SecureBlackbox Knowledge Base

Recent General Articles

Securing PDF documents

Review of encryption and signing schemes, offered by PDF specification and supported by PDF management tools and components.

Basics of PAdES (PDF Advanced Electronic Signatures)

Introduction A few people can deny the importance of electronic signature, since electronic documents are a major part of a modern business. It is important that…

Timestamping of digital signatures (mini-FAQ)

This article answers some of the basic questions related to timestamping of digital signatures, made over data using X.509 certificates.

7 Business Advantages Of Offering Data Security

Learn why you must add security and encryption functions to your software and your IT infrastructure.

Ensuring correctness of files, being uploaded and downloaded to and from the server at the same time.

The article describes what steps must be taken to make the system certificates accessible from applications and services, running under limited system accounts.

Share with the World: who reads my data in the cloud?

The article discusses the risks arising from storing the data in the clouds and the ways to prevent these risks using client-side encryption.

HTTP and HTTPS proxies

The article describes the difference between HTTP proxies and HTTPS proxies.

Encryption schemes and mechanisms in SecureBlackbox and BizCrypto

The article describes different encryption schemes used in the IT industry and implemented in SecureBlackbox and BizCrypto products.

Kerberos vs. SSL/TLS. What’s the Buzz?

In this article we will talk about main features of Kerberos and SSL, which is actually TLS (explanation follows), and what to use depending on situation and your demands.

Accessing system certificates under restricted user accounts

The article describes what steps must be taken to make system certificates accessible from applications and services, running under limited system accounts.

CAdES and Digital Signatures

CAdES is a new standard for advanced digital signature. It was introduced by the European Directive on a community framework for Electronic Signatures, which extends the previous standard, CMS, specifying several additional profiles.

Introduction to XAdES (XML Advanced Electronic Signatures)

In this article we are talking about signing XML documents, though the same mechanism of XML signature can be used to sign any type of data. XML signature may be detached from or attached to signed data. In the latter case, the signature is said to be enveloping when it contains the signed data within itself, or may be enveloped when it comprises a part of the document containing the signed data.

Benchmarking your SSL- or SSH-enabled communications.

The article reviews the method of proper benchmarking your SSL- or SSH-enabled communications.

Building user authentication systems for client-server environments.

The article reviews using X.509 certificates for user authentication

Certificate Basics

Technical description of X.509 certificates

Certificate Pinning and SecureBlackbox

The article discusses how technically valid certificates can be fake, what certificate pinning is and how it helps ensure authenticity of web sites and other servers. Also the article describes how you can implement Certificate Pinning in SecureBlackbox.

Counteracting Denial-of-Service (DoS) attacks in SSH and SFTP servers

This how-to describes the ways to counteract DoS and DDoS attacks on your SSH or SFTP server

FTPS (FTP over SSL) vs. SFTP (SSH File Transfer Protocol): What to Choose

Comprehensive comparison of FTPS and SFTP

Getting Started with SecureBlackbox

How to get started with a trial of SecureBlackbox

Implementing XAdES signing of data using SecureBlackbox

The article describes how to perform advanced signing of XML documents and custom data according to XAdES specification using SecureBlackbox.

Introduction to Certificates (common)

General introduction to X.509 certificates

Introduction to SSH

General information about SSH protocol

Introduction to SSL

General description of SSL/TLS protocol

Plugging SecureBlackbox Java Cryptography Extensions into Java project

The Java Cryptography Extension (JCE) provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code …

Post-POODLE adjustments in TLS components of SecureBlackbox

The article discusses changes in SecureBlackbox in regards to recent POODLE attack and the measures you should take in your code.

Preventing TLS renegotiation attacks with SecureBlackbox 7.2 and later

This article discusses TLS renegotiation attack and the ways to prevent them when using SecureBlackbox 7.2 or later.

Securing RemObjects

The how-to describes how to add SSL security to RemObjects

Why SecureBlackbox is a Superior Alternative to BouncyCastle

Why you should use professionally developed security components

Securing your client-server or multi-tier application.

Introductory article about security and encryption in distributed applications.

SECURITY ADVISORY: On the information disclosure vulnerability in SSL 3.0 and TLS 1.0 protocols (Rizzo/Duong "BEAST" attack)

This security advisory describes the details of the so-called BEAST attack on SSL/TLS.

SECURITY ADVISORY: On version fallback vulnerability in SSL/TLS implementations (Moeller/Duong/Kotowicz POODLE attack)

In late September 2014 a new attack on SSL/TLS protocol was recognized and described by security researchers Bodo Moeller, Thai Duong and Krzysztof Kotowicz. The report of the attack gained high popularity in the news and raised concerns about its applicability to various network environments.

The signature, made with SecureBlackbox, can't be verified.

The first thing to check is whether the document is normalized.

Silverlight environments: Security and permissions specifics

The article discusses how to tune up Silverlight applications to use those feature of SecureBlackbox, which require elevated permissions.

SSH Authentication methods

Various methods of server and client authentication, used in SSH protocol

Adding support for TLS 1.2 to your Windows XP/Vista application

Following a number of severe attacks against SSL/TLS protocol discovered in recent years, fresher and safer versions of the protocol, such as TLS 1.1 and TLS 1.2 are quickly gaining popularity and becoming a new de facto standard across the Internet.

Tuning SSL components: choosing the configuration that is right for you!

The article is split in two general sections: configuring your client-side SSL implementation and configuring your server-side.

Using SecureBlackbox with kbmMW

Step-by-step explanation of how to add SSL security to kbmMW

Validation of certificates in SecureBlackbox (mini-FAQ)

The article describes how certificate validation in SecureBlackbox is done with help of TElX509CertificateValidator class.

Virtualized file access in SecureBlackbox

The article describes how SecureBlackbox works with files and how the files can be kept to avoid storing them on a disk