SecureBlackbox Knowledge Base

What SSL/TLS algorithms are implemented in SecureBlackbox?

SecureBlackbox contains complete support for SSL 2, SSL 3, and TLS versions 1.0 and 1.1, including AES and Camellia. SecureBlackbox does not support Elliptic Cur…

Can I detect insertion and removal of the hardware device (token or cryptocard)?

How to detect insertion and removal of the hardware device (token or cryptocard).

With what other PGP software is OpenPGPBlackbox compatible?

Compatibility with OpenPGP The OpenPGPBlackbox package of SecureBlackbox is implemented according to RFC 2440 and its successor, RFC 4880, which define the OpenP…

Securing PDF documents

A review of encryption and signing schemes offered by the PDF specification and supported by PDF management tools and components.

Troubleshooting: printing the signature background image

Follow this KB when the signature background image does not print or is corrupted.

How do I change the SigningTime element to show local time?

The SigningTime element shows the time in UTC by default; you can follow this KB to display the local time zone instead.

WinRT: troubleshooting connection failed exceptions

(WinRT) I am getting an exception when trying to set up a network connection from a WinRT application. What is the matter?

Basics of PAdES (PDF Advanced Electronic Signatures)

Few can deny the importance of electronic signatures in modern business. Companies that use electronic documents rely on electronic signatures to protect their d…

How can I extract the certificate from the CRL (Certificate Revocation List)?

How to extract the certificate from the CRL (Certificate Revocation List)?

Why is the first HTTPS, FTPS or SMTPS connection the longest?

Why does the first HTTPS, FTPS or SMTPS connection to the server take more time than subsequent connections?

When I try to sign the data using the certificate contained in Windows (with a non-exportable private key), only the MD5 hash algorithm works, even if I manually specify the SHA* algorithm.

The Windows CryptoAPI doesn't support SHA algorithms for signing by default, so SecureBlackbox reverts to MD5 if the CryptoAPI must be used for signing (this is …

How I do modify the QualifyingProperties element (the main element in XAdES) like an Id and/or node prefix?

The procedure is as follows: Set XAdES interface properties like the following: PolicyId, ProductionPlace, SignerRole, Included, SigningCertificates, XAdESForm, …

How do I configure SecureBlackbox for PGP 2.6?

Set the following properties of TElPGPWriter: SymmetricKeyAlgorithm = 1 UseNewFeatures = false UseOldPackets = true Note that PGP 2.6 doesn't handle password-enc…

The SSH or SFTP connection to the server is closed or hangs during the data transfer stage (after a successful handshake). What should I do?

This article provides troubleshooting in the following scenario: The SSH or SFTP connection to the server is closed or hangs during the data transfer stage (after a successful handshake).

Why does my connection to the SSL/TLS (HTTPS, FTPS, SMTP/S, POP3/S) server close without any error indication right after connecting?

Some servers close the connection immediately when they receive a data packet that they can't parse or a data packet that is otherwise unrecognized. This is usua…

When I use Acrobat 6.0, click the signature, and click Signature Properties, why do I get a bad parameter error in Acrobat?

When I use Acrobat 6.0, click the signature and click Signature Properties, why do I get a bad parameter error in Acrobat?

The certificate could not be validated with TElX509CertificateValidator, while the browser validates it. Why?

Why the certificate could not be validated with TElX509CertificateValidator, while the browser validates it.

How to fill the SigPolicyHash for XAdES

The digest value of the signature policy is calculated over the SigPolicyId \Identifier element. If the Identifier element contains a URI, then the hash is calcu…

Timestamping of digital signatures (mini-FAQ)

This article answers some of the basic questions related to the timestamping of digital signatures, made over data using X.509 certificates.

Does the price include the European VAT?

Prices that are listed in the price lists and shown by the price calculator do NOT include VAT. We do not collect VAT from European customers.…

7 Business Advantages Of Offering Data Security

Learn why you must add security and encryption functions to your software and your IT infrastructure.

How do I change the order of RDN elements or control their appearance in the X509IssuerName and/or X509SubjectName elements?

There is a global variable RDNDescriptorMap in the SBXMLSec unit/namespace that controls the order. For example if the original order is C=EU, O=EldoS, OU=EldoS …

When I specify a Windows (or PKCS#11) certificate storage for signing, why do I get the following error: No signing certificate found?

Please check that the storage is not empty; i.e., it contains at least one certificate with a private key. You need a certificate with a private key to sign the …

The time reported by the components is XX hours away from correct. Why?

The time is reported by SFTP in UTC according to the standard. It's your task to convert it to the computer's local time.…

After I export a certificate to a PFX file, Windows (or CryptoAPI) cannot import this file. What happens?

Please check what algorithms you specify in a call to the SaveTo*PFX() method. The Windows CryptoAPI understands only SB_ALGORITHM_PBE_SHA1_3DES and SB_ALGORITHM…

How can I debug SFTP client code without having an SFTP server?

You must have an SFTP server. If you don't want to use a production server or the server is not under your complete control, you can install a local SSH/SFTP ser…

How to reference elements inside the Signature element

Create an instance of the TElXMLReference class, but don't fill the URIData and URINode properties. Add it to the References after the call to UpdateReferencesDi…

When I open a signed document with Acrobat, it says that the 'EldoS.SecureBlackbox' handler used to create the signature could not be found. What should I do?

Adobe Acrobat identifies the security handler that created the signature by its name. By default, SecureBlackbox creates signatures with the name. However, you c…

Why am I getting an "Input too long" error when trying to encrypt or decrypt the data?

Asymmetric (public-key) algorithms operate with relatively small chunks of data. The exact size depends on the key length and other factors. For example, with an…

I can't read or change the Owner and Group attributes of the file.

Check that you are connecting to the Unix server. Some attributes are not supported by SFTP version 3 and earlier. If the connection uses SFTP 3, you need to use…

Is there any way to put the prefix "ds" to XML-DSig nodes?

Is there any way to put the prefix "e;ds"e; to XML-DSig nodes?

How do I sign / encrypt the text data (and not a file)?

How to sign / encrypt the text data (and not a file)?

How to modify 'EncryptedData' element properties such as Id and/or node prefix

How to modify 'EncryptedData' element properties such as Id and/or node prefix.

Does SFTP support wildcard characters and file masks with file operations?

No. Masks are supported by the UploadFiles/DownloadFiles methods of ElSimpleSFTPClient, but the mask-handling code is built into the component and is not part of…

How do I modify 'Signature' element properties, e.g., <Id>?

How do I modify 'Signature' element properties, e.g., <Id>

Troubleshooting: when you try to sign the data using the certificate contained in Windows (with a non-exportable private key), only the MD5 hash algorithm works, even if you manually specify a SHA* algorithm.

The Windows CryptoAPI doesn't support SHA algorithms for signing by default, so SecureBlackbox reverts to MD5 if the CryptoAPI must be used for signing (this is …

I can't login to the server with a username and password. Other programs do this fine. Is this a bug?

Most likely, the server is using not password-based authentication, but keyboard-interactive authentication. SecureBlackbox supports both authentication types. F…

How do I get / set the current directory?

SFTP doesn't have a concept of the current directory. You must always use absolute paths when you refer to files. If you use relative paths, the result depends o…

I can't add the private key to my PKCS#11 device. Why?

Please check that your device supports the certificates and keys that you are trying to put there. Most devices don't support DSA certificates and private keys. …

What versions of XAdES are supported?

XAdES versions 1.1.1, 1.2.2, 1.3.2, and 1.4.1 (1.4.2) are supported. For XAdES (XAdES-BES, XAdES-EPES) and XAdES-T forms, there is a simple interface available v…

How do I specify text or binary mode for file transfer with SFTP?

By default, SFTP uses binary mode. Text mode is supported by the SFTP protocol in versions 4 and later. To ensure that the connection is established using SFTP 4…

What versions of XAdES are supported?

XAdES versions 1.1.1, 1.2.2, 1.3.2, and 1.4.1 (1.4.2) are supported. For XAdES (XAdES-BES, XAdES-EPES) and XAdES-T forms, there is a simple interface available v…

What SSH algorithms are implemented in SecureBlackbox?

SecureBlackbox contains client-side support for SSH 1 and SSH 2...

What components support distributed signing using the distributed cryptography add-on?

This article lists the components that support distributed signing.

Where has the BufferType type gone?

BufferType has been replaced with ByteArray. Note that in VCL BufferType was an alias to AnsiString, and as such it was 1-based. ByteArray is array of type byte,…

Why doesn't the SSL/TLS (HTTPS, FTPS, etc.) client connect to the server with the default settings?

Short answer First of all, newer versions of many servers expect the client to have enabled either new (TLS 1.1, TLS 1.2) or old (SSL 3) versions of the protocol…

Ensuring Correct Data Exchange in FTP

When working with FTP/FTPS and SFTP, you can follow the steps below to handle simultaneous uploads and downloads.

Troubleshooting: Command Rejected Due to SFTP Proxy Policy Settings: SSH_FXP_...

Resolve the following error: Command rejected due to SFTP proxy policy settings: SSH_FXP_ ...

How to Resolve OutOfMemory Errors when Loading Large PDF Documents

You can use these code examples to resolve an out-of-memory exception when loading large PDF documents.

Why is PCT 1.0 not supported?

PCT 1.0 is an outdated attempt by Microsoft to establish its own standard. The attempt failed, and PCT is not used anywhere now.…

How do I need sign data stored on the server using the key stored on the client computer?

How to sign data stored on the server using the key stored on the client computer.

What are subkeys in OpenPGP keys?

Definition of subkeys in OpenPGP keys.

When using the ValidateReferences method in TElXMLVerifier, I get the following error: Reference requires a context error.

This entry shows how to resolve the following error when using the ValidateReferences method in TElXMLVerifier: Reference requires a context error.

Why does validation of certificates fail with the following error: CA certificate not found?

Resolve the following error during certificate validation: CA certificate not found.

How do I use distributed signing without a client-side browser module (I have a client desktop application)?

A number of classes have been extended with extra distributed signing-related methods. Follow the steps below for PDFBlackbox. Distributed signing works similarl…

Resolving the Error EElPDFDocumentError: Internal error ElPDFDocument.InsertActualSignatureInformation.2

This entry shows how to resolve the following error: Internal error ElPDFDocument.InsertActualSignatureInformation.2

Users with GnuPG cannot decrypt data encrypted with OpenPGPBlackbox. What should I do?

If you use Armoring (enabled with the ElPGPWriter.Armor property set to true), you need to add a special header to the ElPGPWriter.ArmorHeaders property. The tex…

Resolving OutOfMemory Errors when loading large XML documents

This article explains shows the steps to resolve OutOfMemory errors when loading large XML documents.

Why is there no SSL 4 support?

SSL 4 from Reuters has nothing in common with Secure Socket Layer. SSL 3's successor is the TLS family of protocols.…

I need to send a command before transferring a file. How do I do this?

I need to send a command before transferring the file. How do I do this?

How do I create my own X.509 certificate?

There are several options available. The SecureBlackbox installation includes a precreated certificate in the PEM and PFX formats, which include both private and…

Does SecureBlackbox support cryptocards?

SecureBlackbox can access, use, and manage X.509 certificates and the associated private keys stored on CryptoCards and USB CryptoTokens. The device should be ac…

When I encrypt the data with a public key, the decryptor asks for the private key twice. Where does the second key come from?

Most likely, the key used for encryption has a subkey and the encryption is done for both the key and subkey. To disable the subkey (i.e., to exclude it from the…

HTTP and HTTPS proxies

The article describes the differences between HTTP proxies and HTTPS proxies.

I need to connect to an HTTPS resource via proxy, but setting the HTTPProxy properties doesn't work. Why?

To connect to an HTTPS resource via an HTTPS proxy, use the WebTunneling* properties. The HTTP proxy and the HTTPS proxy are different (though often combined). T…

Can I customize <KeyInfo> tag content?

Please use the IncludeKeyValue and IncludeDataParams properties of the TElXMLKeyInfoX509Data class.…

When the remote socket is disconnected, the TElSocket state (or the Active property of socket-enabled components) indicates that the connection is still present. Why?

The TCP protocol was designed to be tolerant to temporary failures of the carrier. And if you don't transfer any data over the established logical connection, th…

The Active property of the socket-based component is true, though I know that the connection has been closed by the server. Why so?

The Active property, when set, indicates that the connection was successful and the component was ready. However if the connection is lost at the socket level, t…

Is there an easier way to add SSL to my application?

SecureBlackbox includes wrappers or descendants of the most popular classes and components used for socket access. SecureBlackbox.NET provides ElClientSSLSocket …

Encryption Schemes and Mechanisms in SecureBlackbox

The article describes different encryption schemes used in the IT industry and implemented in the SecureBlackbox products.

Why does the first HTTPS, FTPS, or SMTPS connection to the server take more time than subsequent connections?

There can be several reasons for this. First of all, if you use the TElX509CertificateValidator component to validate server certificates, this component perform…

The SSH / SFTP connection to JPMorgan (transmissions*.jpmorgan.com) fails. Why?

This is a known bug of their server software. It advertises support for keyboard-interactive authentication, but if the client uses this authentication mechanism…

What does a PKCS#12 / PFX file contain?

PFX file is a container for one or more certificates with or without a private key. Certificates can be related ( end-entity / CA ) or completely unrelated. Secu…

When I use the SignAndEncrypt operation, GnuPG complains about a bad signature. Why?

Resolve a bad signature error from GnuPG when using the SignAndEncrypt operation.

The certificate on a USB token is not visible from a service. How do I use such a certificate?

The certificate on a USB token is not visible from a service. How to use such a certificate?

I have modified the signed data, but the VerifySignature method reports the signature as valid. Why is that?

I have modified the signed data, but VerifySignature method reports the signature as valid. Why is that?

Why does the signing or decryption operation fail when my code is run as a Windows service?

If you use certificates using the Windows CryptoAPI interface (the TElWinCertStorage class), you can face a problem in which your code works fine in the regular …

Do I have to pay when distributing your components with my product?

The license cost is one-time and no distribution fees or other runtime fees (royalties) are required.…

How do I sign / encrypt the text data (and not a file)?

How to sign / encrypt the text data (and not a file)?

How do I include certificates when creating an XML signature?

First of all, to include a signing key or certificate with the signature you need to set the TElXMLSigner.IncludeKey property to true (this is the default value)…

Kerberos vs. SSL/TLS

Introduces Kerberos and SSL/TLS.

Form-Based Authentication and the HTTP Client

I need to enter login and password on web page (in HTML form) before accessing the URL. How do I do this using your HTTP client?

Why is the speed of my SFTP transfer slow compared to WS_FTP or FileZilla?

This entry provides details on factors that can affect SFTP transfer speed, as well as some quick fixes. The common speed for SSH and SFTP data transfer is aroun…

Can I sign not the document itself, but the time at which the document was created?

This is called "timestamping". A timestamp is usually applied to the signed hash of the data. (The reason is that the timestamp is applied to a certain document …

Can I use SecureBlackbox to connect to a WCF service with TLS 1.2?

SecureBlackbox includes a self-contained SSL/TLS engine, which implements TLS 1.2. So you can connect to the remote server using TLS 1.2 if (a) the other side su…

How do I use timestamping with PDFBlackbox, XMLBlackbox, or PKIBlackbox?

How to use timestamping with PDFBlackbox, XMLBlackbox, or PKIBlackbox.

Accessing system certificates under restricted user accounts

The article describes what steps must be taken to make system certificates accessible from applications and services running under limited system accounts.

What is a CDS signature? Does SecureBlackbox support it?

A CDS signature is a signature with a certificate chain that ends up with a root certificate issued by Adobe. The idea is that since Adobe software knows the roo…

How check the revocation status of a certificate

How do I get information about whether a certificate has been revoked and if yes, when it happened?

How do I remove the ds: prefix when signing the data?

After the line ElXMLSigner.Sign()/GenerateSignature()/GenerateSignatureAsync(); (this method generates “Signature” structure that could be accessed using ElXMLSi…

Is a single-developer license "named" or transferrable?

Licenses are issued to the company (if the company name is specified in the order), so they are not bound to any individual name. If a user leaves the company, y…

Why do I get "no keys for decryption found" with a valid keyring?

First, ensure that you have set the license key. Next, check that you have specified the correct private keyring. If your keyring or a key uses a password, and t…

The PreferKeepAlive property is not available anymore. How do I update my code?

This article shows how to switch from the deprecated PreferKeepAlive property in SBB 13.

Why doesn't SSL/TLS (HTTPS, FTPS etc) client connect to the server with default settings?

Short answer First of all, newer versions of servers expect the client to have enabled either new (TLS 1.1, TLS 1.2) or old (SSL 3) versions of the protocol but …

How do I provide a password to a USB-based token to retrieve a certificate?

How do I provide a password to a USB Based Token to retrieve a certificate?

The ASCIIMode property doesn't seem to work. What's wrong?

Text mode is supported by the SFTP protocol in versions 4 and later. To ensure that the connection is established using SFTP 4 or later, you need to enable SFTP …

CAdES and Digital Signatures

CAdES is a new standard for advanced digital signature. It was introduced by the European Directive on a community framework for Electronic Signatures, which extends the previous standard, CMS, specifying several additional profiles.

How Do I Create Keys Compatible with PGP 2.6.x?

How do I create keys compatible with PGP 2.6.x?

How Do I Use Timestamping with PDFBlackbox, XMLBlackbox, or PKIBlackbox?

How to use timestamping with PDFBlackbox, XMLBlackbox, or PKIBlackbox.

Can I sign a .NET assembly?

There are several ways to sign assemblies in .NET: You can use .NET signing (using an RSA KeyPair) to create strong-named assemblies, and you can use Authenticod…

Which License Do I Need?

I need to develop a project for my client. What kind of license do I need to buy?

Why Does the Active Property of the Socket-Based Component Return True though the Connection is Closed?

The Active property of the socket-based component is true, though I know that connection has been closed by the server. Why so?

How do I Specify the Position of the Visible Signature?

How do I specify position of the visible signature?

Can I Access the Windows Certificate Storage from My Silverlight 4 Browser Control?

Can I access Windows Certificate Storage from my Silverlight 4 browser control?

Can I Sign Code with SecureBlackbox?

How do I sign code in SecureBlackbox?

Transferring files does not work while listing directories works. Are these different?

In SFTP listing directories and transferring files are very different operations. Try setting the PipelineLength property of the SFTP client component to 1 and t…

How do I extract a key from the KeyInfo element?

To extract a key from the KeyInfo element, use the following code: C# notation for (int i = 0; i ElXMLVerifier.Signature.KeyInfo.Count; i++) if (ElXMLVerifier.Si…

Introduction to XAdES (XML Advanced Electronic Signatures)

In this article we are talking about signing XML documents, though the same mechanism of XML signature can be used to sign any type of data. XML signature may be detached from or attached to signed data. In the latter case, the signature is said to be enveloping when it contains the signed data within itself, or may be enveloped when it comprises a part of the document containing the signed data.

Troubleshooting the following error in Secure Viewer: This message is for your eyes only

Troubleshoot the following scenario: The file, encrypted using PGPBlackbox, is displayed by PGP in Secure Viewer and it is not possible to save the file. Instead you get the following error message: This message is for your eyes only.

How do certificates stored on smartcards appear in Windows Certificate Storage when the smartcard is plugged in?

Certificates (not their private keys) are imported and stored in memory either by a smart card CSP (cryptographic service provider) module or by a vendor-provide…

Can I use SSL/TLS without Certificates?

The SSL/TLS protocol standards enable you to use X.509 certificates, OpenPGP keys, symmetric keys (preshared keys and PSK), and passwords (SRP). SecureBlackbox s…

Why does my timestamp not show up in Acrobat?

I have timestamped the document, but Acrobat does not show it. Why?

Additional tune-up of retrievers in TElX509CertificateValidator

Additional tune-up of retrievers in TElX509CertificateValidator.

Troubleshooting .NET 4.0 applications on Windows 8 after installing .NET Framework 4.5

Troubleshooting .NET 4.0 applications on Windows 8 after installing .NET Framework 4.5.

Benchmarking your SSL- or SSH-enabled communications

The article reviews several of the methods of properly benchmarking SSL- or SSH-enabled communications.

Building user authentication systems for client-server environments

This article reviews using X.509 certificates for user authentication.

(Java) When running a project from NetBeans, I get an exception on any call to SecureBlackbox. Why?

Why when running a project from NetBeans do I get an exception on any call to SecureBlackbox?

Certificate Basics

Technical description of X.509 certificates.

Certificate Pinning and SecureBlackbox

The article discusses how technically valid certificates can be fake, what certificate pinning is, and how it helps ensure authenticity of web sites and other servers. Also the article describes how you can implement Certificate Pinning in SecureBlackbox.

Why doesn't SSL/TLS (HTTPS, FTPS etc) client connect to the server with default settings?

Short answer First of all, newer versions of servers expect the client to have enabled either new (TLS 1.1, TLS 1.2) or old (SSL 3) versions of the protocol, but…

Why does the Active property return true when the connection has closed?

The Active property, when set, indicates that the connection was successful and the component was ready to perform its actions. However, if the connection was lo…

(.NET) Why is not all data processed?

Don't use the StreamWriter class. Use descendants of the Stream class.…

Diagnosing certificate chain validation errors when validating a certificate or signature with *AdES components

Diagnosing certificate chain validation errors when validating a certificate or signature with *AdES components.

What is the difference between the client-only and client-server packages?

Differences between the client-only and client-server packages?

Counteracting Denial-of-Service (DoS) attacks in SSH and SFTP servers

This how-to describes the ways to counteract DoS and DDoS attacks on your SSH or SFTP server

Explorer fails to download huge files with " Error 0x800700DF ". Does the solution exist?

Explorer fails to download huge files with " Error 0x800700DF ". Solution:

When I try to download the source code package from My Control Center, I get only a small file (not an archive). Why?

This problem happens sometimes due to missing authentication information - the file is provided only when the server identifies the requesting user and in some (…

I am getting an 8219 (0x201B) error when trying to use a system certificate for signing. Still, I am able to use this certificate with other applications. Am I doing something wrong?

This problem sometimes occurs on 64-bit operating systems when accessing certificates stored on hardware tokens with the TElWinCertStorage object. Some token ven…

Is SecureBlackbox FIPS-certified?

SecureBlackbox itself is not certified. However, on Windows it can work in so-called FIPS mode

FTPS (FTP over SSL) vs. SFTP (SSH File Transfer Protocol)

Comprehensive comparison of FTPS and SFTP

Is there Secure FTP support available?

Clarifies Secure FTP.

Getting Started with SecureBlackbox

How to get started with a trial of SecureBlackbox

Why does the code work in a GUI or console application but not in a system service?

There are several things to check in this situation: If the GUI/console application and the service are different applications, then be sure that you have copied…

If I specify the headers for DomainSigner, the message can't be validated by Yahoo. Why?

The headers should be specified in the same order as they are placed in the message. Otherwise, some validators will fail.…

How is SecureBlackbox distributed and where do I get the files?

SecureBlackbox is available for download in a free evaluation version. The evaluation version includes: precompiled files (for the VCL and NG editions), .NET ass…

I have found a bug. How do I report it?

How to report a bug

I can't read the SecureBlackbox HTMLHelp (CHM) file. It's just blank. Why?

The solution when the SecureBlackbox HTMLHelp (CHM) file is blank.

What SSH algorithms are implemented in SecureBlackbox?

Enumerates the SSH and SFTP algorithm support implemented in SecureBlackbox.

Implementing CAdES Data Signing Using SecureBlackbox

The article describes how to perform advanced signing of data according to CAdES specification using SecureBlackbox.

Implementing XAdES Signing of Data Using SecureBlackbox

The article describes how to perform advanced signing of XML documents and custom data according to the XAdES specification using SecureBlackbox.

Why is the year reported incorrectly in directory listings?

The FTPS protocol doesn't have a standard format for directory listings (see the exception below). Many modern FTP systems use the so-called Unix listing format …

(VCL) I get Internal Compiler Error Uxxx when tyring to compile SecureBlackbox. What should I do?

(VCL) Getting Internal Compiler Error Uxxx when tyring to compile SecureBlackbox.

Introduction to Certificates (common)

General introduction to X.509 certificates

Introduction to SSH

General information about the SSH protocol

Introduction to SSL

An introduction to the SSL/TLS protocol.

When I use a production license key, I get an error that the key is valid for another version of SecureBlackbox. What is that supposed to mean?

What to do when you are using a production license key but still getting an error that the key is valid for another version.

When I use a production license key, I get an error saying that the key is valid for other version of SecureBlackbox. What is that supposed to mean?

The exact messages are: "Provided license key is valid for old version of SecureBlackbox and not the current one. Please upgrade your license." or " Provided lic…

What license is used for SecureBlackbox distribution?

SecureBlackbox is a commercial product. It can be downloaded for free only for...

The ListDirectory or GetFileList methods return 0 elements, though the file download was successful. What's wrong?

What to do when the ListDirectory or GetFileList methods return 0 elements, though the file download is successful.

A Component Library for PGP-Compatible OpenPGP in C# and .NET

C# Class library for OpenPGP

SSL / TLS Components for Xamarin

Managed .NET components for SSL /TLS protocols in Xamarin

A Component Library for PGP-Compatible OpenPGP in .NET

An introduction to the OpenPGPBlackbox class library for OpenPGP

A class library for PGP-compatible OpenPGP

Outlines PGP and OpenPGP compliance in OpenPGPBlackbox.

Cloud Components for Box Cloud Storage Service

Managed .NET components for secure cloud access

Why does loading a PDF file consume more memory than the size of the file?

Why is memory consumption much larger than the size of the PDF file?

(VCL) Global objects are not deleted -- is this a memory leak?

The leaks you have noticed are not leaks actually. SecureBlackbox creates several global objects that must reside in memory until the application terminates (cry…

(.NET) Why is SecureBlackbox growing the memory usage of my project?

(.NET) Why is SecureBlackbox growing the memory usage of my project?

(.NET) Why do the .NET 2.0 samples reference .NET 1.1 assemblies?

The samples reference whatever assemblies are available in the system (i.e., no version information is specified in the references). If you install both .NET 1.1…

Why does the OnAuthenticationFailed event fire when authentication succeeds?

During the handshake the OnAuthenticationFailed event fires, but authentication succeeds. Why is the event triggered?

How do I validate the server key in the OnKeyValidate event?

Here's the simple scenario. Of course, you can extend and change it if necessary. On the first connection to a certain host, the application shows the server key…

When transferring the data (especially during upload) OnProgress seems to be called rarely, thus blocking my application. Why is this so?

This article explains how to handle a situation where, when transferring the data (especially during upload), OnProgress seems to be called rarely, thus blocking the application.

Implementing the PAdES Signing of PDF Documents Using SecureBlackbox

The article describes how to perform the advanced signing of PDF documents according to the PAdES specification using SecureBlackbox.

I have a license for PDFBlackbox. When I open the PDFSigner sample in my IDE, I get an error saying that the TElHTTPSClient component is not installed. Where is the component?

The PDFSigner sample application uses the TElHTTPSClient component, which is not covered by your PDFBlackbox license. For information about time-stamping in your…

Plugging SecureBlackbox Java Cryptography Extensions into Your Java Project

Plugging SecureBlackbox Java Cryptography Extensions into your Java project

(.NET) Why can't I create a Portable Class Library (PCL) that uses SecureBlackbox? Do you have a PCL version of the SecureBlackbox assemblies?

Portable Class library for SecureBlackbox

Post-POODLE Adjustments in the TLS Components of SecureBlackbox

The article discusses changes in SecureBlackbox in regards to the recent POODLE attack and the measures you should take in your code.

Preventing TLS Renegotiation Attacks with SecureBlackbox 7.2 and Later

This article discusses TLS renegotiation attacks and the ways to prevent them when using SecureBlackbox 7.2 or later.

Securing RemObjects

This how-to describes how to add SSL security to RemObjects

Why doesn't the socket detect that the remote side was disconnected?

TElSocket (or any other socket implementation) can't magically determine that the remote side has vanished or that the connection has been closed by the intermed…

SecureBlackbox produces invalid results or exposes incorrect behavior. Is this a bug?

The first step to troubleshoot invalid results or incorrect behavior.

Why SecureBlackbox is a Superior Alternative to BouncyCastle

Why you should choose SecureBlackbox's professionally developed security components over BouncyCastle

What encryption and hashing algorithms does SecureBlackbox implement?

Using SecureBlackbox for encryption and hashing algorithms.

Is SecureBlackbox multithreaded?

The correct term would be "thread-safe": SecureBlackBox is capable of being called from multiple threads simultaneously. In SecureBlackbox all classes can be gro…

Securing Your Client-Server or Multi-Tier Application

Introductory article about security and encryption in distributed applications.

Security Advisory: On the information disclosure vulnerability in the SSL 3.0 and TLS 1.0 protocols (Rizzo/Duong "BEAST" attack)

This security advisory describes the details of the so-called BEAST attack on SSL/TLS.

Security Advisory: On the version fallback vulnerability in SSL/TLS implementations (Moeller/Duong/Kotowicz POODLE attack)

In late September 2014 a new attack on the SSL/TLS protocol was recognized and described by security researchers Bodo Moeller, Thai Duong, and Krzysztof Kotowicz. The report of the attack gained high popularity in the news and raised concerns about its applicability to various network environments.

What security algorithms are implemented in SecureBlackbox?

Implemented security algorithms.

The server won't execute a command that other clients execute fine. What should I do?

What to do when the server won't execute a command that other clients work fine.

I can't login to the server with my username and password, but I can login to other programs fine. Is this a bug?

Most likely, the server is using not password-based authentication, but keyboard-interactive authentication. SecureBlackbox supports both authentication types. F…

Certificate Setup in Client-Server Systems

The article describes how to set up X.509 certificates in SSL client and server components.

How can I have several versions of SecureBlackbox installed on a certain system at the same time?

How to have several versions of SecureBlackbox installed on certain system at the same time.

The signature made with SecureBlackbox can't be verified

Your first check when the signature cannot be verified.

Signed messages with attachments in Microsoft Exchange

A signed message with an attachment is reported as containing an invalid signature when processed by Microsoft Exchange. The integrity of the message is supposed to not be broken. What's wrong?

Signing invoices for the Spanish government in the factura format

Sample code for signing electronic invoices for the Spanish government in the Factura XML format.

Silverlight Environments: Security and Permissions

The article discusses how to fine-tune Silverlight applications to features of SecureBlackbox that require elevated permissions.

Why does the Active property return true when the connection has closed?

The Active property, when set, indicates that the connection was successful and the component was ready to perform its actions. However, if the connection was lo…

(.NET) Why does my socket-based component work in .NET but not in Silverlight?

Troubleshooting when socket-based components work fine in .NET but not in Silverlight.

(Windows Phone 7) Socket connections don't work when the phone is locked. Is this a bug?

In Windows Phone 7 (Mango) socket connections "sleep" when the phone is locked. The connection remains alive and after unlocking the application you can continue…

SSH Authentication Methods

An overview of the methods of server and client authentication used in the SSH protocol.

The SSH or SFTP connection to the server is closed or hangs during the data transfer stage (after a successful handshake). What should I do?

Troubleshoot when the SSH or SFTP connection to the server is closed or hangs during data transfer stage (after a successful handshake)

Troubleshooting: the SSH or SFTP connection to the server is not established (the connection is closed during the handshake)

Troubleshooting when the SSH or SFTP connection to the server is not established (connection is closed during handshake).

SSL Transports for NexusDB

Information about adding SSL security to NexusDB

Adding Support for TLS 1.2 to Your Windows XP/Vista Application

Following a number of severe attacks against the SSL/TLS protocol discovered in recent years, fresher and safer versions of the protocol, such as TLS 1.1 and TLS 1.2 are quickly gaining popularity and becoming a new de facto standard across the internet.

What third-party components/libraries are supported?

Supported development tools

Why doesn't passive mode work in TElSimpleFTPSServer?

Passive mode means that the server opens a secondary socket on the port of its choice and passes the address and port to the client. When the server is behind th…

Does SecureBlackbox use any third-party cryptography libraries?

No. In the .NET edition, SecureBlackbox is compiled to pure managed code and all encryption, hashing, and compression algorithms are implemented internally. In t…

(VCL) Can I use SecureBlackbox with THTTPRIO?

SSL/TLS Yes, this can be done in several ways: HTTPRIO by default uses the WinInet library and this cannot be easily changed. If your installation of Delphi incl…

Fine-Tuning the SSL Components

How to configure your client-side and server-side SSL implementations.

(VCL) Troubleshooting Error ‘Unit ... was compiled with a different version of ...’

The error is caused by a conflict between different versions of SecureBlackbox units that were installed at different times. Follow the steps below to resolve th…

(VCL) I am getting ‘Error: Unresolved external Cert...’ when linking the project with C++Builder

Troubleshooting the following error: Unresolved external Cert...when linking the project with C++Builder

Simple commands are executed correctly, but listing or file transfer doesn't work. What should I do?

Simple commands are executed correctly, but listing or file transfer doesn't work. What to do:

Using SecureBlackbox with kbmMW

Step-by-step explanation of how to add SSL security to kbmMW

Using OCSP Stapling in the TLS-Enabled Components

Using OCSP stapling in the TLS-enabled Components

Validation of Certificates in SecureBlackbox (Mini-FAQ)

The article describes how certificate validation in SecureBlackbox is done with the help of the TElX509CertificateValidator class.

Virtualized File Access in SecureBlackbox

The article describes how SecureBlackbox works with files and how to avoid storing the files on disk.

Where do I find the sample projects?

All sample projects are included in the distribution and installed to the \Samples folder when you download and install SecureBlackbox the SecureBlackbox site. (…

Why do I need to secure my internet communications?

Add SSL or SSH support to secure your data against eavesdropping as it crosses the network. Encrypt your mail to keep it private. To stop serious information hun…

Windows Explorer can't connect to the WebDAV server sample. Why?

Windows Explorer can't connect to WebDAV server sample.

X.509 Certificates and SSH

The article describes how to use X.509 certificates for public-key authentication in SSH-secured communications.