, FTPS, SMTP/S, POP3/S) server be closed without any error indication right after connecting?

Some servers close connection immediately when they receive client's data packet which they can't parse or don't understand. This is usually either a flaw of the…

When I use Acrobat 6.0, click the signature and hit "e;Signature Properties"e;, I get an "e;Acrobat error. Bad parameter."e; Why?

Try to assign the non-empty value to the ElPDFSignature.AuthorName property. Though this property is marked as optional in PDF specification, Adobe Reader 6 fail…

The certificate could not be validated with TElX509CertificateValidator, while the browser validates it fine. Why?

Why the certificate could not be validated with TElX509CertificateValidator, while the browser validates it fine.

How to fill SigPolicyHash for XAdES

The digest value of the signature policy is calculated over SigPolicyId \Identifier element. If Identifier element contains an URI, then the hash is calculated o…

SSH or SFTP connection to the server is not established (connection is closed during handshake).

You run the code which uses SSH or SFTP client and ... got nothing. The connection is not established. SSH family of protocols is complex and various SSH servers…

Timestamping of digital signatures (mini-FAQ)

This article answers some of the basic questions related to timestamping of digital signatures, made over data using X.509 certificates.

Does the price include European VAT?

Prices that are listed in the price lists and shown by the price calculator do NOT include VAT. We do not collect VAT from European customers.…

7 Business Advantages Of Offering Data Security

Learn why you must add security and encryption functions to your software and your IT infrastructure.

How do I change order of RDN elements or control their appearance in X509IssuerName and/or X509SubjectName element?

There is a global variable RDNDescriptorMap in SBXMLSec unit/namespace that controls the order. For example the original order is: C=EU, O=EldoS, OU=EldoS 1 EU B…

When I specify Windows (or PKCS#11) certificate storage for signing, I get "e;No signing certificate found"e; error. Why?

Please check that the storage is not empty, i.e. it contains at least one certificate with a private key. You need a certificate with a private key to sign the d…

Time reported by the components is XX hours away from correct. Why?

Time is reported by SFTP in UTC according to the standard. It's your task to convert it to local computer time.…

After I export certificate to PFX file, Windows (or CryptoAPI) can't import this file. What happens?

What happens afet exporting certificate to PFX file, Windows (or CryptoAPI) can't import this file

How can I debug SFTP client code without having an SFTP server?

Well, you must have an SFTP server. If you don't want to use a production server or the server is not under your complete control, you can install local SSH/SFTP…

How to reference elements inside the Signature element

Create an instance of TElXMLReference class, but don’t fill URIData and URINode properties. Add it to the References after the call to UpdateReferencesDigest(). …

When I open the signed document with Acrobat, it says that 'EldoS.SecureBlackbox' handler, used to create the signature, could not be found. What should I do?

Adobe Acrobat identifies the security handler that created the signature by its name. By default, SecureBlackbox creates signatures with name. However, you can s…

Why am I getting "Input too long" error when trying to encrypt or decrypt the data?

Asymmetric (public-key) algorithms operate with relatively small chunks of data. The exact size depends on the key length and other factors. For example, with RS…

I can't read or change Owner and Group attributes of the file.

Check that you are connecting to Unix server. Some attributes are not supported by SFTP version 3 and earlier. If the connection uses SFTP 3, you need to use UID…

Is there any way to put the prefix "e;ds"e; to XML-DSig nodes?

To do this, add the following code (C# notation): ElXMLSigner.Sign(); // this method generate “Signature” structure that could be accessed using ElXMLSigner.Sign…

How do I sign / encrypt the text data (and not a file)?

How to sign / encrypt the text data (and not a file)?

How to modify 'EncryptedData' element properties such as Id and/or node prefix?

First, you need to fill all properties needed for encryption, then call Encrypt() method. This method will perform encryption and build “EncryptedData” structure…

Does SFTP support wildcard characters and file masks with file operations?

I can't read or change Owner and Group attributes of the file.

How do I modify 'Signature' element properties, e.g. <Id>?

How do I modify 'Signature' element properties, e.g. <Id>

When I try to sign the data using the certificate, contained in Windows (with non-exportable private key), only MD5 hash algorithm works, even if I manually specify SHA* algorithm. Why so?

Windows CryptoAPI doesn't support SHA algorithms for signing by default, so SecureBlackbox reverts to MD5 if CryptoAPI must be used for signing (as it happens in…

I can't login to the server with username and password. Other programs do this fine. A bug?

Most likely, the server is using not password-based authentication, but keyboard-interactive authentication. SecureBlackbox supports both authentication types. F…

How do I get / set current directory?

SFTP doesn't have a concept of current directory. You must always use absolute paths when you refer to the files. If you use relative paths, the result depends o…

I can't add private key to my PKCS#11 device. Why?

Please check that your device supports the certificates and keys that you are trying to put there. Most devices don't support DSA certificates and private keys. …

What versions of XAdES are supported?

XAdES versions 1.1.1, 1.2.2, 1.3.2 and 1.4.1 (1.4.2) are supported. For XAdES (XAdES-BES, XAdES-EPES) and XAdES-T forms, there is a simple interface available vi…

How do I specify text or binary mode for file transfer with SFTP?

By default, SFTP uses binary mode. Text mode is supported by SFTP protocol versions 4 and later. To ensure that the connection is established using SFTP 4 or lat…

What versions of XAdES are supported?

XAdES versions 1.1.1, 1.2.2, 1.3.2 and 1.4.1 (1.4.2) are supported. For XAdES (XAdES-BES, XAdES-EPES) and XAdES-T forms, there is a simple interface available vi…

What SSH algorithms are implemented in SecureBlackbox?

SecureBlackbox contains client-side support for SSH 1 and SSH 2...

What components support distributed signing using distributed cryptography add-on?

At the moment distributed signing is supported for PKCS#7 and CAdES, XMLDSig and XAdES, PDF and PAdES standards and Office document formats using X.509 certificates.

Why doesn't SSL/TLS (HTTPS, FTPS etc) client connect to the server with default settings?

Short answer First of all, newer versions of servers expect the client to have enabled either new (TLS 1.1, TLS 1.2) or old (SSL 3) versions of the protocol, but…

Ensuring correctness of files, being uploaded and downloaded to and from the server at the same time.

The article describes what steps must be taken to make the system certificates accessible from applications and services, running under limited system accounts.

Getting an error "e;Command rejected due to sftp proxy policy settings: SSH_FXP_..."e; . What's this?

This error is often produced by the server which identifies itself as Maveric_SSHD. Case 1. Command rejected due to sftp proxy policy settings: SSH_FXP_INIT. Thi…

When loading large PDF document, OutOfMemory error happens. How do I deal with it?

In this case you should handle TElPDFDocument.OnCreateTemporaryStream and/or TElPDFDocument.PDFFile.OnCreateTemporaryStream events, create a temporary file on th…

Why is PCT 1.0 not supported?

PCT1 is an outdated attempt of Microsoft to establish it's own standard. The attempt failed, so PCT is not used anywhere now.…

I need to sign data stored on the server using the key stored on the client's computer. How do I do this?

How to sign data stored on the server using the key stored on the client's computer.

What are subkeys in OpenPGP keys?

Definition of subkeys in OpenPGP keys.

When uisng ValidateReferences method in TElXMLVerifier, I get "e;Reference requires a context"e; error. Quite confusing, isn

The error is returned when there exists an XMLReference element with neither URIData nor URINode, nor URIStream set. After loading the signature into TElXMLVerif…

Why does validation of certificates fails with the error of "CA certificate not found"?

Certificates in PKI (Public Key Infrastructure) make a chain to the trusted root certificate. Complete validation includes building such chain and validating eac…

Share with the World: who reads my data in the cloud?

The article discusses the risks arising from storing the data in the clouds and the ways to prevent these risks using client-side encryption.

How do I use distributed signing without client-side browser module (I have a client desktop application)?

A number of classes have been extended with extra distributed signing-related methods. For example, considering PDFBlackbox, you should do the steps described be…

What does "EElPDFDocumentError: Internal error ElPDFDocument.InsertActualSignatureInformation.2" mean?

What does "EElPDFDocumentError: Internal error ElPDFDocument.InsertActualSignatureInformation.2" mean:

Users with GnuPG can't decrypt data, encrypted with OpenPGPBlackbox. What should I do?

If you use Armoring (set ElPGPWriter.Armor property to true), you need to add the special header to ElPGPWriter.ArmorHeaders property. The text to add is "Versio…

When loading large XML document, OutOfMemory error happens. How do I deal with it?

DOM XML parser supports two modes: normal and delay load. In normal mode, the XML document is parsed and an XML DOM tree (node-tree) is created, after loading th…

Why can connection to the SSL/TLS (HTTPS, FTPS, SMTP/S, POP3/S) server be closed without any error indication right after connecting?

Some servers close the connection immediately when they receive client's data packet which they can't parse or don't understand. This is usually either a flaw of…

Why is there no SSL 4 support?

SSL 4 from Reuters has nothing in common with Secure Socket Layer. SSL 3 successor is TLS family of protocols.…

I need to send a command before transferring the file. How do I do this?

I need to send a command before transferring the file. How do I do this? TElSimpleSFTPClient has ExecuteCommand method that executes a command via command tunnel…

How do I create my own X.509 certificate?

There are several options available. SecureBlackbox installation includes a pre-created certificate in PEM and PFX formats which include both private and public …

Does SecureBlackbox support cryptocards?

SecureBlackbox can access, use and manage X.509 certificates and associated private keys, stored on CryptoCards and USB CryptoTokens. The device should be access…

When I encrypt the data with a public key, decryptor asks for private key twice. Where does the second key come from?

Most likely the key used for encryption has a subkey and encryption is done for both key and subkey. To disable the subkey (i.e. exclude it from encryption proce…

HTTP and HTTPS proxies

The article describes the difference between HTTP proxies and HTTPS proxies.

I need to connect to HTTPS resource via proxy, but setting HTTPProxy properties doesn't work. Why?

To connect to HTTPS resource via HTTPS proxy, use WebTunneling* properties. HTTP proxy and HTTPS proxy are different things (though often combined). HTTP proxy a…

Can I customize <KeyInfo> tag content?

Please use IncludeKeyValue and IncludeDataParams properties of TElXMLKeyInfoX509Data class.…

Active property of the socket-based component is true, though I know that connection has been closed by the server. Why so?

The Active property, when set, indicates that connection was successful and the component was ready to perform its actions. However if the connection is lost on …

Is there easier way to add SSL to my application?

SecureBlackbox includes wrappers or descendants of the most popular classes and components used for socket access. SecureBlackbox.NET provides ElClientSSLSocket …

Encryption schemes and mechanisms in SecureBlackbox and BizCrypto

The article describes different encryption schemes used in the IT industry and implemented in SecureBlackbox and BizCrypto products.

Why does first HTTPS, FTPS or SMTPS connection to the server take more time than subsequent connections?

Why does first HTTPS, FTPS or SMTPS connection to the server take more time than subsequent connections.

SSH / SFTP connection to JPMorgan (transmissions*.jpmorgan.com) fails. Why?

This is a known bug of their server software. It advertises support for keyboard-interactive authentication but if the client uses this authentication mechanism,…

When I use SignAndEncrypt operation, GnuPG complains about bad signature. Why?

When using SignAndEncrypt operation, GnuPG complains about bad signature. Reason why that happens.

The certificate on a USB token is not visible from a service. How do I use such certificate?

The certificate on a USB token is not visible from a service. How to use such certificate?

I have modified the signed data, but VerifySignature method reports the signature as valid. Why is that?

The ValidateSignature() method checks the integrity of the signature (SignedInfo element), it doesn't check the signer key/certificate and the references. To val…

Why does signing or decryption operation fail when my code is run in Windows service?

If you use certificates using Windows CryptoAPI interface (TElWinCertStorage class), you can face the problem when your code works fine in the regular applicatio…

Do I have to pay when distributing your components with my product?

The license cost is one-time and no distribution fees or other runtime fees (royalties) are required.…

How do I sign / encrypt the text data (and not a file)?

How to sign / encrypt the text data (and not a file)?

How do I include certificates when creating XML signature?

First of all, to include a signing key or certificate to the signature you need to set TElXMLSigner.IncludeKey property to true (this is default value). If you n…

Kerberos vs. SSL/TLS. What’s the Buzz?

In this article we will talk about main features of Kerberos and SSL, which is actually TLS (explanation follows), and what to use depending on situation and your demands.

I need to enter login and password on web page (in HTML form) before accessing the URL. How do I do this using your HTTP client?

So-called "form-based authentication" (you need to enter some data to HTML form, then post this data to the site, and then you are "logged in" and can access oth…

Why is speed of SFTP transfer too low comparing to WS_FTP or FileZilla?

Common speed for SSH and SFTP data transfer is around 1-1.5 Mb/sec. It is limited by encryption speed and several layers of data copying and processing (during S…

Can I use SecureBlackbox to connect to WCF service with TLS 1.2?

SecureBlackbox includes a self-contained SSL/TLS engine, which implements TLS 1.2. So you can connect to the remote server using TLS 1.2 if: (a) the other side s…

I have a license for PDFBlackbox, XMLBlackbox or PKIBlackbox. How do I use timestamping?

How to use timestamping when possesing a license for PDFBlackbox, XMLBlackbox or PKIBlackbox.

Accessing system certificates under restricted user accounts

The article describes what steps must be taken to make system certificates accessible from applications and services, running under limited system accounts.

What is CDS signature? Does SecureBlackbox support it?

CDS signature is a signature with a certificate chain which ends up with a root certificate issued by Adobe. The idea is that since Adobe software knows the root…

How do I remove ds: prefix when signing the data?

To do this add the following code: after ElXMLSigner.Sign()/GenerateSignature()/GenerateSignatureAsync(); (this method generates “Signature” structure that could…

Is a single-developer license "named" or transferrable?

The licenses are issued to the company (if the company name is specified in the order), so they are not bound to any individual name. One thing to do is to unlin…

Why do I get "no keys for decryption found" when trying to use a definitely valid keyring?

First, ensure that you have set the license key. Next, check that you have specified the correct private keyring. If your keyring or a key uses a password, and t…

How do I validate the server key in OnKeyValidate event?

Here's the simple scenario. Of course, you can extend and change it if necessary. On the first connection to a certain host, the application shows the server key…

PreferKeepAlive property is not available anymore. How do I update my code?

PreferKeepAlive property is not available anymore. How to update the code.

Why doesn't SSL/TLS (HTTPS, FTPS etc) client connect to the server with default settings?

Short answer First of all, newer versions of servers expect the client to have enabled either new (TLS 1.1, TLS 1.2) or old (SSL 3) versions of the protocol but …

How do I provide password to USB Based Token to retrieve ceriticate?

How to provide password to USB Based Token to retrieve ceriticate?

ASCIIMode property doesn't seem to work. What's wrong?

Text mode is supported by SFTP protocol versions 4 and later. To ensure that the connection is established using SFTP 4 or later, you need to enable SFTP 4, 5 an…

CAdES and Digital Signatures

CAdES is a new standard for advanced digital signature. It was introduced by the European Directive on a community framework for Electronic Signatures, which extends the previous standard, CMS, specifying several additional profiles.

How do I create the keys, compatible with PGP 2.6.x?

PGP 2.6.x accepts only RSA keys without subkeys, encrypted with IDEA algorithm. Thus, you should use the following call to Generate method: Generate("your-passwo…

I have a license for PDFBlackbox, XMLBlackbox or PKIBlackbox. How do I use timestamping?

You can perform timestamping using one of the components: TElHTTPTSPClient and TElFileTSPClient. The first component makes use of TElHTTPSClient, which is covere…

Can I sign a .NET assembly?

The question is what you want to do. There exist .NET signing (using RSA KeyPair) used for StrongNaming the assemblies, and there exists Authenticode which lets …

I need to develop a project for my client. What kind of license do I need to buy?

If you are providing custom software development services to the client and want to include our product as a part of the developed solution for one client, then …

Active property of the socket-based component is true, though I know that connection has been closed by the server. Why so?

Active property, when set, indicates that the connection was successful and the component was ready to perform its actions. However if the connection was lost on…

How do I specify position of the visible signature?

To fix the position of the signature widget, you can take one of the following approaches: Use properties of ElPDFSignatureWidgetProps class. The instance of thi…

How do I do "code signing"?

Code signing of executables and DLLs in Windows PE format is properly named "Microsoft Authenticode". SecureBlackbox includes TElAuthenticodeSigner and TElAuthen…

File transfer doesn't work while directory listing works. Are they different?

In SFTP directory listing and file transfer are very different operations. Try setting PipelineLength property of the SFTP client component to 1 and AutoAdjustTr…

How to extract a key from 'KeyInfo' element?

To extract a key from “KeyInfo” element you need to use the following code (C# notation): for (int i = 0; i ElXMLVerifier.Signature.KeyInfo.Count; i++) if (ElXML…

Introduction to XAdES (XML Advanced Electronic Signatures)

In this article we are talking about signing XML documents, though the same mechanism of XML signature can be used to sign any type of data. XML signature may be detached from or attached to signed data. In the latter case, the signature is said to be enveloping when it contains the signed data within itself, or may be enveloped when it comprises a part of the document containing the signed data.

The file, encrypted using PGPBlackbox, is displayed by PGP in "Secure Viewer" window and it

Remember to set ElPGPWriter.Filename to the name of the original file when encrypting the data. If you are not encrypting the file (but the generic data), you ca…

Can I use SSL/TLS without certificates?

SSL/TLS protocol standards let you use X.509 certificates, OpenPGP keys, symmetric keys (pre-shared keys, PSK) and passwords (SRP). SecureBlackbox supports all o…

I have timestamped the document, but Acrobat doesn't show it. Why?

Acrobat is very sensitive to the TSP reply, which is given by the TSP server. For example, the certificate chain must be completely validated by Acrobat in order…

Additional tune-up of retrievers in TElX509CertificateValidator

This article describes how to enable retrievers before validation.

(.NET) .NET 4.0 application fails to work properly on Windows 8 after .NET 4.5 Framework is installed.

.NET 4.0 application fails to work properly on Windows 8 after .NET 4.5 Framework is installed.

Benchmarking your SSL- or SSH-enabled communications.

The article reviews the method of proper benchmarking your SSL- or SSH-enabled communications.

Building user authentication systems for client-server environments.

The article reviews using X.509 certificates for user authentication

(Java) When running a project from NetBeans, I get an exception on any call to SecureBlackbox. Why?

Why when running a project from NetBeans, I get an exception on any call to SecureBlackbox?

Certificate Basics

Technical description of X.509 certificates

Certificate Pinning and SecureBlackbox

The article discusses how technically valid certificates can be fake, what certificate pinning is and how it helps ensure authenticity of web sites and other servers. Also the article describes how you can implement Certificate Pinning in SecureBlackbox.

Why doesn't SSL/TLS (HTTPS, FTPS etc) client connect to the server with default settings?

Short answer First of all, newer versions of servers expect the client to have enabled either new (TLS 1.1, TLS 1.2) or old (SSL 3) versions of the protocol, but…

Connection is closed by the server

Why does Active property return true when the connection is really closed?

(.NET) Why is not all data process by ... ?

Don't use StreamWriter class. Use descendants of Stream class.…

Diagnosing certificate chain validation errors when validating a certificate or signature with *AdES components.

Note: This article primarily addresses the components that perform complete chain validation out-of-the-box. In particular, these include TElX509CertificateValid…

What is the difference between client-only and client-server packages?

Differences between client-only and client-server

Counteracting Denial-of-Service (DoS) attacks in SSH and SFTP servers

This how-to describes the ways to counteract DoS and DDoS attacks on your SSH or SFTP server

Explorer fails to download huge files with " Error 0x800700DF ". Does the solution exist?

Explorer fails to download huge files with " Error 0x800700DF ". Solution:

When I try to download the source code package from My Control Center, I get only a small file (not an archive). Why?

When doownloading the source code package from My Control Center, and getting only a small file (not an archive).

I am getting an 8219 (0x201B) error when trying to use system certificate for signing. Still I am able to use this certificate with other applications. Am I doing something wrong?

This problem sometimes occurs on the 64 bit operating systems when accessing certificates stored on hardware tokens with TElWinCertStorage object. Some token ven…

Is SecureBlackbox FIPS-certified?

SecureBlackbox itself is not certified. However, on Windows it can work in so-called FIPS mode

FTPS (FTP over SSL) vs. SFTP (SSH File Transfer Protocol): What to Choose

Comprehensive comparison of FTPS and SFTP

Is there Secure FTP support available?

Supported Secure FTP available.

Getting Started with SecureBlackbox

How to get started with a trial of SecureBlackbox

Why the code works in GUI or console application but doesn't work in a system service?

There are several things to check in this situation: If the GUI/console application and the service are different applications, then be sure that you have copied…

If I specify the headers for DomainSigner, the message can't be validated by Yahoo. Why?

The headers should be specified in the same order, as they are placed in the message. Otherwise some validators will fail.…

How is SecureBlackbox distributed and where do I get the files?

SecureBlackbox is available for free download in it's evaluation version. This version can also be downloaded on Download page. The evaluation version includes p…

I have found a bug. How do I report it?

How to report a bug

I can't read SecureBlackbox HTMLHelp (CHM) file. It's just blank. Why?

Solution for reading SecureBlackbox HTMLHelp (CHM) file.

What SSH algorithms are implemented in SecureBlackbox?

What SSH algorithms are implemented in SecureBlackbox.

Implementing CAdES signing of data using SecureBlackbox

The article describes how to perform advanced signing of data according to CAdES specification using SecureBlackbox.

Implementing XAdES signing of data using SecureBlackbox

The article describes how to perform advanced signing of XML documents and custom data according to XAdES specification using SecureBlackbox.

Why is the year reported incorrectly in directory listings?

FTPS protocol doesn't have a standard format for directory listings (see the exception below). Many modern FTP systems use so-called Unix listing format produced…

(VCL) I get Internal Compiler Error Uxxx when tyring to compile SecureBlackbox. What should I do?

(VCL) Getting Internal Compiler Error Uxxx when tyring to compile SecureBlackbox.

Introduction to Certificates (common)

General introduction to X.509 certificates

Introduction to SSH

General information about SSH protocol

Introduction to SSL

General description of SSL/TLS protocol

When I use a production license key, I get an error saying that the key is valid for other version of SecureBlackbox. What is that supposed to mean?

When using a production license key, but still getting an error saying that the key is valid for another version.

When I use a production license key, I get an error saying that the key is valid for other version of SecureBlackbox. What is that supposed to mean?

The exact messages are: "Provided license key is valid for old version of SecureBlackbox and not the current one. Please upgrade your license." or " Provided lic…

What license is used for SecureBlackbox distribution?

SecureBlackbox is a commercial product. It can be downloaded for free only for...

ListDirectory or GetFileList methods return 0 elements, though file download works. What's wrong?

ListDirectory or GetFileList methods return 0 elements, though file download works.

Component library for PGP-compatible OpenPGP in C# and .NET

C# Class library for OpenPGP

SSL / TLS components for Xamarin

Managed .NET components for SSL /TLS protocols in Xamarin

Component library for PGP-compatible OpenPGP in .NET

Class library for OpenPGP

Class library for PGP-compatible OpenPGP

Class library for OpenPGP

Cloud components for Box Cloud Storage Service

Managed .NET components for secure cloud access

May I ask for a feature to be added?

Sure. Please submit your suggestion to us. It's a good idea to ensure, that the functionality you are asking about is not available at the moment (some things ca…

Why is memory consumption much larger, than the size of the PDF file?

When the PDF file is loaded, there's a tree of objects built in memory. When the PDF has many small objects, memory consumption grows significantly and can be ma…

(VCL) I have found a memory leak - global objects are not deleted.

(VCL) I have found a memory leak - global objects are not deleted. The leaks you have noticed are not leaks actually. During its work, SecureBlackbox creates sev…

(.NET) Memory usage in my project grows all the time and this is due to SecureBlackbox. Why?

(.NET) Memory usage in project grows all the time and this is due to SecureBlackbox. Why?

(.NET) The .NET 2.0 samples reference .NET 1.1 assemblies. Why?

Why the .NET 2.0 samples reference .NET 1.1 assemblies.

During handshake OnAuthenticationFailed event is fired, but authentication succedes. Why is the event triggered?

SSH protocol supports many authentication methods and you can enable all or some of them. Usually just one authentication method is used during handshake. This m…

How do I validate the server key in OnKeyValidate event?

Here's the simple scenario. Of course, you can extend and change it if necessary. On the first connection to a certain host, the application shows the server key…

When transferring the data (especially during upload) OnProgress seems to be called rarely, thus blocking my application. Why is it so?

When transferring the data (especially during upload) OnProgress seems to be called rarely, thus blocking the application. Why that happens:

Implementing PAdES signing of PDF documents using SecureBlackbox

The article describes how to perform advanced signing of PDF documents according to PAdES specification using SecureBlackbox.

(VCL) I have a license for PDFBlackbox. When I open PDFSigner sample in IDE, I get an error saying that TElHTTPSClient component is not installed. Where is the component?

PDFSigner sample application uses TElHTTPSClient component, which is not covered by your PDFBlackbox license. For information about timestamping in your case ple…

I have a license for PDFBlackbox. When I run PDFSigner sample, I get an error "The license key doesn't enable requested functionality". Why is that?

This error is shown when you attempt to use timestamping, because PDFSigner sample application uses TElHTTPSClient component, which is not covered by your PDFBla…

Plugging SecureBlackbox Java Cryptography Extensions into Java project

The Java Cryptography Extension (JCE) provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code …

(.NET) Why can't I create Portable Class Library (PCL) that uses SecureBlackbox? Do you have PCL version of SecureBlackbox assemblies?

Portable Class library for SecureBlackbox

Post-POODLE adjustments in TLS components of SecureBlackbox

The article discusses changes in SecureBlackbox in regards to recent POODLE attack and the measures you should take in your code.

Preventing TLS renegotiation attacks with SecureBlackbox 7.2 and later

This article discusses TLS renegotiation attack and the ways to prevent them when using SecureBlackbox 7.2 or later.

Securing RemObjects

The how-to describes how to add SSL security to RemObjects

Why doesn't your socket detect that the remote side was disconnected?

Why doesn't socket detect that the remote side was disconnected?

SecureBlackbox produces invalid results or exposes incorrect behaviour. Is it a bug?

Solution SecureBlackbox produces invalid results or exposes incorrect behaviour.

Why SecureBlackbox is a Superior Alternative to BouncyCastle

Why you should use professionally developed security components

I need implementation of ... encryption (or hashing) algorithm. Can I use SecureBlackbox?

Using SecureBlackbox for encryption and hashing algorithms.

Is SecureBlackbox multithreaded?

The correct term would be "thread-safe", i.e. capable of being called from multiple threads simultaneously. In SecureBlackbox all classes can be grouped to "cont…

Securing your client-server or multi-tier application.

Introductory article about security and encryption in distributed applications.

SECURITY ADVISORY: On the information disclosure vulnerability in SSL 3.0 and TLS 1.0 protocols (Rizzo/Duong "BEAST" attack)

This security advisory describes the details of the so-called BEAST attack on SSL/TLS.

SECURITY ADVISORY: On version fallback vulnerability in SSL/TLS implementations (Moeller/Duong/Kotowicz POODLE attack)

In late September 2014 a new attack on SSL/TLS protocol was recognized and described by security researchers Bodo Moeller, Thai Duong and Krzysztof Kotowicz. The report of the attack gained high popularity in the news and raised concerns about its applicability to various network environments.

What security algorithms are implemented in SecureBlackbox?

Implemented security algorithms.

The server doesn't want to execute a command. Other clients work fine. What to do?

What to do when the server doesn't want to execute a command and other clients work fine.

I can't login to the server with username and password. Other programs do this fine. A bug?

Most likely, the server is using not password-based authentication, but keyboard-interactive authentication. SecureBlackbox supports both authentication types. F…

Setting certificates in client-server systems

The article describes how to set up X.509 certificates in SSL client and server components.

How can I have several versions of SecureBlackbox installed on certain system at the same time?

How to have several versions of SecureBlackbox installed on certain system at the same time

The signature, made with SecureBlackbox, can't be verified.

The first thing to check is whether the document is normalized.

Signed message with attachment, when processed by Microsoft Exchange, is reported as containing an invalid signature. The integrity of the message is supposed not to be broken. What's wrong?

Microsoft Exchange 2007 contains a bug that causes it to invalidate the signatures made over the documents containing file attachments. The details are available…

Signing documents according to Spanish Factura format (government invoices)

Here you will find the sample code, which signs "factura" electronic XML documents (Spanish government's invoices), as described in this document. The resulting …

Silverlight environments: Security and permissions specifics

The article discusses how to tune up Silverlight applications to use those feature of SecureBlackbox, which require elevated permissions.

Active property of the socket-based component is true, though I know that connection has been closed by the server. Why so?

Active property, when set, indicates that the connection was successful and the component was ready to perform its actions. However, if the connection was lost o…

(.NET) Your socket-based components work fine in .NET but not in Silverlight. What's the problem?

(.NET) Socket-based components work fine in .NET but not in Silverlight. What's the problem?

(Windows Phone 7) Socket connection doesn't work when the phone is locked. A bug?

Socket connection doesn't work when the phone is locked. A bug?

SSH Authentication methods

Various methods of server and client authentication, used in SSH protocol

SSH or SFTP connection to the server is closed or hangs during data transfer stage (after successful handshake). What should I do?

SSH or SFTP connection to the server is closed or hangs during data transfer stage (after successful handshake). What to do:

SSH or SFTP connection to the server is not established (connection is closed during handshake).

SSH or SFTP connection to the server is not established (connection is closed during handshake).

SSL Transports for NexusDB

Information about adding SSL security to NexusDB

Adding support for TLS 1.2 to your Windows XP/Vista application

Following a number of severe attacks against SSL/TLS protocol discovered in recent years, fresher and safer versions of the protocol, such as TLS 1.1 and TLS 1.2 are quickly gaining popularity and becoming a new de facto standard across the Internet.

What third-party components/libraries are supported?

Supported development tools

Passive mode doesn't work in TElSimpleFTPSServer. What

Passive mode doesn't work in TElSimpleFTPSServer. What is happening?

Does SecureBlackbox use any third-party cryptography libraries?

No. With .NET edition, SecureBlackbox is compiled to pure managed code and all encryption, hashing and compression algorithms are implemented internally. With VC…

(VCL) Can I use SecureBlackbox with THTTPRIO?

SSL/TLS : Yes, this can be done in several ways HTTPRIO by default uses WinInet library and this can not be easily changed. If your installation of Delphi includ…

Tuning SSL components: choosing the configuration that is right for you!

The article is split in two general sections: configuring your client-side SSL implementation and configuring your server-side.

(VCL) I get ‘Unit ... was compiled with a different version of ...’ error.

The error is caused by a conflict between different versions of SecureBlackbox units, which you probably installed in different moments of time. The solution is:…

(VCL) I am getting ‘Error: Unresolved external Cert...’ when linking the project with C++Builder

Error: Unresolved external Cert...when linking the project with C++Builder

Simple commands are executed correctly, but listing or file transfer doesn't work. What should I do?

Simple commands are executed correctly, but listing or file transfer doesn't work. What to do:

Using SecureBlackbox with kbmMW

Step-by-step explanation of how to add SSL security to kbmMW

Using OCSP stapling in TLS-enabled components

OCSP Stapling is a procedure of “caching” an OCSP response for TLS server certificate and sending the response together with the certificate during TLS handshake…

Validation of certificates in SecureBlackbox (mini-FAQ)

The article describes how certificate validation in SecureBlackbox is done with help of TElX509CertificateValidator class.

Virtualized file access in SecureBlackbox

The article describes how SecureBlackbox works with files and how the files can be kept to avoid storing them on a disk

Where do I find sample projects?

All sample projects which are available, are included into distribution and installed to \Samples folder when you install SecureBlackbox that you have downloaded…

Why do I need to secure my internet communications?

If your application transfers data across network, chances are that there will be people who want to steal information or just peep into it. Why give them a chan…

Windows Explorer can't connect to WebDAV server sample. Why?

Windows Explorer can't connect to WebDAV server sample.

X.509 certificates and SSH

The article describes, how to use X.509 certificates for public-key authentication in SSH-secured communications.