secure bridge
TRANSCRIPT
SecureBridge Components
Devart
SecureBridge ComponentsI
SecureBridge Components, Copyright © 2007-2009 Devart
Table of Contents
..................................................................................................................................................1Overview
..................................................................................................................................................3Getting Started
..................................................................................................................................................7Features
..................................................................................................................................................9What's New
..................................................................................................................................................10Demo Projects
..................................................................................................................................................12Component List
..................................................................................................................................................14Hierarchy chart
..................................................................................................................................................16Requirements
..................................................................................................................................................17Installation
..................................................................................................................................................19Deployment
..................................................................................................................................................20Compatibility
..................................................................................................................................................21Licensing and Subscriptions
..................................................................................................................................................23Getting Support
..................................................................................................................................................24Using SecureBridge
.................................................................................................................................... 24Secure connections destination
.................................................................................................................................... 26SSH specific
................................................................................................................................................. 26SSH-tunnel principles
................................................................................................................................................. 28Attack types and countermeasures
................................................................................................................................................. 30Keys transferring
................................................................................................................................................. 31Step-by-step tutorial.......................................................................................................................................................................................... 31Conf iguring and starting the SSH server
.......................................................................................................................................................................................... 31SSH client setup
.......................................................................................................................................................................................... 33MySQL Data Access Components integration
.................................................................................................................................... 34SSL specific
................................................................................................................................................. 34SSL principles
................................................................................................................................................. 35Step-by-step tutorial.......................................................................................................................................................................................... 35SSL client setup
.......................................................................................................................................................................................... 35MySQL Data Access Components integration
..................................................................................................................................................37
SecureBridge Alphabetical Object and ComponentListing
.................................................................................................................................... 37EScError
................................................................................................................................................. 37Description.................................................................................................................................... 38EScSFTPError
................................................................................................................................................. 38Description
IIContents
II
SecureBridge Components, Copyright © 2007-2009 Devart
................................................................................................................................................. 39Properties.......................................................................................................................................................................................... 39ErrorCode
.................................................................................................................................... 40TScCertBasicConstraintsExtension
................................................................................................................................................. 40Description
................................................................................................................................................. 41Properties.......................................................................................................................................................................................... 41Certif icateAuthority
.......................................................................................................................................................................................... 41HasPathLengthConstraint
.......................................................................................................................................................................................... 41PathLengthConstraint
.................................................................................................................................... 42TScCertEnhancedKeyUsageExtension
................................................................................................................................................. 42Description
................................................................................................................................................. 43Properties.......................................................................................................................................................................................... 43EnhancedKeyUsages
.................................................................................................................................... 44TScCertExtension
................................................................................................................................................. 44Description
................................................................................................................................................. 45Properties.......................................................................................................................................................................................... 45Critical
.......................................................................................................................................................................................... 45Oid
.......................................................................................................................................................................................... 45RawData
.................................................................................................................................... 46TScCertificate
................................................................................................................................................. 46Description
................................................................................................................................................. 47Properties.......................................................................................................................................................................................... 47Certif icateList
.......................................................................................................................................................................................... 47CertName
.......................................................................................................................................................................................... 47Extensions
.......................................................................................................................................................................................... 47Issuer
.......................................................................................................................................................................................... 48IssuerName
.......................................................................................................................................................................................... 48Key
.......................................................................................................................................................................................... 48NotAf ter
.......................................................................................................................................................................................... 48NotBefore
.......................................................................................................................................................................................... 49Ready
.......................................................................................................................................................................................... 49SerialNumber
.......................................................................................................................................................................................... 49SignatureAlgorithm
.......................................................................................................................................................................................... 49Subject
.......................................................................................................................................................................................... 49SubjectName
.......................................................................................................................................................................................... 50Version
................................................................................................................................................. 51Methods.......................................................................................................................................................................................... 51Decrypt
.......................................................................................................................................................................................... 51Encrypt
.......................................................................................................................................................................................... 51Equals
.......................................................................................................................................................................................... 51ExportTo
.......................................................................................................................................................................................... 52GetFingerprint
.......................................................................................................................................................................................... 52ImportFrom
.......................................................................................................................................................................................... 52Sign
.......................................................................................................................................................................................... 53Verif ySign
.................................................................................................................................... 54TScCertificateList
................................................................................................................................................. 54Description
................................................................................................................................................. 55Properties.......................................................................................................................................................................................... 55Count
.......................................................................................................................................................................................... 55Certif icates
.......................................................................................................................................................................................... 55Storage
................................................................................................................................................. 56Methods.......................................................................................................................................................................................... 56Add
SecureBridge ComponentsIII
SecureBridge Components, Copyright © 2007-2009 Devart
.......................................................................................................................................................................................... 56Certif icateByName
.......................................................................................................................................................................................... 56CheckCertif icateName
.......................................................................................................................................................................................... 56Clear
.......................................................................................................................................................................................... 57FindCertif icate
.......................................................................................................................................................................................... 57GetCertif icateNames
.......................................................................................................................................................................................... 57IndexOf
.......................................................................................................................................................................................... 58Ref resh
.......................................................................................................................................................................................... 58Remove
.................................................................................................................................... 59TScCertKeyUsageExtension
................................................................................................................................................. 59Description
................................................................................................................................................. 60Properties.......................................................................................................................................................................................... 60KeyUsages
.................................................................................................................................... 61TScCertSubjectKeyIdExtension
................................................................................................................................................. 61Description
................................................................................................................................................. 62Properties.......................................................................................................................................................................................... 62SubjectKeyIdentif ier
.................................................................................................................................... 63TScCheckFileReplyExtension
................................................................................................................................................. 63Description
................................................................................................................................................. 64Properties.......................................................................................................................................................................................... 64HashAlgorithm
.......................................................................................................................................................................................... 64Hashes
.......................................................................................................................................................................................... 64HashesCount
.................................................................................................................................... 65TScCryptoAPIStorage
................................................................................................................................................. 65Description
................................................................................................................................................. 66Properties.......................................................................................................................................................................................... 66CertLocation
.......................................................................................................................................................................................... 66CertProviderType
.......................................................................................................................................................................................... 67CertStoreName
.......................................................................................................................................................................................... 67ProviderName
................................................................................................................................................. 68Methods.......................................................................................................................................................................................... 68GetProviderNames
.................................................................................................................................... 69TScDistinguishedName
................................................................................................................................................. 69Description
................................................................................................................................................. 70Properties.......................................................................................................................................................................................... 70Count
.......................................................................................................................................................................................... 70Name
.......................................................................................................................................................................................... 70Names
.......................................................................................................................................................................................... 70Values
.......................................................................................................................................................................................... 70ValueFromIndex
.................................................................................................................................... 71TScFilenameTranslationControlExtension
................................................................................................................................................. 71Description
................................................................................................................................................. 72Properties.......................................................................................................................................................................................... 72DoTranslate
.................................................................................................................................... 73TScFileStorage
................................................................................................................................................. 73Description
................................................................................................................................................. 74Properties.......................................................................................................................................................................................... 74Algorithm
.......................................................................................................................................................................................... 74Password
.......................................................................................................................................................................................... 74Path
.................................................................................................................................... 75TScIdIOHandler
................................................................................................................................................. 75Description
IVContents
IV
SecureBridge Components, Copyright © 2007-2009 Devart
................................................................................................................................................. 76Properties.......................................................................................................................................................................................... 76Client
.................................................................................................................................... 77TScKey
................................................................................................................................................. 77Description
................................................................................................................................................. 78Properties.......................................................................................................................................................................................... 78Algorithm
.......................................................................................................................................................................................... 78BitCount
.......................................................................................................................................................................................... 78IsPrivate
.......................................................................................................................................................................................... 78KeyList
.......................................................................................................................................................................................... 79KeyName
.......................................................................................................................................................................................... 79Ready
................................................................................................................................................. 80Methods.......................................................................................................................................................................................... 80Decrypt
.......................................................................................................................................................................................... 80Encrypt
.......................................................................................................................................................................................... 80Equals
.......................................................................................................................................................................................... 80ExportTo
.......................................................................................................................................................................................... 81Generate
.......................................................................................................................................................................................... 82GetFingerprint
.......................................................................................................................................................................................... 82ImportFrom
.......................................................................................................................................................................................... 83Sign
.......................................................................................................................................................................................... 83Verif ySign
.................................................................................................................................... 84TScKeyList
................................................................................................................................................. 84Description
................................................................................................................................................. 85Properties.......................................................................................................................................................................................... 85Count
.......................................................................................................................................................................................... 85Keys
.......................................................................................................................................................................................... 85Storage
................................................................................................................................................. 86Methods.......................................................................................................................................................................................... 86Add
.......................................................................................................................................................................................... 86CheckKeyName
.......................................................................................................................................................................................... 86Clear
.......................................................................................................................................................................................... 86FindKey
.......................................................................................................................................................................................... 86KeyByName
.......................................................................................................................................................................................... 87GetKeyNames
.......................................................................................................................................................................................... 87IndexOf
.......................................................................................................................................................................................... 87Remove
.......................................................................................................................................................................................... 87Ref resh
.................................................................................................................................... 88TScObjList
................................................................................................................................................. 88Description
................................................................................................................................................. 89Properties.......................................................................................................................................................................................... 89Count
.......................................................................................................................................................................................... 89Storage
................................................................................................................................................. 90Methods.......................................................................................................................................................................................... 90Clear
.......................................................................................................................................................................................... 90Flush
.......................................................................................................................................................................................... 90Ref resh
.................................................................................................................................... 91TScOid
................................................................................................................................................. 91Description
................................................................................................................................................. 92Properties.......................................................................................................................................................................................... 92FriendlyName
.......................................................................................................................................................................................... 92Value
.................................................................................................................................... 93TScRandom
SecureBridge ComponentsV
SecureBridge Components, Copyright © 2007-2009 Devart
................................................................................................................................................. 93Description
................................................................................................................................................. 94Methods.......................................................................................................................................................................................... 94Randomize
.......................................................................................................................................................................................... 94Random
.................................................................................................................................... 95TScRandom_LFSR
................................................................................................................................................. 95Description.................................................................................................................................... 96TScRegStorage
................................................................................................................................................. 96Description
................................................................................................................................................. 97Properties.......................................................................................................................................................................................... 97Algorithm
.......................................................................................................................................................................................... 97Password
.......................................................................................................................................................................................... 97KeyPath
.......................................................................................................................................................................................... 97RootKey
.................................................................................................................................... 98TScSFTPACEItem
................................................................................................................................................. 98Description
................................................................................................................................................. 99Properties.......................................................................................................................................................................................... 99AceFlags
.......................................................................................................................................................................................... 99AceMask
.......................................................................................................................................................................................... 99AceType
.......................................................................................................................................................................................... 99Who
.................................................................................................................................... 101TScSFTPClient
................................................................................................................................................. 101Description
................................................................................................................................................. 102Properties.......................................................................................................................................................................................... 102Active
.......................................................................................................................................................................................... 102SSHClient
.......................................................................................................................................................................................... 102EOF
.......................................................................................................................................................................................... 102NonBlocking
.......................................................................................................................................................................................... 103ReadBlockSize
.......................................................................................................................................................................................... 103ServerProperties
.......................................................................................................................................................................................... 103ServerVersion
.......................................................................................................................................................................................... 103Timeout
.......................................................................................................................................................................................... 104Version
.......................................................................................................................................................................................... 104WriteBlockSize
................................................................................................................................................. 105Methods.......................................................................................................................................................................................... 105Block
.......................................................................................................................................................................................... 106CheckFile
.......................................................................................................................................................................................... 106CheckFileByHandle
.......................................................................................................................................................................................... 107CloseHandle
.......................................................................................................................................................................................... 107CopyRemoteFile
.......................................................................................................................................................................................... 107CreateLink
.......................................................................................................................................................................................... 108Disconnect
.......................................................................................................................................................................................... 108DownloadFile
.......................................................................................................................................................................................... 108Initialize
.......................................................................................................................................................................................... 109MakeDirectory
.......................................................................................................................................................................................... 109OpenDirectory
.......................................................................................................................................................................................... 109OpenFile
.......................................................................................................................................................................................... 112QueryAvailableSpace
.......................................................................................................................................................................................... 113QueryUserHomeDirectory
.......................................................................................................................................................................................... 113ReadDirectory
.......................................................................................................................................................................................... 113ReadFile
.......................................................................................................................................................................................... 114ReadSymbolicLink
.......................................................................................................................................................................................... 114RemoveDirectory
.......................................................................................................................................................................................... 114RemoveFile
VIContents
VI
SecureBridge Components, Copyright © 2007-2009 Devart
.......................................................................................................................................................................................... 115RenameFile
.......................................................................................................................................................................................... 115RequestExtension
.......................................................................................................................................................................................... 116RetrieveAbsolutePath
.......................................................................................................................................................................................... 116RetrieveAttributes
.......................................................................................................................................................................................... 117RetrieveAttributesByHandle
.......................................................................................................................................................................................... 117SetAttributes
.......................................................................................................................................................................................... 118SetAttributesByHandle
.......................................................................................................................................................................................... 118TextSeek
.......................................................................................................................................................................................... 118UnBlock
.......................................................................................................................................................................................... 119UploadFile
.......................................................................................................................................................................................... 119WriteFile
................................................................................................................................................. 120Events.......................................................................................................................................................................................... 120OnConnect
.......................................................................................................................................................................................... 120OnCreateLocalFile
.......................................................................................................................................................................................... 120OnData
.......................................................................................................................................................................................... 121OnDirectoryList
.......................................................................................................................................................................................... 121OnDisconnect
.......................................................................................................................................................................................... 121OnError
.......................................................................................................................................................................................... 122OnFileAttributes
.......................................................................................................................................................................................... 122OnFileName
.......................................................................................................................................................................................... 123OnOpenFile
.......................................................................................................................................................................................... 123OnReplyCheckFile
.......................................................................................................................................................................................... 123OnReplyExtension
.......................................................................................................................................................................................... 124OnReplySpaceAvailable
.......................................................................................................................................................................................... 124OnSetRemoteFileAttributes
.......................................................................................................................................................................................... 125OnSuccess
.......................................................................................................................................................................................... 125OnVersionSelect
.................................................................................................................................... 127TScSFTPCustomExtension
................................................................................................................................................. 127Description
................................................................................................................................................. 128Properties.......................................................................................................................................................................................... 128Name
.................................................................................................................................... 129TScSFTPExtension
................................................................................................................................................. 129Description
................................................................................................................................................. 130Properties.......................................................................................................................................................................................... 130Data
.................................................................................................................................... 131TScSFTPFileAttributes
................................................................................................................................................. 131Description
................................................................................................................................................. 132Properties.......................................................................................................................................................................................... 132AccessTime
.......................................................................................................................................................................................... 132ACEs
.......................................................................................................................................................................................... 132AclFlags
.......................................................................................................................................................................................... 133AllocationSize
.......................................................................................................................................................................................... 133Attrs
.......................................................................................................................................................................................... 134ChangeAttrTime
.......................................................................................................................................................................................... 135CreateTime
.......................................................................................................................................................................................... 135ExtendedAttributes
.......................................................................................................................................................................................... 135FileType
.......................................................................................................................................................................................... 136GID
.......................................................................................................................................................................................... 136Group
.......................................................................................................................................................................................... 136LinkCount
.......................................................................................................................................................................................... 136MimeType
.......................................................................................................................................................................................... 137ModifyTime
.......................................................................................................................................................................................... 137Owner
SecureBridge ComponentsVII
SecureBridge Components, Copyright © 2007-2009 Devart
.......................................................................................................................................................................................... 137Permissions
.......................................................................................................................................................................................... 138Size
.......................................................................................................................................................................................... 138TextHint
.......................................................................................................................................................................................... 138UID
.......................................................................................................................................................................................... 139UntranslatedName
.......................................................................................................................................................................................... 139ValidAttributes
.................................................................................................................................... 141TScSFTPFileInfo
................................................................................................................................................. 141Description
................................................................................................................................................. 142Properties.......................................................................................................................................................................................... 142Attributes
.......................................................................................................................................................................................... 142Filename
.......................................................................................................................................................................................... 142Longname
.................................................................................................................................... 143TScSFTPServerProperties
................................................................................................................................................. 143Description
................................................................................................................................................. 144Properties.......................................................................................................................................................................................... 144FilenameCharset
.......................................................................................................................................................................................... 144FilenameCharsetAvailable
.......................................................................................................................................................................................... 144Newline
.......................................................................................................................................................................................... 144NewlineAvailable
.......................................................................................................................................................................................... 145SupportedAcls
.......................................................................................................................................................................................... 145SupportedAclsAvailable
.......................................................................................................................................................................................... 145SupportedExtension
.......................................................................................................................................................................................... 145SupportedExtensionAvailable
.......................................................................................................................................................................................... 146Vendor
.......................................................................................................................................................................................... 146VendorAvailable
.......................................................................................................................................................................................... 146Versions
.......................................................................................................................................................................................... 146VersionsAvailable
.................................................................................................................................... 147TScSFTPSupportedAclExtension
................................................................................................................................................. 147Description
................................................................................................................................................. 148Properties.......................................................................................................................................................................................... 148SupportedAcls
.................................................................................................................................... 149TScSFTPSupportedExtension
................................................................................................................................................. 149Description
................................................................................................................................................. 150Properties.......................................................................................................................................................................................... 150MaxReadSize
.......................................................................................................................................................................................... 150RaiseError
.......................................................................................................................................................................................... 150SupportedAccessMask
.......................................................................................................................................................................................... 150SupportedAttribExtensionNames
.......................................................................................................................................................................................... 150SupportedAttributeBits
.......................................................................................................................................................................................... 150SupportedAttributes
.......................................................................................................................................................................................... 151SupportedBlockModes
.......................................................................................................................................................................................... 151SupportedExtensionNames
.......................................................................................................................................................................................... 151SupportedOpenFlags
................................................................................................................................................. 152Methods.......................................................................................................................................................................................... 152IsSupportedBlockSet
.......................................................................................................................................................................................... 152IsSupportedOpenBlockSet
.................................................................................................................................... 153TScSFTPVendorExtension
................................................................................................................................................. 153Description
................................................................................................................................................. 154Properties.......................................................................................................................................................................................... 154ProductBuildNumber
.......................................................................................................................................................................................... 154ProductName
.......................................................................................................................................................................................... 154ProductVersion
VIIIContents
VIII
SecureBridge Components, Copyright © 2007-2009 Devart
.......................................................................................................................................................................................... 154VendorName
.................................................................................................................................... 155TScSFTPVersionsExtension
................................................................................................................................................. 155Description
................................................................................................................................................. 156Properties.......................................................................................................................................................................................... 156AsString
.......................................................................................................................................................................................... 156Versions
.................................................................................................................................... 157TScSpaceAvailableReplyExtension
................................................................................................................................................. 157Description
................................................................................................................................................. 158Properties.......................................................................................................................................................................................... 158BytesAvailableToUser
.......................................................................................................................................................................................... 158BytesOnDevice
.......................................................................................................................................................................................... 158BytesPerAllocationUnit
.......................................................................................................................................................................................... 158UnusedBytesAvailableToUser
.......................................................................................................................................................................................... 158UnusedBytesOnDevice
.................................................................................................................................... 159TScSSHChannel
................................................................................................................................................. 159Description
................................................................................................................................................. 160Properties.......................................................................................................................................................................................... 160Connected
.......................................................................................................................................................................................... 160DestHost
.......................................................................................................................................................................................... 160DestPort
.......................................................................................................................................................................................... 160Direct
.......................................................................................................................................................................................... 161GatewayPorts
.......................................................................................................................................................................................... 161InCount
.......................................................................................................................................................................................... 161NonBlocking
.......................................................................................................................................................................................... 161OutCount
.......................................................................................................................................................................................... 162Remote
.......................................................................................................................................................................................... 162SourcePort
.......................................................................................................................................................................................... 162SSHStream
................................................................................................................................................. 163Methods.......................................................................................................................................................................................... 163ReadBuf f er
.......................................................................................................................................................................................... 163WriteBuf f er
.......................................................................................................................................................................................... 163WriteString
................................................................................................................................................. 165Events.......................................................................................................................................................................................... 165OnError
.......................................................................................................................................................................................... 165OnSocketConnect
.......................................................................................................................................................................................... 165OnSocketDisconnect
.................................................................................................................................... 166TScSSHClient
................................................................................................................................................. 166Description
................................................................................................................................................. 167Properties.......................................................................................................................................................................................... 167Authentication
.......................................................................................................................................................................................... 167CiphersClient
.......................................................................................................................................................................................... 167CiphersServer
.......................................................................................................................................................................................... 168ClientInfo
.......................................................................................................................................................................................... 168Connected
.......................................................................................................................................................................................... 168HostKeyAlgorithms
.......................................................................................................................................................................................... 168HostKeyName
.......................................................................................................................................................................................... 169HostName
.......................................................................................................................................................................................... 169KeyStorage
.......................................................................................................................................................................................... 169Options
.......................................................................................................................................................................................... 170Password
.......................................................................................................................................................................................... 170Port
.......................................................................................................................................................................................... 171PrivateKeyName
.......................................................................................................................................................................................... 171Timeout
SecureBridge ComponentsIX
SecureBridge Components, Copyright © 2007-2009 Devart
.......................................................................................................................................................................................... 171User
................................................................................................................................................. 172Methods.......................................................................................................................................................................................... 172Connect
.......................................................................................................................................................................................... 172Disconnect
................................................................................................................................................. 173Events.......................................................................................................................................................................................... 173Af terConnect
.......................................................................................................................................................................................... 173Af terDisconnect
.......................................................................................................................................................................................... 173BeforeConnect
.......................................................................................................................................................................................... 173BeforeDisconnect
.......................................................................................................................................................................................... 174OnBanner
.......................................................................................................................................................................................... 174OnServerKeyValidate
.................................................................................................................................... 175TScSSHCustomChannel
................................................................................................................................................. 175Description
................................................................................................................................................. 176Properties.......................................................................................................................................................................................... 176Client
.......................................................................................................................................................................................... 176Connected
.......................................................................................................................................................................................... 176InCount
.......................................................................................................................................................................................... 176NonBlocking
.......................................................................................................................................................................................... 177OutCount
.......................................................................................................................................................................................... 177Timeout
................................................................................................................................................. 178Methods.......................................................................................................................................................................................... 178Connect
.......................................................................................................................................................................................... 178Disconnect
.......................................................................................................................................................................................... 178ReadBuf f er
.......................................................................................................................................................................................... 178ReadString
.......................................................................................................................................................................................... 179WriteBuf f er
................................................................................................................................................. 180Events.......................................................................................................................................................................................... 180OnAsyncError
.......................................................................................................................................................................................... 180OnAsyncReceive
.......................................................................................................................................................................................... 180OnConnect
.......................................................................................................................................................................................... 180OnDisconnect
.................................................................................................................................... 182TScSSHServer
................................................................................................................................................. 182Description
................................................................................................................................................. 183Properties.......................................................................................................................................................................................... 183Active
.......................................................................................................................................................................................... 183Authentications
.......................................................................................................................................................................................... 183Ciphers
.......................................................................................................................................................................................... 183HostKeyAlgorithms
.......................................................................................................................................................................................... 184KeyNameDSA
.......................................................................................................................................................................................... 184KeyNameRSA
.......................................................................................................................................................................................... 184Options
.......................................................................................................................................................................................... 185Port
.......................................................................................................................................................................................... 186ServerVersion
.......................................................................................................................................................................................... 186Storage
.......................................................................................................................................................................................... 186Timeout
................................................................................................................................................. 187Methods.......................................................................................................................................................................................... 187SendToClient
................................................................................................................................................. 188Events.......................................................................................................................................................................................... 188Af terChannelDisconnect
.......................................................................................................................................................................................... 188Af terShellDisconnect
.......................................................................................................................................................................................... 188Af terClientConnect
.......................................................................................................................................................................................... 189Af terClientDisconnect
.......................................................................................................................................................................................... 189BeforeChannelConnect
.......................................................................................................................................................................................... 189BeforeShellConnect
XContents
X
SecureBridge Components, Copyright © 2007-2009 Devart
.......................................................................................................................................................................................... 190OnChannelError
.......................................................................................................................................................................................... 190OnClientError
.......................................................................................................................................................................................... 190OnDataFromClient
.......................................................................................................................................................................................... 191OnDataToClient
.......................................................................................................................................................................................... 191OnError
.................................................................................................................................... 192TScSSHShell
................................................................................................................................................. 192Description
................................................................................................................................................. 193Properties.......................................................................................................................................................................................... 193Environment
................................................................................................................................................. 194Methods.......................................................................................................................................................................................... 194ExecuteCommand
.......................................................................................................................................................................................... 194ReadString
.......................................................................................................................................................................................... 194WriteString
.................................................................................................................................... 195TScSSLClient
................................................................................................................................................. 195Description
................................................................................................................................................. 196Properties.......................................................................................................................................................................................... 196CACertName
.......................................................................................................................................................................................... 196CertName
.......................................................................................................................................................................................... 196CipherSuites
.......................................................................................................................................................................................... 197Connected
.......................................................................................................................................................................................... 197ConnectionInfo
.......................................................................................................................................................................................... 197HostName
.......................................................................................................................................................................................... 197InCount
.......................................................................................................................................................................................... 197IsSecure
.......................................................................................................................................................................................... 198NonBlocking
.......................................................................................................................................................................................... 198OutCount
.......................................................................................................................................................................................... 198Port
.......................................................................................................................................................................................... 198Protocols
.......................................................................................................................................................................................... 199Storage
.......................................................................................................................................................................................... 199Timeout
................................................................................................................................................. 200Methods.......................................................................................................................................................................................... 200Connect
.......................................................................................................................................................................................... 200Disconnect
.......................................................................................................................................................................................... 200ReadBuf f er
.......................................................................................................................................................................................... 201WriteBuf f er
................................................................................................................................................. 202Events.......................................................................................................................................................................................... 202Af terConnect
.......................................................................................................................................................................................... 202Af terDisconnect
.......................................................................................................................................................................................... 202BeforeConnect
.......................................................................................................................................................................................... 202BeforeDisconnect
.......................................................................................................................................................................................... 203OnAsyncError
.......................................................................................................................................................................................... 203OnAsyncReceive
.......................................................................................................................................................................................... 203OnServerCertValidate
.................................................................................................................................... 205TScStorage
................................................................................................................................................. 205Description
................................................................................................................................................. 206Properties.......................................................................................................................................................................................... 206Certif icates
.......................................................................................................................................................................................... 206Keys
.......................................................................................................................................................................................... 206Users
.......................................................................................................................................................................................... 206ReadOnly
................................................................................................................................................. 207Methods.......................................................................................................................................................................................... 207DeleteStorage
................................................................................................................................................. 208Events
SecureBridge ComponentsXI
SecureBridge Components, Copyright © 2007-2009 Devart
.......................................................................................................................................................................................... 208OnCheckUserPass
.......................................................................................................................................................................................... 208OnCheckUserKey
.................................................................................................................................... 209TScUser
................................................................................................................................................. 209Description
................................................................................................................................................. 210Properties.......................................................................................................................................................................................... 210Authentications
.......................................................................................................................................................................................... 210Key
.......................................................................................................................................................................................... 210Password
.......................................................................................................................................................................................... 211UserList
.......................................................................................................................................................................................... 211UserName
................................................................................................................................................. 212Methods.......................................................................................................................................................................................... 212BeginUpdate
.......................................................................................................................................................................................... 212EndUpdate
.................................................................................................................................... 213TScUserList
................................................................................................................................................. 213Description
................................................................................................................................................. 214Properties.......................................................................................................................................................................................... 214Count
.......................................................................................................................................................................................... 214Users
.......................................................................................................................................................................................... 214Storage
................................................................................................................................................. 215Methods.......................................................................................................................................................................................... 215Add
.......................................................................................................................................................................................... 215CheckUserName
.......................................................................................................................................................................................... 215Clear
.......................................................................................................................................................................................... 215FindUser
.......................................................................................................................................................................................... 216UserByName
.......................................................................................................................................................................................... 216GetUserNames
.......................................................................................................................................................................................... 216IndexOf
.......................................................................................................................................................................................... 216Remove
.......................................................................................................................................................................................... 217Ref resh
..................................................................................................................................................218SecureBridge Object and Component Listing by Unit
.................................................................................................................................... 218ScBridge
................................................................................................................................................. 218Classes.................................................................................................................................... 219ScCryptoAPIStorage
................................................................................................................................................. 219Classes.................................................................................................................................... 220ScIndy
................................................................................................................................................. 220Classes.................................................................................................................................... 221ScRNG
................................................................................................................................................. 221Classes.................................................................................................................................... 222ScSFTPClient
................................................................................................................................................. 222Classes.................................................................................................................................... 223ScSFTPUtils
................................................................................................................................................. 223Classes.................................................................................................................................... 224ScSSHChannel
................................................................................................................................................. 224Classes.................................................................................................................................... 225ScSSHClient
................................................................................................................................................. 225Classes.................................................................................................................................... 226ScSSLClient
................................................................................................................................................. 226Classes
XIIContents
XII
SecureBridge Components, Copyright © 2007-2009 Devart
.................................................................................................................................... 227ScSSHServer
................................................................................................................................................. 227Classes.................................................................................................................................... 228ScSSHUtil
................................................................................................................................................. 228Classes
SecureBridge Components1
SecureBridge Components, Copyright © 2007-2009 Devart
1 Overview
SecureBridge is a library of non visual components for Delphi, Delphi for .NET, and C++Builder designedto protect network connections from unauthorized access.
SecureBridge can protect any TCP traffic using SSH or SSL protocol. These secure transport layerprotocols provide authentication, strong encryption, and data integrity verification. SecureBridge can beused in conjunction with data access components to prevent data interception or modification in anuntrusted network.
The SecureBridge library is actively developed and supported by the Devart Team. If you have aquestions about SecureBridge, email the developers at [email protected] or visit SecureBridge onlineat http://www.devart.com/sbridge/.
Advantages of SecureBridge Library
SecureBridge is very convenient in setup and usage. It is enough to place several components on theform and specify the server address and the user login information to establish a secure connection.Applications that have to work with secure information are easy to deploy, as they do not require anyexternal files.
Wide Support for Secure Protocols
SecureBridge supports SSH2 protocol which is one of the most reliable protocols for data encryption.SSH2 is an acknowledged industry standard in the area of secure data transfer through unprotectedconnections.
SSH Client
SecureBridge SSH Client, that is implemented in the TScSSHClient component, can work with differentSSH servers like OpenSSH, WinSSHD. It allows you achieve high performance due to connectionparameters management. SSH client unites several unprotected channels from client to server in oneprotected connection. Logical channels can exist in different threads.
SSH Server
High-performance SSH server with wide abilities for connection setup and users management. SSHServer works with different types of SSH clients such as OpenSSH, PuTTY etc. Number of the clientsconnected simultaneously is limited only by system resources.
SFTP Client
SecureBridge SFTP Client, that is implemented in the TScSFTPClient component, serves for secure filetransfer (and more generally - file system access).
SSL Client
2
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
SecureBridge SSL Client, that is implemented in the TScSSLClient component, can work with otherapplications using SSL 3.0 and TLS 1.0 protocols. It allows you achieve high performance due toconnection parameters management. SecureBridge does not require external units.
Protection Against Diverse Attacks
SecureBridge protects transferred data against different kinds of attacks. SecureBridge uses the Diffie-Hellman key exchange algorithm for connection establishing. A reliable random number generator isused for keys generating. To protect data against illegal access, information is encrypted by symmetricalgorithms that provide high speed and reliability. For data integrity verification hash algorithms likeSHA1 are used.
Support for Third Party Components
SecureBridge supports Internet Direct components (Indy) and MySQL Data Access Components(MyDAC). This allows you to implement all the advantages of the encrypted connection within a singleapplication without any external files.
Key features
The following list describes the main features of SecureBridge Components:
Full support for SSH2, SSL 3.0, and TLS 1.0 protocols
Support for all versions of the SFTP protocol
Fast and customizable SSH server, SSH client, SFTP client, and SSL client
Support for most SSH2-compatible clients and servers including OpenSSH
Compatible with any application that works through TCP with protocols like SMTP, POP, IMAP, etc.
Ability to work with system and external certificate storages through CryptoAPI
Protection against diverse crypto attacks
Support for symmetric (Blowfish, AES128, Cast128, TripleDES) and asymmetric (RSA, DSA)algorithms
Support for SHA1 and MD5 hashing algorithms
Authentication by password or by public key
Tight integration with Indy, Data Access Components for MySQL, and PostgreSQL Data AccessComponents
High performance
Reliable and convenient maintenance of asymmetric keys
Facility for storing users, passwords, and public keys for an SSH server
SecureBridge Components3
SecureBridge Components, Copyright © 2007-2009 Devart
2 Getting Started
This page contains a quick introduction to setting up and using the SecureBridge library. It gives awalkthrough for each part of the SecureBridge usage process and points out the most relevant relatedtopics in the documentation.
What is SecureBridge?How does SecureBridge work?Installing SecureBridge.Working with the SecureBridge demo projects.Compiling and deploying your SecureBridge project.Using the SecureBridge documentation.How to get help with SecureBridge.
What is SecureBridge?
SecureBridge is a component library which is designed for ensuring safe data transferring throughinsecure network areas. It helps you to improve security of transferred information in your applications.However it practically does not affect performance of the application and does not complicate itsarchitecture.
Many SecureBridge classes are based on VCL and VCL for .NET classes and interfaces.
An introduction to SecureBridge is provided in the Overview section.
A list of the SecureBridge features you may find useful is listed in the Features section.
An overview of the SecureBridge component classes is provided in the Components List section.
How does SecureBridge work?
In order to ensure data safety in insecure networks, it is essential to take care of data protection andintegrity, as well as of the data receiver identification. So before putting the data into the insecure area, itshould be encrypted. To maintain data integrity, it is required to send a data hash along with the dataitself. On the other side the data should be decrypted, and received hash should be verified.
SSH tunnel can ensure data transferring from several clients of one secure area to clients in anothersecure area through one protected TCP connection, at that authentication of the remote side is ensured.The general chart of computer ties when connecting through the SSH tunnel is presented below:
4
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
SSH tunnel diagram
SecureBridge can act as both SSH client (TScSSHClient) and SSH server (TScSSHServer ).
SSL connection works in similar way. The difference is that SSL client and SSL server are embeddedinto the corresponding applications. To put some data into network, an application calls methods of theembedded SSL client, data is encrypted and sent. To get data from network, the application also callsmethods of the embedded SSL client. So, SSL client/server exchange data with the application withinthe application's address space. The general chart of computer ties when connecting through SSL ispresented below:
SSL connection diagram
Installing SecureBridge
To install SecureBridge, complete the following steps.
1. Choose and download the version of the SecureBridge installation program that is compatible withyour IDE . For instance, if you are installing SecureBridge 2.00, you should use the following files:
SecureBridge Components5
SecureBridge Components, Copyright © 2007-2009 Devart
For BDS 2006 and Turbo - sbridge200d10std.exeFor Delphi 7 - sbridge200d7std.exe
For more information, visit the SecureBridge download page.
2. Close all running IDEs.
3. Launch the SecureBridge installation program you downloaded in the first step and follow theinstructions to install SecureBridge.
By default, the SecureBridge installation program should install compiled SecureBridge libraries automaticallyon all IDEs.
To check SecureBridge has been installed properly, launch your IDE and make sure that the SecureBridgepage has been added to the Component Palette.
If you have bought SecureBridge Standard Edition with Source Code, you will be able to download boththe compiled version of SecureBridge and the SecureBridge source code. The installation process for thecompiled version is standard, as described above. The SecureBridge source code must be compiledand installed manually. Consult the supplied ReadmeSrc.txt file for more details.
To find out what gets installed with SecureBridge or to troubleshoot your SecureBridge installation, visitthe Installation topic.
Working with the SecureBridge demo projects
The SecureBridge installation package includes demo projects that demonstrate SecureBridgecapabilities and use patterns. The SecureBridge demo projects are automatically installed in theSecureBridge installation folder.
To quickly get started working with SecureBridge, choose a fit SecureBridge demo project, and launchit. A description of all the SecureBridge demos is located in the Demo Projects topic.
Compiling and deploying your SecureBridge project
Compiling SecureBridge-based projects
By default, to compile a project that uses SecureBridge classes, your IDE compiler needs to haveaccess to the SecureBridge dcu (obj) files. If you are compiling a project with runtime packages, thecompiler will also need to have access to the SecureBridge bpl files. All the appropriate settings forboth of these scenarios should take place automatically during installation of SecureBridge. You should only need to modify your environment manually if you are using SecureBridge edition thatcomes with source code.
You can check that your environment is properly configured by trying to compile one of the SecureBridgedemo projects. If you have no problem compiling and launching the SecureBridge demos, yourenvironment has been properly configured.
For more information about which library files and environment changes are needed for compilingSecureBridge-based projects, consult the Installation topic.
Deploying SecureBridge-based projects
To deploy an application that uses SecureBridge, you will need to make sure the target workstation has
6
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
access to the following files.
The SecureBridge bpl files, if compiling with runtime packages.
The SecureBridge assembly files, if are using VCL for .NET components.
If you are evaluating deploying projects with SecureBridge Trial E dition, you will also need to deploysome additional bpl files with your application even if you are compiling without runtime packages. Asanother trial limitation for C++Builder, applications written SecureBridge Trial E dition for C++Builder willonly work if the C++Builder IDE is launched. More information about SecureBridge Trial E ditionlimitations is provided here.
Files which may need to be deployed with SecureBridge-based applications is included in the Deployment topic.
Using the SecureBridge documentation
The SecureBridge documentation describes how to install and configure SecureBridge, how to useSecureBridge Demo Projects, and how to use the SecureBridge library.
The SecureBridge documentation includes a detailed reference of all the SecureBridge components andclasses. Many of the SecureBridge components and classes inherit or implement members from otherVCL, VCL for .NET classes and interfaces. The product documentation also includes a summary of allmembers within each of these classes. To view a detailed description of a particular component, look itup in the Components List section. To find out more about a specific standard VCL class anSecureBridge component is inherited from, see the corresponding topic in your IDE documentation.
At install time, the SecureBridge documentation is integrated into your IDE . It can be invoked bypressing F1 in an object inspector or on a selected code segment.
How to get help with SecureBridge
There are a number of resources for finding help on using SecureBridge classes in your project.
If you have a question about SecureBridge installation or licensing, consult the Licensing section.
You can get community assistance and SecureBridge technical support on the SecureBridgeSupport Forum.
To get help through the SecureBridge Priority Support program, send an email to the SecureBridgedevelopment team at [email protected] .
If you have a question about ordering SecureBridge or any other Devart product, contact [email protected].
For more information, consult the Getting Support topic.
SecureBridge Components7
SecureBridge Components, Copyright © 2007-2009 Devart
3 Features
Compatibility:
Compatible with Delphi 5, C++Builder 5, and higher IDE versions
VCL and VCL.NET versions of the library available
Support for Indy, an open source socket library for Internet communications
Support for Data Access Components for MySQL (MyDAC)
Common features:
Ability to work with system and external certificate storages through CryptoAPI
Protection from different kinds of crypto attacks
High performance
High quality random number generator
Working in synchronous and asynchronous mode
Support for TStream and ISequentialStream interfaces
Access to extended information about the connection and the channel
Algorithms support:
Support for Blowfish, AES128, Cast128, and TripleDES symmetric algorithms
Support for RSA and DSA asymmetric algorithms
Support for SHA1 and MD5 hashing algorithms
Reliable and convenient storage, transfer, and verification of asymmetric keys
SSH:
Full support for the SSH2 protocol
SSH client with extended setting abilities
Fast and customizable SSH server
Support for most SSH2-compatible clients and servers including OpenSSH
Compatible with any applications that work through TCP with protocols like SMTP, POP, IMAP, etc.
Facility for storing users, passwords, and public keys for an SSH server
Authentication by password or by public key
Transferring data from several logical connections through a single SSH tunnel
Remote commands execution with SSH server
SFTP:
Full support for the SFTP protocols versions from 1 to 6
SFTP client with extended setting abilities
SSL:
Full support for SSL 3.0 and TLS 1.0 protocols with no external units
SSL client with extended setting abilities
Support for working with X.509 certificates
8
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
Licensing and support:
One year free support for registered users
Licensed royalty-free per developer, per team, or per site
SecureBridge Components9
SecureBridge Components, Copyright © 2007-2009 Devart
4 What's New
09-Jun-09 New features in SecureBridge 2.50:
Added the full support for SFTP protocols versions from 1 to 6
Added the SFTP client with extended setting abilities
Added support of keyboard-interactive authentication method
10-Oct-08 New features in SecureBridge 2.20:
Support for Delphi 2009 for Win 32 and C++Builder 2009 added
Improved stability of the TScSSHServer component
Improved work of the SSH Server demo
Fixed bug with hanging of the TScSSLClient component
14-Nov-07 New features in SecureBridge 2.00:
Added the full support for SSL 3.0 and TLS 1.0 protocols with no external units
Added the SSL client with extended setting abilities
Added ability to work with [X.509] certificates
Added ability to access system and external certificate storages through CryptoAPI
Remote commands execution with SSH server supported
23-Jul-07 New features in SecureBridge 1.10:
C++Builder 2007 supported
22-May-07 New features in SecureBridge 1.00:
SecureBridge released
10
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
5 Demo Projects
SecureBridge includes demo projects that show off the main SecureBridge functionality and developmentpatterns.
Where are the SecureBridge demo projects located?
In most cases all the SecureBridge demo projects are located in "%SecureBridge%\Demos\".
In Delphi 2007 for Win32 under Windows Vista all the SecureBridge demo projects are located in "MyDocuments\Devart\SecureBridge for Delphi 2007\Demos", for example: "C:\Documents and Settings\AllUsers\Documents\Devart\SecureBridge for Delphi 2007\Demos\".
The structure of the demo project directory depends on the IDE version you are using.
Instructions for using the SecureBridge demo projects
To explore an SecureBridge demo project,
1. Launch your IDE .
2. In your IDE , choose File | Open Project from the menu bar.
3. Find the Demos folder of SecureBridge.
4. Browse through the demo project folders located here and open the project file of the demo youwould like to use.
5. Compile and launch the demo. If it exists, consult the Readme.html file for more details.
Demo project descriptions
Name Description
Indy10 This demo project represents a the TScIdIOHandler component forproviding integration with Indy components version 10.SecureBridge installation wizard installs it for Delphi 8 and higherIDE versions if the "Indy Components" item is checked on the"Select Components" step of the installation. If your IDE has Indy9installed, and Indy integration is needed, just uncheck "IndyComponents" when installing and install TScIdIOHandler from theIndy9 directory.
Indy9 This demo is an equivalent to the Indy10 demo, except it supportsIndy components version 9, and is automatically installed forDelphi 7.
SFTPClient Uses the TScSFTPClient component for secure file transfer with
SecureBridge Components11
SecureBridge Components, Copyright © 2007-2009 Devart
remote machine. This demo allows to execute basic operationswith files such as downloading, uploading files, creating anddeleting directories, viewing the directory tree.
SSHClient Uses the TScSSHClient component for establishing connection toan SSH server. Demonstrates organizing port forwarding with the TScSSHChannel component (see. SSH-tunnel principles).
SSHServer Use the TScSSHServer component for building a full-blown SSHserver . Demonstrates working with a user list, generating new keysthat are used for authenticating when client connects to server.
SSHServerService This is one more full-blown SSH sever, but it does not have graphicinterface and does not provide key and user management tools likeSSHServer demo does. This demo is intended to work as aWindows service. Take a look at the Readme file in the demodirectory for some additional information.
SSHShell This demo demonstrates abilities of the TScSSHShell componentto execute commands remotely through an SSH server. The demoalso lets obtaining results in both standard and NonBlockingmodes.
Note, there is the Base directory among the demo directories. This directory does not contain a demo, itcontains a common engine for some of demos. You should not remove this directory or files in it. If youdo that, some of demos will not compile and work.
12
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
6 Component List
This topic presents a brief description of the components included in the SecureBridge Componentslibrary. Click on the name of each component for more information. These components are added to theSecureBridge page of the Component palette.
TScSSHClient SSH client, unites several logical unprotected connections to theserver into one protected connection. Logical connections canexist in different threads.
TScSSHChannel Logical connection to TScSSHClient within the client securearea. Receives/sends data from/to SSH server or forwards fromthe TCP port of one computer to another computer through asecure channel.
TScSSHShell Serves for remote commands execution using abilities of anSSH server.
TScSFTPClient Serves for implementing the functionality of SFTP protocol thatprovides secure file transfer.
TScSSHServer Implements SSH server functionality.
TScSSLClient SSL-client, supports SSL 3.0 and TLS 1.0 protocols. It validatesserver certificate, encrypts/decrypts data transferred through anetwork.
TScFileStorage Stores list of certificates, keys, and users in files.
TScRegStorage Stores list of certificates, keys, and users in the systemregistry.
TScCryptoAPIStorage Stores list of certificates and keys in system and external
storages using CryptoAPI functionality.
TScIdIOHandler Provides easy integration with Indy components to protect datatransferred through network by Indy.
SecureBridge Components13
SecureBridge Components, Copyright © 2007-2009 Devart
TMySSHIOHandler Lets MyDAC connecting to MySQL server through SSH protocol(this component is included into MyDAC as a demo project).
TMySSLIOHandler Lets MyDAC connecting to MySQL server through SSLconnection (this component is included into MyDAC as a demoproject).
See AlsoHierarchy chart
14
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
7 Hierarchy chart
Many SecureBridge classes are inherited from standard VCL/CLX classes. The inheritance hierarchychart for SecureBridge is shown below. The SecureBridge classes are represented by hyperlinks thatpoint to their description in this documentation. A description of the standard classes can be found inthe documentation of your IDE .
TObject |-TPersistent | |-TCollectionItem | | |—TScSFTPACEItem | |-TComponent | | |—TScSSHCustomChannel | | | |—TScSSHChannel | | | |—TScSSHShell | | |—TScSSHClient | | |—TScSSHServer | | |-TScSFTPClient | | |—TScSSLClient | | |—TScStorage | | | |—TScFileStorage | | | |—TScRegStorage | | | |—TScCryptoAPIStorage | | |—TIdIOHandler | | | |—TScIdIOHandler | | |—TMyIOHandler | | |—TMySSHIOHandler | | |—TMySSLIOHandler | |—TScCertificate | |—TScKey | |—TScUser | |—TScSFTPFileAttributes | |—TScSFTPFileInfo | |-TScSFTPCustomExtension | |—TScSFTPExtension | | |—TScFilenameTranslationControlExtension | |—TScCheckFileReplyExtension | |—TScSpaceAvailableReplyExtension | |—TScSFTPSupportedExtension | |—TScSFTPSupportedAclExtension | |—TScSFTPVendorExtension | |—TScSFTPVersionsExtension |—TScSFTPServerProperties |—TScObjList | |—TScCertificateList | |—TScKeyList | |—TScUserList |-TInterfacedObject
SecureBridge Components15
SecureBridge Components, Copyright © 2007-2009 Devart
|-TProtection |—TScRandom |—TScRandom_LFSR
16
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
8 Requirements
SecureBridge is an all-sufficient library and it does not require any external files on the target computer.
SecureBridge Components17
SecureBridge Components, Copyright © 2007-2009 Devart
9 Installation
This topic contains the environment changes made by the SecureBridge installer. If you are havingproblems with using SecureBridge or compiling SecureBridge-based products, check this list to makesure your system is properly configured.
Compiled versions of SecureBridge are installed automatically by the SecureBridge Installer for allsupported IDEs. Versions of SecureBridge with Source Code must be installed manually.
Installed packages
The SecureBridge package libraries are divided into Win32 project files and .NET project files.
Note: %SecureBridge% denotes the path to your SecureBridge installation directory.
Delphi/C++Builder Win32 project packages
Name Description LocationsbridgeXX.bpl SecureBridge run-time package Windows\System32dclsbridgeXX.bpl SecureBridge design-time package Delphi\Binindy10sbridgeXX.bpl* TScIdIOHandler compatible with Indy10 Delphi\Binindy9sbridgeXX.bpl* TScIdIOHandler compatible with Indy9 Delphi\Bin
Delphi for .NET project packages
Name Description Location
Devart.SecureBridge.dllSecureBridge Delphi for .NET run-timepackage
Global Assembly Cache
Devart.SecureBridge.Design.dll SecureBridge design-time package %SecureBridge%\Bin
Devart.SecureBridge.Indy10.dll TScIdIOHandler compatible with Indy10 %SecureBridge%\Bin
Environment Changes
To compile SecureBridge-based applications, your environment must be configured to have access tothe SecureBridge libraries. E nvironment changes are IDE -dependent.
For all instructions, replace %SecureBridge% with the path to your SecureBridge installation
directory
Delphi
%SecureBridge%\Lib should be included in the Library Path accessible from Tools |
E nvironment options | Library.
The SecureBridge Installer performs Delphi environment changes automatically for compiled versionsof SecureBridge.
18
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
Delphi for .NET
Devart.SecureBridge should be included in the Namespace prefixes.
%SecureBridge%\Lib should be included in the Library Path accessible from Tools | Options |
Library - NET.
%SecureBridge%\Bin should be included in the Library Path accessible from Tools | Options |
Library - NET.
%SecureBridge%\Bin should be included in the Component | Installed .NET components |
Assembly Search Path.
The SecureBridge Installer performs Delphi for .NET environment changes automatically for compiledversions of SecureBridge.
C++Builder
C++Builder 5, 6:
$(BCB)\SecureBridge\Lib should be included in the Library Path of the Default Project
Options accessible from Project | Options | Directories/Conditionals.
$(BCB)\SecureBridge\Include should be included in the Include Path of the Default Project
Options accessible from Project | Options | D irectories/Conditionals.
C++Builder 2006, 2007:
$(BCB)\SecureBridge\Lib should be included in the Library search path of the Default Project
Options accessible from Project | Default Options | C++Builder | Linker | Paths and Defines.
$(BCB)\SecureBridge\Include should be included in the Include search path of the Default
Project Options accessible from Project | Default Options | C++Builder | C++ Compiler | Paths andDefines.
The SecureBridge Installer performs C++Builder environment changes automatically for compiledversions of SecureBridge.
SecureBridge Components19
SecureBridge Components, Copyright © 2007-2009 Devart
10 Deployment
SecureBridge applications can be built and deployed with or without run-time libraries. Using run-timelibraries is managed with the "Build with runtime packages" check box in the Project Options dialog box.
Deploying Win32 applications built without run-time packages
You do not need to deploy any files with SecureBridge-based applications built without run-timepackages, provided you are using a registered version of SecureBridge.
You can check your application does not require run-time packages by making sure the "Build withruntime packages" check box is not selected in the Project Options dialog box.
Trial Limitation Warning
If you are evaluating deploying Win32 applications with SecureBridge Trial E dition, you will need todeploy the sbridgeXX.bpl package and their dependencies (required IDE BPL files) with your application,even if it is built without run-time packages.
Deploying Win32 applications built with run-time packages
You can set your application to be built with run-time packages by selecting the "Build with runtimepackages" check box in the Project Options dialog box before compiling your application.
In this case, you will also need to deploy the sbridgeXX.bpl package with your Win32 application.
Deploying .NET applications
By default you should deploy the Devart.SecureBridge.dll assembly with your SecureBridge .NETapplication.
If you remove the name of this assembly from the References list of your project, this file will not berequired on the target computer.
20
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
11 Compatibility
SSH servers compatibility
SecureBridge is tested with OpenSHH 3.8 and PuTTY.
SSL compatibility
SecureBridge is compatible with SSL 3.0 and TLS 1.0.
IDE compatibility
SecureBridge can be used with the following integrated development environments:
CodeGear Delphi 2009 for Win32
CodeGear C++Builder 2009
CodeGear RAD Studio 2007
CodeGear C++Builder 2007
CodeGear Delphi 2007 for Win 32
Turbo Delphi
Turbo Delphi for .NET,
Turbo C++,
Borland Developer Studio 2006 including support of Delphi for Win32, Delphi for .NET and C++BuilderPersonality,
Borland Delphi 2005,
Borland Delphi 8 (for .NET),
Borland Delphi 7,
Borland Delphi 6,
Borland Delphi 5,
C++Builder 6,
C++Builder 5.
Only Architect, E nterprise, and Professional editions are supported.
SecureBridge Components21
SecureBridge Components, Copyright © 2007-2009 Devart
12 Licensing and Subscriptions
SecureBridge Components are licensed, not sold. Please carefully read the end-user license agreement(EULA) before using the product. You can find the EULA in the License.rtf file in the SecureBridgeinstallation folder.
Licensing
There are three types of full licenses for SecureBridge: Single Licenses, Team Licenses, and SiteLicenses.
Single Licenses must be purchased for each developer working on a project that uses SecureBridge.
Purchasing a Team License automatically gives four developers a Single License.
Purchasing a Site License automatically gives all developers in a company a Single License.
For evaluation purposes only, you may also use SecureBridge Trial E dition under a temporary Evaluation License, which allows you to use SecureBridge Trial E dition for a period of 60 days, afterwhich you must either remove all files associated with SecureBridge or purchase a full license.
Licenses can be purchased for the following editions of SecureBridge: SecureBridge Standard Editionand SecureBridge Standard Edition with Source Code.
To purchase a license for SecureBridge, please visit www.devart.com/sbridge/ordering.html .
If you have any questions regarding licensing, please contact [email protected].
Editions
Full licenses can be purchased for the following editions of SecureBridge: SecureBridge StandardEdition and SecureBridge Standard Edition with Source Code.
Users can evaluate SecureBridge with SecureBridge Trial E dition under the Evaluation License.
Subscriptions
The SecureBridge Subscription program is an annual maintenance and support service for SecureBridgeusers.
Users with a valid SecureBridge Subscription get the following benefits:
Access to new versions of SecureBridge when they are released
Access to all SecureBridge updates and bug fixes
Product support through the SecureBridge Priority Support program
Notification of new product versions
If you have any questions regarding licensing or subscriptions, please see the contact [email protected].
22
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
Trial Limitations
The SecureBridge Evaluation License lets you try SecureBridge Trial E dition for a period of 60 days.
There are no functionality limitations in SecureBridge Trial E dition during the trial period for mostsupported IDEs, except the following:
.NET applications and applications written in C++Builder require the corresponding IDE to belaunched on the client workstation if they use SecureBridge Trial E dition
If you are deploying a project built with SecureBridge Trial E dition, you will need to include theSecureBridge library files in your application deployment package. For more information, consultthe Deployment topic.
SecureBridge Components23
SecureBridge Components, Copyright © 2007-2009 Devart
13 Getting Support
This page lists several ways you can find help with using SecureBridge and describes the SecureBridgePriority Support program.
Support Options
There are a number of resources for finding help on installing and using SecureBridge.
You can find out more about SecureBridge installation or licensing by consulting the Licensingsection.
You can get community assistance and technical support on the SecureBridge Community Forum.
You can get advanced technical assistance by SecureBridge developers through the SecureBridgePriority Support program.
If you have a question about ordering SecureBridge or any other Devart product, please contact [email protected].
SecureBridge Priority Support
SecureBridge Priority Support is an advanced product support service for getting expedited individualassistance with SecureBridge-related questions from the SecureBridge developers themselves. PrioritySupport is carried out over email and has a two business day response policy. Priority Support is available
for users with an active SecureBridge Subscription.
To get help through the SecureBridge Priority Support program, please send an email to [email protected] describing the problem you are having. Make sure to include the following information in yourmessage:
The version of Delphi or C++Builder you are using.
Your SecureBridge Registration number.
Full SecureBridge edition name and version number.
A detailed problem description.
If possible, a small test project that reproduces the problem. Please include definitions for all objectsof other schemas and avoid using third-party components.
24
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
14 Using SecureBridge
14.1 Secure connections destination
SSH (Secure Shell) and SSL (Secure Sockets Layer) are protocols for secure access to remotecomputers over insecure communication channels. Secure communication over non-secure networksgenerally involves three major areas of concern: privacy, authentication, and integrity.
Privacy
There is a possibility of an unauthorized access when transferring confidential information. To prevent theunauthorized access, data encryption is used. It is practically impossible to transform encrypted data tothe initial view without the secret key if a good encryption algorithm is used. It was designed a quantityof algorithms for data encryption that differ in reliability and encryption speed. The SSH and SSLprotocols support several algorithms of symmetric encryption and let using different algorithms forpassed and received data.When using these algorithms, it is necessary to have a secret session key, that is used for dataencryption and decryption. Both SSH and SSL generate keys before beginning of data exchange. Alsothey allow regenerating this key when working to avoid cracking the key.
Authentication
Secure communications require that the individuals communicating know the identity of those with whomthey communicate.When the client tries to establish the connection to the server, it is necessary to be sure that the serveris authentic (not supposititious). Also the server should verify whether the client is allowed co connect toit. To implement such requirements, asymmetric encrypting algorithms are used. In these algorithms apair of keys is used. The first key, named private key, serves for encrypting or signing data blocks. Thesecond key, named public key, serves for decryption data and signature verification. When pretty longkeys are used, it is not possible to determine the private key for a reasonable time interval if the publickey is known.Each secure server must have a pair of keys. In order to authenticate the sever, the client must have apublic key/certificate of the server. When creating the secure connection to authenticate the server, theclient verifies the key/certificate and signature received from the server using by the public key that theclient has. If the verification passes, the server is considered valid.There are several ways to authenticate the client. The first way is when the server verifies user namepassword. The second way is when the client has a pair of his own keys or a certificate, and the publickey has to be passed to the server. At that the client authentication is analogous to the serverauthentication described above.
Integrity
It is necessary to be sure that the data transferred through an insecure channel is not changed or lost.For that data integrity checking is required.Integrity check of the received data is often done by sending not only the original data but also averification message about that data. This message is called digital signature. Both the data and the
SecureBridge Components25
SecureBridge Components, Copyright © 2007-2009 Devart
verification message can be sent with a digital signature that proves the origin of both.
26
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
14.2 SSH specific
14.2.1 SSH-tunnel principles
SSH (Secure Shell) is the protocol for secure access to remote computers over insecure communicationchannels.
The general chart of computer ties when connecting through the SSH tunnel is presented below:
C1, C2, ..., Cn - computers from the client side of the SSH tunnel.S1, S2, ..., Sn - computers from the server side of the SSH tunnel. This can be a database server, httpserver, or just other client computers.
This connection method provides the secure connection between SSH client and SSH server that can gothrough insecure communication channels, like Internet.Connections between Si and SSH server, and between SSH client and Ci are insecure, therefore theyshould go through secure communication channels. In the confluent case, Si and SSH server can belocated on the same computer. The same is related to the SSH client and Ci.
The principle of working of the SSH connections is described below. The SSH server listens to thespecified TCP/IP port. When SSH client tries to connect to this port, the SSH server authenticates theclient. If the authentication passes, the connection is established. Then the client should createconnections to Si objects. The SSH client sends an inquiry to establish necessary connection to SSHserver, and the server establishes it.Also you can work in port forwarding mode. Port forwarding, or tunneling, is a way to forward otherwiseinsecure TCP traffic through SSH Secure Shell. There are two kinds of port forwarding: Local portforwarding and Remote port-forwarding.
Local port-forwarding
SecureBridge Components27
SecureBridge Components, Copyright © 2007-2009 Devart
In this mode the SSH client listens the specified port. If a Ci computer from the client side of the tunnelneeds to connect to the server S, Ci should connect to SSH client and the SSH client creates thesecure channel to S via the SSH server.
Remote port-forwarding
In this mode SSH client sends a request to SSH to listen a specific port. If a Si computer from the serverside wants to connect to the client C, Si should connect to the SSH server through the specified port,and the SSH server will create a secure channel to C through the SSH client.
28
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
14.2.2 Attack types and countermeasures
This article includes the general description of possible attack types on data transferred throughinsecure are, and recommendations for increasing data protection level.
1. Fitting seed for random number generatorThis kind of attack allows attacker to decrypt data transferred through network and read it. Theencrypted data can be intercepted and saved locally for future decryption.SSH protocol binds each session key to the session by including random, session specific data in thehash used to produce session keys. It it necessary to ensure that all of the random numbers are of goodquality, so the pseudo-random number generator should be cryptographically secure (i.e., its next outputnot easily guessed even when knowing all previous outputs).SecureBridge uses a pseudo random number generator having high cryptographic security and highenough entropy. Also there is a possibility for user to assign the initial random sequence that will beused for generating random numbers. This sequence can be formed by using processor steps counter,system timer information, or information of random mouse movements or pressure of keyboard keys.
Recommendation: To ensure high protection level, you should use a reliable initial sequence forrandom number generator. The sequence can be based, for example, on information about randommouse movements.
2. Symmetric encryption algorithms crackingSecureBridge uses different encryption algorithms, such as 3DES, Blowfish, Twofish, Cast128, AES,and others. They have no vulnerabilities found till now. SecureBridge supports session key changingprovided by SSH protocol. As a rule changing the session key after transferring of certain data amount isenough to prevent an attacker from cracking the key. CBC encryption mode (contains previous blockencrypting output) of some ciphers is theoretically vulnerable to cipher-text attacks because of the highpredictability of the start of packet sequence. However, this attack is deemed difficult and not consideredfully practicable, especially if relatively long block sizes are used. In addition, CBC mode vulnerabilitycan be reduced with insertion of packets, containing random data.
Recommendation: Use the RekeyLimit property (Client.Options, Server.Options) for determining whatdata size should be transferred before session key is regenerated.
3. Data substitutionThis kind of attacks consists in the following: attacker gets access to the data packet transferredthrough insecure network area, changes it and, and transmits further. To determine whether the datawas changed when transferring through the insecure area, data integrity checking methods are used.SecureBridge, within the bounds of the SSH protocol, inserts the MAC field into every sending packet.This field is calculated on basis of session key, packet sequence number and packet contents. SHA1hashing algorithm, which is secure enough, is basically used for MAC field calculation. Because MACsuse a 32-bit sequence number, they might start to leak information after 2**32 packets have been sent.Changing the session key after transfer of certain data amount increases degree of data protection.
4. Man-in-the-middleThere are some cases of man-in-the-middle attacks to consider.If the attacker tries to connect between the client and the server before the client initiates theconnection. When the client initiates session, attacker, that mimics SSH server, offers its server publickey. If the client already has the server public key, it can verify the key sent by attacker, and warn theuser about this spurious server public key. If the user does not accept this unverified key, attacker willnot be able to make this attack work since the attacker will not be able to correctly sign packetscontaining this session-specific data from the server, since he does not have the private key of that
SecureBridge Components29
SecureBridge Components, Copyright © 2007-2009 Devart
server.If the server public key was not securely delivered to the client and then verified, the client risk to acceptthe key substituted by the attacker, and the client cannot be sure that it is connected to the authenticserver. This lets attacker to intercept and change the data transferred between the server and the client.Server administrators must make host key fingerprints available for checking by some means whosesecurity does not rely on the integrity of the actual host keys. Possible mechanisms may includecertification by a trusted certification authority (CA), secured Web pages, physical pieces of paper, etc. In summary, the use of this protocol without a reliable association of the binding between a host and itshost keys is inherently insecure and is not recommended.
Recommendation: It is necessary to care of safe server public keys transferring (see the Keystransferring topic).
5. Denial of Service (DoS) attackOne of few weaknesses of the SSH protocol is vulnerability to Denial of Service attacks. Attacker canheap server with authentication requests that takes all server computational resources, and the serverbecomes unable to handle inquiries. One of the ways to resolve this problem is to allow connecting onlyfrom a subset of clients known to have valid users.
Recommendation: Setup the MaxStartups server option of TScSSHServer, that specifies the maximumnumber of concurrent unauthenticated connections.
6. Server substitution when password authenticationThe password authentication mechanism assumes that the server has not been compromised. So, aviolator can mimic an SSH server for the client that initiates the authentication procedure and recognizethe password, that is fraught with serious consequences. This vulnerability can be mitigated by using an alternative form of authentication, like public keyauthentication.
7. Client substitution when public key authenticationPublic key authentication assumes that client public key passed to the server is not compromised. Toensure that the client public key accepted by the server is not substituted, it is recommended to usepass phrases on private keys, smart cards, or other technology.
Recommendation: Keep the private client key in an encrypted form specifying the Password andAlgorithm properties of a Storage object. The public key should be transferred to the server withmaximum caution to prevent key substitution. (see the Keys transferring topic).
30
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
14.2.3 Keys transferring
When creating a connection between an SSH client and an SSH server, often asymmetric encryptionalgorithms and keys are used for authentication (see the TScKey description). One of sides generates apair of keys - private key and public key. The private key is used for signing data. Public key is used forsignature verification. It should be passed to another side. It is important to take care about safe keystransferring.
Note: The private key should be protected and it should be known only to another side.
The is a possibility to intercept and substitute the public key when transferring.
Key interception does not have any consequences. If a violator obtains a public key, he will not beable to read or change any data transferred through an SSH channel.
When the public key is substituted, the violator will have a possibility to replace the SSH server withhis own computer. This lets the violator to intercept and to change data that is transferred betweenthe client and the server.
If the public key of the client is substituted, the violator will have a possibility to replace the user'scomputer with his own computer and have an access to the SSH server.
There are several ways for safe keys transferring.
1. Key can be transferred though secure communication links. However, in most cases this method isunacceptable by technical reasons. Therefore other ways are used.
2. When obtaining a key form the other side, you should create a print from the key and verify it in anyreliable way, for example by a phone. However, you should trust the person you are talking to. Toget a finger print, you can use the GetFingerprint method of the TScKey class.
3. You can pass the signature of the key along with the key itself. The receiver verifies the key and thesignature. If the signature is correct, the key is considered valid. In this case it is required bothsides to have a certificate that will be used for signing the transferred key. This certificate can beobtained from one of two sources: A certificate authority (CA) such as VeriSign or GTE can providecertificates, or a privately controlled certificate server can issue certificates as well. To create acertificate, you should create a paid of keys. The private key remains on your computer, whereasthe public key should be passed to CA for certification. After that the each side will be able to verifyreceived certificate contacting with the corresponding CA.
4. One more way is to transfer the key along with its signature encrypted by asymmetric algorithmsusing certificates. For information on how to get certificates, see above.
SecureBridge Components31
SecureBridge Components, Copyright © 2007-2009 Devart
14.2.4 Step-by-step tutorial
14.2.4.1 SSH specif ic.Conf iguring and starting the SSH server
When setting up the SSH server, first of all the storage should be set. It is used to store keys and userlist that can connect to the server.
Storage setup
Place the TScFileStorage or TScRegStorage component onto the form.
Specify the path to store information about keys and users in the Path or KeyPath property.
First of all you should create a pair of keys that will be used for authentication server by the client.
Keys generating
Open the editor of the storage object (double click on the component) and go to the Keys page.
Press the New button to add a new key.
Select an algorithm and a key length.
Press the Generate button to generate a new key. A pair of keys must be created for the each usedasymmetric algorithm.
Pass the created public key to the server (see the Keys transferring topic).
It is required to add to the storage the information about the each user that will be connected to the SSHserver.
Users creation
Open the Users page of the storage editor.
Press the New button to create a new user.
Specify the user name.
Select available authentication methods.
If the authentication by a password is used, specify a password for the user. This password shouldby pretty complicated to be hard to crack it.
If the authentication by a public key is used, specify the key for the user. This key is generated bythe client and should be passed to the server carefully (see the Keys transferring topic). Press the"Import from..." button to import the key from a file.
SSH server setup
Place the TScSSHServer component onto the form.
Select required storage in the Storage property.
Specify names of the generated server keys for the RSA or DSA algorithm in the KeyNameRSA orKeyNameDSA property correspondingly.
Start the SSH server by setting the Active property to True.
14.2.4.2 SSH specif ic.SSH client setup
Use storage to store public server key, and private key when setting the SSH client. Private key is usedin case of using the authentication method by key.
Storage setup
Place the TScFileStorage or TScRegStorage component onto the form.
32
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
Specify the path to be used to store information about keys in the Path / KeyPath property
It is required to obtain server public key in order to authenticate the server. There are two ways toobtain this key:1. The key can be previously obtained from the server as described in the Keys transferring topic.2. Upon the first connect to the server you receive its public key that has to be stored in the storage
for the future use to authenticate the server. However, in this case the key is passed through theunprotected channel and can be substituted by a malefactor.
Add obtained key to the storage:1. Open the component editor of the storage component by double click on the component and
select the Keys tab.2. Add a new key by pressing the New button.3. Type the key name.4. Import information from the obtained file by using the "Import from..." button.
If the authentication by a key is used, it is required to create the user key:1. Open the component editor of the storage component by double click on the component and select
the Keys tab. 2. Pressing the New button and type the key name.3. Choose the algorithm to use and the needed key length.4. Push the Generate button to generate a new key.5. Export the public key and pass it to the server in order to the server be able to authenticate the
client.
SSH client setup
Place the TScSSHClient component onto the form.
Select a storage object in the KeyStorage property.
Specify the host name on which the SSH server is located in the HostName property.
Specify the server public key in the HostKeyName property.
Specify the user name in the User property.
Choose authentication algorithm in the Authentication property.
If authentication by password is used, specify password in the Password property.
If authentication by key is used, specify the private key name in the PrivateKeyName property. TheHostName value is used as a default key name. You can find steps to create a new key above inthis topic.
Establish connection to the server setting the Connected property to True.
You should create an SSH channel in order to exchange data with a remote host.
SSH channel setup
Place the TScSSHChannel component onto the form.
Select an SSH client in the Client property.
Specify the host name in DestHost and the TCP/IP port number in DestPort to which the connectionshould be established.
Specify the port number in SourcePort, data from which will be forwarded to the remote host towhich the connection is established.
Open the SSH channel setting the Connected property to True.
Random numbers generating
When establishing a connection to the SSH server, random numbers for creating session keys aregenerated. These keys will be used in the data encryption algorithms. For getting random numbers,pseudo random number generators are used. Before using the pseudo random number generator, youshould initialize it, by setting a start seed value. This seed value can be obtained in different ways: using
SecureBridge Components33
SecureBridge Components, Copyright © 2007-2009 Devart
processor step counter, sound card noise, information of random mouse movements, or pressure ofkeyboard keys. However, the first two ways is not reliable.One of such ways is implemented in the SSHClient demo.When using the SecureBridge component library, you should pass a sequence of the random values tothe Randomize method of the global Random object.
14.2.4.3 SSH specif ic.MySQL Data Access Components integration
In order to create a secure connection via SSH tunnel between MySQL Data Access Components (MyDAC) and MySQL, you should use the TMySSHIOHandler component. This component is an adapterbetween a database client and an SSH client. The secure connection can be used to transfer datathrough unprotected communication channels, like Internet.
The communication chart between database client and database server with use of TMySSHIOHandler ispresented in the following diagram:
Data exchange between TMyConnection and TScSSHClient which plays as an SSH client is safebecause it is carried out by calling methods of TMySSHIOHandler within the single application.Connection between SSH server and MySQL server is not secure, therefore you should take care that itgoes through secure communication channels.
Step-by-step setup of MySSHIOHandler
Place the TScSSHClient component onto the form and setup it to connect to the SSH server asdescribed in the Client setup topic.
Place the TMySSHIOHandler component onto the form.
Select the TScSSHClient object in the Client property.
Place the TMyConnection component onto the form and setup it to connect to the MySQL server.
Assign the TMySSHIOHandler object to the IOHandler property of TMyConnection.
Connection to MySQL server by setting TMyConnection.Connected to True.
34
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
14.3 SSL specific
14.3.1 SSL principles
SSL (Secure Sockets Layer) is the protocol for secure access to remote computers over insecurecommunication channels.
The SSL protocol runs above TCP/IP and below higher-level protocols such as HTTP or IMAP. It usesTCP/IP on behalf of the higher-level protocols, and in the process allows an SSL-enabled server toauthenticate itself to an SSL-enabled client, allows the client to authenticate itself to the server, andallows both machines to establish an encrypted connection. These capabilities address fundamental concerns about communication over the Internet and otherTCP/IP networks:
SSL server authentication allows a user to confirm a server's identity. SSL-enabled client softwarecan use standard techniques of public-key cryptography to check that a server's certificate andpublic ID are valid and have been issued by a certificate authority (CA) listed in the client's list oftrusted CAs. This confirmation might be important if the user, for example, is sending a credit cardnumber over the network and wants to check the receiving server's identity.
SSL client authentication allows a server to confirm a user's identity. Using the same techniques asthose used for server authentication, SSL-enabled server software can check that a client'scertificate and public ID are valid and have been issued by a certificate authority (CA) listed in theserver's list of trusted CAs. This confirmation might be important if the server, for example, is a banksending confidential financial information to a customer and wants to check the recipient's identity.
An encrypted SSL connection requires all information sent between a client and a server to beencrypted by the sending software and decrypted by the receiving software, thus providing a highdegree of confidentiality. Confidentiality is important for both parties to any private transaction. Inaddition, all data sent over an encrypted SSL connection is protected with a mechanism fordetecting tampering--that is, for automatically determining whether the data has been altered intransit.
SecureBridge Components35
SecureBridge Components, Copyright © 2007-2009 Devart
14.3.2 Step-by-step tutorial
14.3.2.1 SSL specif ic.SSL client setup
Use storage to store server and client certificates when setting the SSL client. Server certificate is usedfor the authentication of a SSL server. Client certificates can be used for the client authentication. In thiscase the certificate must contain the private key.
Storage setup
Place one of the storage components onto the form: TScCryptoAPIStorage, TScFileStorage, orTScRegStorage.
Specify the path to be used to store information about certificates in the CertStoreName / Path /KeyPath property (depending on the the storage component type).
Add server and client certificates to the storage:1. Open the editor of the storage component by double click on it, and select the Certificates tab.2. Add a new certificate by pressing the New button.3. Type the certificate name.4. Import information from a file that contains a certificate by using the "Import from..." button.
SSL client setup
Place the TScSSLClient component onto the form.
In the HostName property specify the name of the host on which the SSL server is located.
In the Port property specify the port number for TCP/IP connection with the SSL server.
Select already created storage object in the Storage property.
Specify the server certificate in the CACertName property.
If necessary, specify the client certificate in the CertName property.
Establish connection to the server setting the Connected property to True.
To make the connection secure, turn the IsSecure property to True.
Random numbers generating
When establishing connection to an SSL server, random numbers for creating session keys aregenerated. These keys will be used in the data encryption algorithms. For getting random numbers,pseudo random number generators are used. Before using the pseudo random number generator, youshould initialize it, by setting a start seed value. This seed value can be obtained in different ways: usingprocessor step counter, sound card noise, information of random mouse movements, or pressure ofkeyboard keys. However, the first two ways is not reliable.One of such ways is implemented in the SSHClient demo.When using the SecureBridge component library, you should pass a sequence of the random values tothe Randomize method of the global Random object.
14.3.2.2 SSL specif ic.MySQL Data Access Components integration
In order to create a secure connection via SSL between MySQL Data Access Components (MyDAC)and MySQL server, you should use the TMySSLIOHandler component. This component is an adapterbetween a database client and an SSL client. The secure connection can be used to transfer datathrough unprotected communication channels, like Internet.
The communication chart between database client and database server with use of TMySSLIOHandler ispresented in the following diagram:
36
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
Data exchange between TMyConnection and TScSSLClient which plays as an SSL client is safebecause it is carried out by calling methods of TMySSLIOHandler within the single application.
Step-by-step setup of MySSLIOHandler
Place the TMySSLIOHandler component onto the form.
Select a storage object in the Storage property. More information about storage setup you will find inthe SSL client setup topic.
Specify the server certificate in the CACertName property.
Specify the client certificate in the CertName property.
Place the TMyConnection component onto the form and setup it to connect to the MySQL server.
Assign the TMySSLIOHandler object to the IOHandler property of TMyConnection.
Connect to MySQL server by setting TMyConnection.Connected to True.
SecureBridge Components37
SecureBridge Components, Copyright © 2007-2009 Devart
15 SecureBridge Alphabetical Object andComponent Listing
15.1 EScError
15.1.1 Description
UnitScSSHUtil
DescriptionEScE rror arise, when an error occurs in SecureBridge classes, for example when interaction betweenSSH client and SSH server, or when working with keys .Use EScE rror in exception-handling blocks.
38
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.2 EScSFTPError
15.2.1 Description
UnitScSFTPUtils
DescriptionEScSFTPE rror arises, when the SFTP server returns an error and client is in the NonBlocking = Falsemode.The E rrorCode property contains the code of the error returned by the server.Use EScSFTPE rror in exception-handling blocks.
SecureBridge Components39
SecureBridge Components, Copyright © 2007-2009 Devart
15.2.2 Properties
15.2.2.1 EScSFTPError.ErrorCode
property ErrorCode: integer;
DescriptionThe E rrorCode property holds the code of the error returned by the server.
Here is a list of the constants of possible error codes:
SSH_FX_OK = 0;SSH_FX_EOF = 1;SSH_FX_NO_SUCH_FILE = 2;SSH_FX_PERMISSION_DENIED = 3;SSH_FX_FAILURE = 4;SSH_FX_BAD_MESSAGE = 5;SSH_FX_NO_CONNECTION = 6;SSH_FX_CONNECTION_LOST = 7;SSH_FX_OP_UNSUPPORTED = 8;SSH_FX_INVALID_HANDLE = 9;SSH_FX_NO_SUCH_PATH = 10;SSH_FX_FILE_ALREADY_EXISTS = 11;SSH_FX_WRITE_PROTECT = 12;SSH_FX_NO_MEDIA = 13;SSH_FX_NO_SPACE_ON_FILESYSTEM = 14;SSH_FX_QUOTA_EXCEEDED = 15;SSH_FX_UNKNOWN_PRINCIPAL = 16;SSH_FX_LOCK_CONFLICT = 17;SSH_FX_DIR_NOT_EMPTY = 18;SSH_FX_NOT_A_DIRECTORY = 19;SSH_FX_INVALID_FILENAME = 20;SSH_FX_LINK_LOOP = 21;SSH_FX_CANNOT_DELETE = 22;SSH_FX_INVALID_PARAMETER = 23;SSH_FX_FILE_IS_A_DIRECTORY = 24;SSH_FX_BYTE_RANGE_LOCK_CONFLICT = 25;SSH_FX_BYTE_RANGE_LOCK_REFUSED = 26;SSH_FX_DELETE_PENDING = 27;SSH_FX_FILE_CORRUPT = 28;SSH_FX_OWNER_INVALID = 29;SSH_FX_GROUP_INVALID = 30;
40
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.3 TScCertBasicConstraintsExtension
15.3.1 Description
UnitScBridge
DescriptionThe TScCertBasicConstraintsExtension class provides read-only properties that describe the basicconstraint set on a certificate. These constraints are used during the certificate chain verificationprocess.
The CertificateAuthority property identifies whether the certificate is a Certification Authority (CA)certificate. It is set to True for all CA certificates. The PathLengthConstraint determines wether the chain path length constraint must be applied to thecertificate. If this constraint is present, the PathLengthConstraint property value must be greater than thenumber of already processed CA certificates, starting with the end-entity certificate and moving up thechain. This constraint can be omitted if all of the higher level CA certificates in the chain does notinclude this constraint when the extension is present.The Public-Key Infrastructure (X.509) working group (PKIX) recommends that this extension should notappear in end-entity certificates.
See AlsoTScCertExtension
SecureBridge Components41
SecureBridge Components, Copyright © 2007-2009 Devart
15.3.2 Properties
15.3.2.1 TScCertBasicConstraintsExtension.Certif icateAuthority
property CertificateAuthority: Boolean;
DescriptionUse this property to determine if the certificate is a certification authority (CA) certificate.This property is read-only.
15.3.2.2 TScCertBasicConstraintsExtension.HasPathLengthConstraint
property HasPathLengthConstraint: Boolean;
DescriptionA certificate issuer can restrict the number of levels in a certificate path. This property indicates whetherthe certificate has this restriction. If this value is True, you can use the PathLengthConstraint property todetermine the number of levels allowed.This property is read-only.
See AlsoPathLengthConstraint
15.3.2.3 TScCertBasicConstraintsExtension.PathLengthConstraint
property PathLengthConstraint: Integer;
DescriptionIf a certificate has a constraint on the number of levels in the certificate path, this property indicates howmany levels are allowed.This property is read-only.
See AlsoHasPathLengthConstraint
42
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.4 TScCertEnhancedKeyUsageExtension
15.4.1 Description
UnitScBridge
DescriptionA TScCertEnhancedKeyUsageExtension is a collection of object identifiers (OIDs) that indicate theapplications that use the key.
The enhanced key usage extension indicates the purposes for which the certified public key may beused. These purposes may be in addition to or in place of the basic purposes indicated in TScCertKeyUsageExtension.The enhanced key usage must include Online Certificate Status Protocol (OCSP) signing in an OCSPresponder's certificate. The exception is that the CA signing key that signed the certificates validated bythe responder is also the OCSP signing key. The OCSP responder's certificate must be issued directlyby the CA that signs certificates the responder will validate.The TScCertKeyUsage, TScCertEnhancedKeyUsage, and TScCertBasicConstraints extensions acttogether to define the purposes for which the certificate is intended to be used. Applications can usethese extensions to disallow the use of a certificate in inappropriate contexts.
See AlsoTScCertExtension
SecureBridge Components43
SecureBridge Components, Copyright © 2007-2009 Devart
15.4.2 Properties
15.4.2.1 TScCertEnhancedKeyUsageExtension.EnhancedKeyUsages
typeTScOIdsList = class(TObjectList)publicproperty OIds[Index: Integer]: TScOid; default;
end;
property EnhancedKeyUsages: TScOIdsList;
DescriptionGets the collection of object identifiers (OIDs) that indicate the applications that use the key.Use TScOIdsList.OIds[Index] to obtain a pointer to a specific TScOid. The Index parameter indicates theindex of the object identifier. 0 is the index of the first object identifier.This property is read-only.
See AlsoTScOid
44
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.5 TScCertExtension
15.5.1 Description
UnitScBridge
DescriptionThe TScCertExtension class is used for certificate extensions support. Certificate extensions representinformation fields that contain an additional certificate information. Certificate extensions let extendingabilities of the basic data standard of the X.509 certificate. Several fields of the extension contain anadditional information about certificate identification. Other fields contain an additional information aboutcertificate encryption abilities.
In its most basic form, an X.509 extension has an object identifier (Oid), a Boolean value describingwhether the extension is considered critical or not (Critical), and ASN-encoded data (RawData).
See AlsoTScCertificate.ExtensionsTScCertBasicConstraintsExtensionTScCertKeyUsageExtensionTScCertEnhancedKeyUsageExtensionTScCertSubjectKeyIdExtension
SecureBridge Components45
SecureBridge Components, Copyright © 2007-2009 Devart
15.5.2 Properties
15.5.2.1 TScCertExtension.Critical
property Critical: Boolean;
DescriptionUse this property to determine whether an extension is critical.This property is read-only.
15.5.2.2 TScCertExtension.Oid
property Oid: TScOid;
DescriptionThis property can be used to provide information about the Abstract Syntax Notation One (ASN.1)encoded data, such as the algorithm used to encrypt the data.This property is read-only.
See AlsoRawDataTScOid
15.5.2.3 TScCertExtension.RawData
property RawData: TBytes;
DescriptionA byte array that represents the Abstract Syntax Notation One (ASN.1) encoded data.This property is read-only.
See AlsoRawData
46
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.6 TScCertificate
15.6.1 Description
UnitScBridge
DescriptionThe TScCertificate class is used for working with X.509 certificates. The X.509 structure originated in theInternational Organization for Standardization (ISO) working groups. This structure can be used torepresent various types of information including identity, entitlement, and holder attributes.The certificate contains a public key, and some additional information (e. g. information about thecertification center produced the certificate, information about certificate user, the service period of thecertificate, etc.).Certificates can be used for organizations authentication, for authenticity verification of transferredinformation, and for data encryption.
Certificates can be stored in different formats. To load/save a certificate in one of formats, you shoulduse the ImportFrom or ExportTo methods correspondingly. To store a set of certificates in storage, theCertificateList property is used.
The TScCertificate lets you to sign data with the private key, which associated with the certificate, andverify signature with the certificate public key by using the Sign and VerifySign methods. The datasigning is used for checking data integrity.
Also TScCertificate lets encrypting and decrypting information using E ncrypt and Decrypt methods.
See AlsoTScStorage
SecureBridge Components47
SecureBridge Components, Copyright © 2007-2009 Devart
15.6.2 Properties
15.6.2.1 TScCertif icate.Certif icateList
property CertificateList: TScCertificateList;
DescriptionThis property is used for automatic loading and storing certificates in Storage. If the certificate was notloaded or imported, and you are trying to invoke functions that use data of the certificate, it isautomatically loaded from underlying Storage using CertName.
See AlsoReadyCertificateList.Storage
15.6.2.2 TScCertif icate.CertName
property CertName: string;
DescriptionThe certificate name is used for automatic loading and saving the certificate in CertificateList.
See AlsoTScStorage
15.6.2.3 TScCertif icate.Extensions
typeTScExtensionsList = class(TObjectList)publicproperty Extensions[Index: Integer]: TScCertExtension; default;
end;
property Extensions: TScExtensionsList;
DescriptionGets a collection of TScCertExtension objects. The extensions defined in the X.509 certificate formatallow additional data to be included in the certificate. It is set automatically when loading or importingcertificates.
Use TScExtensionsList.E xtensions[Index] to obtain a pointer to a specific extension. The Indexparameter indicates the index of the extension. 0 is the index of the first extension.
This property is read-only.
See AlsoTScCertExtension
15.6.2.4 TScCertif icate.Issuer
property Issuer: string;
Description
48
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
The name of the certificate authority that issued the X.509 certificate. It is set automatically whenloading or importing the certificate.This property is read-only.
See AlsoIssuerNameSubject
15.6.2.5 TScCertif icate.IssuerName
property IssuerName: TScDistinguishedName;
DescriptionGets the distinguished name of the certification authority that issued the certificate. It is setautomatically when loading or importing the certificate.This property is read-only.
See AlsoIssuerSubjectName
15.6.2.6 TScCertif icate.Key
property Key: TScKey;
DescriptionThe asymmetric key of RSA or DSA types associated with a certificate. The key is automatically loadedon certificate load. You can use the Key.IsPrivate property to determine whether the key is private orpublic. In order to associate a private key with this certificate, use Key.ImportFrom. At the same timethe public key and the key to be imported must be equivalent, otherwise an exception will be raised. It isnot allowed to import a public key.This property is read-only.
15.6.2.7 TScCertif icate.NotAf ter
property NotAfter: TDateTime;
DescriptionGets the date in local time after which a certificate is no longer valid. It is set automatically when loadingor importing the certificate. This property is read-only.
See AlsoNotBefore
15.6.2.8 TScCertif icate.NotBefore
property NotBefore: TDateTime;
DescriptionGets the date in local time on which a certificate becomes valid. It is set automatically when loading orimporting the certificate. This property is read-only.
SecureBridge Components49
SecureBridge Components, Copyright © 2007-2009 Devart
See AlsoNotAfter
15.6.2.9 TScCertif icate.Ready
property Ready: Boolean;
DescriptionThis property determines whether the certificate is ready to use. Set Ready to True, to load data fromCertificateList automatically. If the CertificateList is not assigned, an exception will be raised.
Note: If the certificate was not loaded or imported, and you are trying to invoke functions that use data ofthe certificate, it is automatically loaded from the underlying Storage using CertName.
See AlsoCertNameCertificateList
15.6.2.10 TScCertif icate.SerialNumber
property SerialNumber: string;
DescriptionThe serial number of the certificate. It is a unique number issued by the certificate issuer, which is alsocalled the Certification Authority. It is set automatically when loading or importing the certificate. This property is read-only.
15.6.2.11 TScCertif icate.SignatureAlgorithm
property SignatureAlgorithm: TScOid;
DescriptionSignatureAlgorithm identifies the type of signature algorithm used by the certificate. It is setautomatically when loading or importing the certificate. This property is read-only.
15.6.2.12 TScCertif icate.Subject
property Subject: string;
DescriptionThe subject name from the certificate. It is set automatically when loading or importing the certificate. This property is read-only.
See AlsoSubjectNameIssuer
15.6.2.13 TScCertif icate.SubjectName
property SubjectName: TScDistinguishedName;
50
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
DescriptionGets the distinguished name of the certificate user. It is set automatically when loading or importing thecertificate. This property is read-only.
See AlsoSubjectIssuerName
15.6.2.14 TScCertif icate.Version
property Version: Integer;
DescriptionGets the X.509 format version of a certificate. It property is set automatically when loading or importing acertificate. This property is read-only.
SecureBridge Components51
SecureBridge Components, Copyright © 2007-2009 Devart
15.6.3 Methods
15.6.3.1 TScCertif icate.Decrypt
function Decrypt(const buf: TBytes): TBytes;
DescriptionUse the Decrypt method to decrypt data using the private key associated with the certificate. Thefunction returns the source data passed to the E ncrypt method. If the certificate key is not private (Key.IsPrivate = False), an exception will be raised.
Note: If the Ready property is False, the certificate will be automatically loaded.
See alsoE ncrypt
15.6.3.2 TScCertif icate.Encrypt
function Encrypt(const buf: TBytes): TBytes;
DescriptionUse the Encrypt method, to encrypting information using the certificate key. The method returnsencrypted information.
To decrypt the information, use the Decrypt method.
Note: If the Ready property is False, the certificate will be automatically loaded.
See alsoDecrypt
15.6.3.3 TScCertif icate.Equals
function Equals(Certificate: TScCertificate): Boolean;
DescriptionUse the Equals function to compare content of two certificates. If parameters of both certificates coincide
, the method returns True.
Note: If the Ready property of either of certificates is False, the certificate will be loaded automatically.
15.6.3.4 TScCertif icate.ExportTo
procedure ExportTo(const FileName: string; const CertFormat: TScCertificateFormat); overload;procedure ExportTo(Stream: TStream; const CertFormat: TScCertificateFormat); overload;
DescriptionUse this method to export the certificate to file or to stream. The certificate can be stored in differentformats.
Parameters:
52
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
FileName - specifies the file name in which the certificate will be exported. If the file with the
specified name does not exist, in will be created. The existent file will be overwritten.
Stream - pointer to the stream in which the certificate will be exported. Data will be appended to
the stream.
CertFormat - the data format which will be used for storing the certificate.
See alsoImportFrom
15.6.3.5 TScCertif icate.GetFingerprint
typeTScHashAlgorithm = (haSHA1, haMD5);
procedure GetFingerprint(const HashAlg: TScHashAlgorithm; out Fingerprint:TBytes); overload;procedure GetFingerprint(const HashAlg: TScHashAlgorithm; out Fingerprint:string); overload;
DescriptionReturns the certificate thumbprint into the Fingerprint parameter. The print is formed by using thespecified hash algorithm in the HashAlg parameter.
See alsoReady
15.6.3.6 TScCertif icate.ImportFrom
procedure ImportFrom(const FileName: string); overload;procedure ImportFrom(Stream: TStream); overload;
DescriptionImports the certificate from the specified file or stream. The certificate can be stored in different formats. Format is determined automatically when loading thecertificate.
Parameters:
FileName - determined the file name from which the certificate will be imported. If the file does not
exists, an exception will be raised.
Stream - a pointer to the stream that holds data for importing the certificate.
Note: If the certificate is loaded successfully, all properties becomes assigned, and the Ready propertyis set to True .
See alsoExportTo
15.6.3.7 TScCertif icate.Sign
typeTScSignAlgorithm = (saSHA1, saMD5, saHMAC, saSSL3_SHAMD5);
SecureBridge Components53
SecureBridge Components, Copyright © 2007-2009 Devart
function Sign(const Data: TBytes; AlgId: TScSignAlgorithm = saSHA1): TBytes;
DescriptionUse the Sign function, to sign necessary data by using the private key, which is associated with thecertificate. The function returns the signature of the specified data. If the certificate key is not private (Key.IsPrivate = False), the exception will be raised.
Use this signature to verify the data integrity. If the data substitution is possible when the data istransferred, it is required to transfer the data signature along with the data itself. In this case the receivermust have the public constituent of the key, that is used to verify the signature. To verify the signature, use the VerifySign function.
Note: If the Ready property is False, the certificate will be automatically loaded.
See alsoVerifySign
15.6.3.8 TScCertif icate.Verif ySign
typeTScSignAlgorithm = (saSHA1, saMD5, saHMAC, saSSL3_SHAMD5);
function VerifySign(const Data: TBytes; const Sign: TBytes; AlgId:TScSignAlgorithm = saSHA1): boolean;
DescriptionThe VerifySign method verifies whether the signature is correct for specified Data using the certificatekey. If the signature is correct, the function returns True.
To get the data signature, the Sign function should be used.
Note: If the Ready property is False, the certificate will be automatically loaded.
See alsoSign
54
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.7 TScCertificateList
15.7.1 Description
UnitScBridge
DescriptionTScCertificateList is used by a storage to manage the certificate objects that correspond to certificatesin the storage.
Use the properties and methods of TScCertificateList to:
access a specific certificate;
add a new certificate object or delete persistent certificate objects from the list;
find out how many certificates there are.
See alsoTScCertificate
SecureBridge Components55
SecureBridge Components, Copyright © 2007-2009 Devart
15.7.2 Properties
15.7.2.1 TScCertif icateList.Count
property Count: Integer;
DescriptionUse Count to determine the number of certificates referenced by the TScCertificateList object.
See AlsoCertificates
15.7.2.2 TScCertif icateList.Certif icates
property Certificates[Index: Integer]: TScCertificate; default;
DescriptionUse Certificates to obtain a TScCertificate object from the list. The Index parameter indicates the indexof the certificate, where 0 is the index of the first certificate, 1 is the index of the second certificate, andso on.Use Certificates with the Count property to iterate through all of the certificates in the list.
See AlsoCount
15.7.2.3 TScCertif icateList.Storage
property Storage: TScStorage;
DescriptionCheck the value of the Storage property to determine the storage that is associated with theTScCertificateList object. Applications should not directly assign this property. It is assignedautomatically when the CertificateList is created.
See AlsoTScStorage
56
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.7.3 Methods
15.7.3.1 TScCertif icateList.Add
procedure Add(Cert: TScCertificate);
DescriptionInserts a new certificate Cert to the end of the Certificates array. At that the CertificateList property ofCert is replaced to the current TScCertificateList object, and the information about the Cert is saved tothe Storage.
See AlsoTScCertificate
15.7.3.2 TScCertif icateList.Certif icateByName
function CertificateByName(const CertName: string): TScCertificate;
DescriptionCall CertificateByName to determine if a specified certificate is referenced in the TScCertificateListobject. CertName is the name of the certificate for which to search. If CertificateByName finds acertificate with a matching name, it returns the TScCertificate object for the specified certificate.Otherwise it raises an exception.
If there is several certificates with the same name in the list, this method will always return theTScCertificate object for the first certificate in the list.
Note:CertificateByName differs from the FindCertificate method only when the named certificate is not in thelist. When the certificate is not found, FindCertificate returns nil, while CertificateByName raises anexception.
See alsoFindCertificate
15.7.3.3 TScCertif icateList.CheckCertif icateName
procedure CheckCertificateName(const CertName: string);
DescriptionChecks for the certificate specified by CertName in the Certificates property array. If the certificate withthe specified name is already listed, CheckCertificateName raises the EScE rror exception.
See AlsoTScCertificateEScE rror
15.7.3.4 TScCertif icateList.Clear
procedure Clear;
DescriptionDeletes all certificates. Clear empties the Certificates array property, frees the memory used to store the
SecureBridge Components57
SecureBridge Components, Copyright © 2007-2009 Devart
array and deletes the certificates from the Storage.
See AlsoTScCertificate
15.7.3.5 TScCertif icateList.FindCertif icate
function FindCertificate(const CertName: string): TScCertificate;
DescriptionCall FindCertificate to determine if a specified certificate appears in the list. CertName is the name of thecertificate for which to search. If FindCertificate finds a certificate with a matching name, it returns the TScCertificate object for the specified certificate. Otherwise it returns nil.
If there is several certificates with the same name in the list, this method will always return theTScCertificate object for the first certificate in the list.
Note:FindCertificate differs from the CertificateByName method only when the named certificate is not in thelist. When the certificate is not found, FindCertificate returns nil, while CertificateByName raises anexception.
See alsoCertificateByName
15.7.3.6 TScCertif icateList.GetCertif icateNames
procedure GetCertificateNames(List: TStrings);
DescriptionCall GetCertificateNames to fill the List with the certificate names for all certificates in the Certificatesarray. List is a TStrings descendant created and maintained by the application.
See alsoTScCertificate
15.7.3.7 TScCertif icateList.IndexOf
function IndexOf(Cert: TScCertificate): Integer;
DescriptionCall IndexOf to get the index for a certificate in the Certificates array. Specify the certificate as the Certparameter. The first certificate in the array has index 0, the second certificate has index 1, and so on. If a certificateis not in the Certificates array, IndexOf returns -1.
See alsoTScCertificate
58
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.7.3.8 TScCertif icateList.Ref resh
procedure Refresh;
DescriptionReloads certificate list in the Certificates array from Storage.
See alsoStorage.Certificates
15.7.3.9 TScCertif icateList.Remove
procedure Remove(Cert: TScCertificate);
DescriptionDeletes the reference to the Cert parameter from the Certificates array and delete the certificate fromStorage.After a certificate is removed, all of the items that follow it are moved up in index position and Count isreduced by one.
See alsoTScCertificate
SecureBridge Components59
SecureBridge Components, Copyright © 2007-2009 Devart
15.8 TScCertKeyUsageExtension
15.8.1 Description
UnitScBridge
DescriptionThe TScCertKeyUsageExtension class uses the flags in the TScKeyUsageFlags enumeration to definekey usage.
A certificate lets a subject to perform certain tasks. In order to control usage of a certificate out ofdesignated scopes, the corresponding restrictions are automatically included in the certificate.KeyUsageExtension is a restriction method that determines, for what purposes the certificate can beused. This lets to produce certificates that can be used both for tasks restricted by certain scopes, andfor different tasks.
See AlsoTScCertExtension
60
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.8.2 Properties
15.8.2.1 TScCertKeyUsageExtension.KeyUsages
typeTScKeyUsageFlag = (kfCrlSign, kfDataEncipherment, kfDecipherOnly,
kfDigitalSignature, kfEncipherOnly,kfKeyAgreement, kfKeyCertSign,kfKeyEncipherment, kfNonRepudiation, kfNone);
TScKeyUsageFlags = set of TScKeyUsageFlag;
property KeyUsages: TScKeyUsageFlags;
DescriptionThis property returns a value from the TScKeyUsageFlags enumeration that indicates how the certificatekey can be used.This property is read-only.
Value Meaning
kfCrlSign The key can be used to sign a Certificate Revocation List (CRL).
kfDataEncipherment The key can be used for data encryption.
kfDecipherOnly The key can be used for decryption only.
kfDigitalSignature The key can be used as a digital signature.
kfEncipherOnly The key can be used for encryption only.
kfKeyAgreement The key can be used to determine key agreement, such as a key
created using the Diffie-Hellman key agreement algorithm.kfKeyCertSign The key can be used to sign certificates.
kfKeyEncipherment The key can be used for key encryption.
kfNonRepudiation The key can be used for authentication.
kfNone No key usage parameters.
SecureBridge Components61
SecureBridge Components, Copyright © 2007-2009 Devart
15.9 TScCertSubjectKeyIdExtension
15.9.1 Description
UnitScBridge
DescriptionThe TScCertKeyUsageExtension class defines a string that identifies a certificate's subject key identifier(SKI). The SKI provides a unique identification for the subject of the certificate. The SKI is often used whenworking with XML digital signing.
The SKI extension identifies the public key certified by this certificate. This extension provides a way ofdistinguishing public keys if more than one is available for a given subject name.
See AlsoTScCertExtension
62
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.9.2 Properties
15.9.2.1 TScCertSubjectKeyIdExtension.SubjectKeyIdentif ier
property SubjectKeyIdentifier: string;
DescriptionSubjectKeyIdentifier is a string, encoded in hexadecimal format, that represents the subject keyidentifier (SKI). The SKI provides a unique identification for the subject of the certificate. The SKI is oftenused when working with XML digital signing.This property is read-only.
SecureBridge Components63
SecureBridge Components, Copyright © 2007-2009 Devart
15.10 TScCheckFileReplyExtension
15.10.1 Description
UnitScSFTPUtils
DescriptionThe TScCheckFileReplyExtension class holds the server answer for the CheckFile extension query.
See AlsoCheckFileCheckFileByHandle
64
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.10.2 Properties
15.10.2.1 TScCheckFileReplyExtension.HashAlgorithm
property HashAlgorithm: string;
DescriptionThe HashAlgorithm property defines the hash algorithm that was actually used.
15.10.2.2 TScCheckFileReplyExtension.Hashes
property Hashes[Index: Integer]: TBytes;
DescriptionThe Hashes property holds the computed hashes.
15.10.2.3 TScCheckFileReplyExtension.HashesCount
property HashesCount: Integer;
DescriptionThe HashesCount property holds the number of the computed hashes.
SecureBridge Components65
SecureBridge Components, Copyright © 2007-2009 Devart
15.11 TScCryptoAPIStorage
15.11.1 Description
UnitScCryptoAPIStorage
DescriptionTScCryptoAPIStorage is used for storing information about keys and certificates in system and externalcertificate storages. It works through CryptoAPI. CryptoAPI is an application programming interface thatcan add authentication, encoding, and encryption to Windows-based applications.
Use the CertProviderType property to specify the provided type which determines where the certificateswill be stored. Keys are stored in system key containers. Each container has an unique system namefor each ProviderName .
Objects are loaded automatically when the Certificates and Keys properties are accessed.TScCryptoAPIStorage does not let storing information about users, therefore an exception will be raisedwhen accessing to the Users property.
See AlsoTScCertificateTScKeyTScUser
66
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.11.2 Properties
15.11.2.1 TScCryptoAPIStorage.CertLocation
type TScCertLocation = (clCurrentUser, clCurrentUserGroupPolicy,
clLocalMachine, clLocalMachineEnterprise, clLocalMachineGroupPolicy,clCurrentService, clServices, clUsers);
property CertLocation: TScCertLocation;
DescriptionUse this property to specify a system store location. Usage of this property is related on the value ofthe CertProviderType property.Default value is clCurrentUser.
15.11.2.2 TScCryptoAPIStorage.CertProviderType
typeTScCertProviderType = (ptMemory, ptFile, ptRegistry, ptSystem,ptSystemRegistry, ptPhysical);
property CertProviderType: TScCertProviderType;
DescriptionSpecifies the provider type. It determines where certificates will be stored. Usage of CertLocation andCertStoreName properties is related to the value of CertProviderType.
Default value of this property is ptSystem.
Value Meaning
ptMemory Creates a certificate store in cached memory. Typically used to create a
temporary store. The CertLocation and CertStoreName properties arenot used for this provider type.
ptFile Initializes the store with certificates from a file. The CertStoreName
specifies the patch to the file with data. If the file with specified namedoes not exists when accessing the storage, the provider will try tocreate it. If the file exists, the storage will load certificates list from thefile into the Certificates property. The CertLocation property is not used.When the storage refers to the underlying file, it opens it and blocks sothat other application cannot open it.
ptRegistry Initializes the store with certificates from a registry subkey. A registry
key should be specified in the CertStoreName property, where thecertificate list is stored. If the specified key does not exist, the providerwill try to create it. The CertLocation property indicates the root key forthe storage.
ptSystem Initializes the store with certificates from the specified system store.
The system store is a logical collection store that consists of one or
SecureBridge Components67
SecureBridge Components, Copyright © 2007-2009 Devart
more physical sibling stores. After the system store is opened, all of thephysical stores that are associated with it are also opened and areadded to the system store collection. The CertLocation indicates thesystem store location. The CertStoreName specifies the system storename. For each system store location, the predefined systems storesare: 'MY', 'Root', 'Trust', 'CA'.
ptSystemRegistry Enters into storages set determined by ptSystem. Initializes the store
with certificates from a physical registry store. The CertLocationindicates the system store location. The CertStoreName specifies asystem store name. For each system store location, the predefinedsystems stores are: 'MY', 'Root', 'Trust', 'CA'.
ptPhysical Enters into storages set determined by ptSystem. Initializes the store
with certificates from a specified physical store. The CertLocationindicates the system store location. The CertStoreName consists of twoparts separated with an intervening backslash (\), for exampleRoot\.LocalMachine. Where Root is the name of the system store, and.LocalMachine is the name of the physical store.
See AlsoCertLocation CertStoreName
15.11.2.3 TScCryptoAPIStorage.CertStoreName
property CertStoreName: string;
DescriptionUse this property to specify a store name. Usage of this property depends on the CertProviderTypeproperty value.Default value of this property is 'MY'.
See AlsoCertProviderType
15.11.2.4 TScCryptoAPIStorage.ProviderName
property ProviderName: string;
DescriptionThe name of a cryptographic provider. Cryptographic provider - an independent software module thatactually performs cryptography algorithms for authentication, encoding, and encryption. The default provider will be used if the value of this property equals to an empty string. It isrecommended to use the default provider.
See alsoGetProviderNames
68
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.11.3 Methods
15.11.3.1 TScCryptoAPIStorage.GetProviderNames
procedure GetProviderNames(List: TStrings);
DescriptionCall GetProviderNames to fill the List with the cryptographic service providers available on a computer.List is a TStrings descendant created and maintained by the application.Cryptographic service provider is an independent software module that actually performs cryptographyalgorithms for authentication, encoding, and encryption.
See alsoProviderName
SecureBridge Components69
SecureBridge Components, Copyright © 2007-2009 Devart
15.12 TScDistinguishedName
15.12.1 Description
UnitScBridge
DescriptionThis class is like an extension to the SubjectName or IssuerName property, which is the name of theperson or entity that the certificate is being issued to. This class contains a data set in the following form: Object Identifier (OID) = Value. To access OIDs usethe Names property. To get a value of an OID, use the Values property. Count determines data setcount.
See AlsoTScCertificate.IssuerNameTScCertificate.SubjectName
70
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.12.2 Properties
15.12.2.1 TScDistinguishedName.Count
property Count: integer;
DescriptionThis property specifies the number of pairs "Object Identifier (OID) -> Value" in the list. This property is read-only.
15.12.2.2 TScDistinguishedName.Name
property Name: string;
DescriptionGets the comma-delimited distinguished name from an X.509 certificate.This property is read-only.
15.12.2.3 TScDistinguishedName.Names
property Names[Index: integer]: string;
DescriptionUse Names to obtain the Object Identifier (OID). The Index parameter indicates the index of the OID ,where 0 is the index of the first OID , 1 is the index of the second OID , and so on.This property is read-only.
Use Names with the Count property to iterate through all of the OIDs in the list.
15.12.2.4 TScDistinguishedName.Values
property Values[const Name: string]: string;
DescriptionYou can use Values for getting the value for specified Name.This property is read-only.
To iterate through all of the values in the list, use the ValueFromIndex and Count properties.
15.12.2.5 TScDistinguishedName.ValueFromIndex
property ValueFromIndex[Index: integer]: string;
DescriptionUse ValueFromIndex to get the corresponding Object Identifier (OID). The Index parameter indicates theindex of the Value, where 0 is the index of the first Value, 1 is the index of the second Value, and so on.This property is read-only.
Use ValueFromIndex with the Count property to iterate through all of the values in the list.
SecureBridge Components71
SecureBridge Components, Copyright © 2007-2009 Devart
15.13 TScFilenameTranslationControlExtension
15.13.1 Description
UnitScSFTPUtils
DescriptionIf the server included the 'filename-charset' extension в initialization extensions, a client MAY send thisextension to turn off server translation to UTF-8.
See AlsoFilenameCharsetFilenameCharsetAvailableRequestExtension
72
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.13.2 Properties
15.13.2.1 TScFilenameTranslationControlExtension.DoTranslate
property DoTranslate: Boolean;
DescriptionSet the DoTranslate property to true for server to enable filename translation to UTF-8. If this property isset to false, server disables filename translation.
SecureBridge Components73
SecureBridge Components, Copyright © 2007-2009 Devart
15.14 TScFileStorage
15.14.1 Description
UnitScBridge
DescriptionTScFileStorage is used for storing information about keys, users and certificates in files.
Use the Path property to specify the path to store files.The information about keys and users can be stored in encrypted form. Use the Algorithm and Passwordproperties to specify encryption algorithm and password for storing objects in encrypted form.
Objects are loaded automatically when the Certificates, Keys and Users properties are accessed.
See AlsoTScCertificateTScKeyTScUser
74
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.14.2 Properties
15.14.2.1 TScFileStorage.Algorithm
property Algorithm: TScSymmetricAlgorithm;
DescriptionInformation about keys and users can be stored in encrypted form.Use Algorithm to specify encrypting algorithm which will be used for encoding and decoding files whensaving and loading.
Note: If the Password property is not assigned, files will not be encrypted when saving.
15.14.2.2 TScFileStorage.Password
property Password: string;
DescriptionInformation about keys and users can be stored in encrypted form. Use this property to specify the password which will be used for encoding and decoding files whensaving and loading. If the Password property is not assigned, files will not be encrypted when saving.
15.14.2.3 TScFileStorage.Path
property Path: string;
DescriptionUse this property to specify what directory will be used to store files that hold the information aboutcertificates, keys and users. This information is loaded automatically when the Certificates, Keys andUsers properties are accessed.
Default value of this property is '.'. It means that the files will be stored in your application directory.
SecureBridge Components75
SecureBridge Components, Copyright © 2007-2009 Devart
15.15 TScIdIOHandler
15.15.1 Description
UnitScIndy
DescriptionThe TScIdIOHandler component is a wrapper for TScSSHChannel with an Indy-compatible interface.
See AlsoTScSSHChannelTScSSHClient
76
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.15.2 Properties
15.15.2.1 TScIdIOHandler.Client
property Client: TScSSHClient;
DescriptionDetermines secure physical connection between the client and the SSH server that will be used for datatransferring.
SecureBridge Components77
SecureBridge Components, Copyright © 2007-2009 Devart
15.16 TScKey
15.16.1 Description
UnitScBridge
DescriptionThe TScKey class is used for working with asymmetric keys of RSA and DSA types. The algorithm ofthe key is determined by the Algorithm property.In asymmetric encryption two key are used. The first key is used for data decryption and signing (privatekey), the second key is used for data encrypting (public key).TScKey lets you working both with private and public keys. The private key contains both parts - privatepart and public part. You can use the IsPrivate property to determine whether the key is private or public.The key length is determined by the BitCount property. The more key length, the higher its firmness tobreaking.
The TScKey class lets you generating new keys by using the Generate method. To store keys, differentformats are used. To load or save a key in one of formats, you should use the ImportFrom or ExportTomethods correspondingly. To store a set of keys in storage, the KeyList property is used.
The TScKey lets you to sign data with the private key and verify signature with the public key by usingthe Sign and VerifySign methods. The data signing is used for checking data integrity.
Also TScKey can encrypt and decrypt data with E ncrypt and Decrypt methods.
See AlsoTScStorage
78
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.16.2 Properties
15.16.2.1 TScKey.Algorithm
property Algorithm: TScAsymmetricAlgorithm;
DescriptionThe Algorithm property stores the name of asymmetric algorithm. It is set automatically when loading,importing, or generating the key. This property is read-only.
See AlsoGenerate
15.16.2.2 TScKey.BitCount
property BitCount: integer;
DescriptionThe BitCount property stores the length of the key. It is set automatically when loading, importing, orgenerating the key. This property is read-only.
See AlsoGenerate
15.16.2.3 TScKey.IsPrivate
property IsPrivate: Boolean;
DescriptionDetermines whether the key is private or public. It is set automatically when loading, importing, orgenerating the key. The private key always contains the public key.This property is read-only.
See AlsoImportFromExportTo
15.16.2.4 TScKey.KeyList
property KeyList: TScKeyList;
DescriptionThis property is used for automatic loading and storing keys in Storage. If the key was not loaded orgenerated, and you are trying to invoke functions that use data of the key, it is automatically loaded fromunderlying Storage using KeyName.
See AlsoReadyKeyList.Storage
SecureBridge Components79
SecureBridge Components, Copyright © 2007-2009 Devart
15.16.2.5 TScKey.KeyName
property KeyName: string;
DescriptionThe key name is used for automatic loading and saving the key in KeyList.
See AlsoTScStorage
15.16.2.6 TScKey.Ready
property Ready: Boolean;
DescriptionThis property determines whether the key is ready to use. Set Ready to True, to load data from KeyListautomatically. If the KeyList is not assigned, an exception will be raised.This property is set automatically when the key is generated.
Note: If the key was not loaded or generated, and you are trying to invoke functions that use data of thekey, it is automatically loaded from underlying Storage using KeyName.
See AlsoKeyNameKeyListGenerate
80
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.16.3 Methods
15.16.3.1 TScKey.Decrypt
function Decrypt(const buf: TBytes): TBytes;
DescriptionUse the Decrypt method to decrypt data using the private key. This method returns the source data thatwas encrypted by the E ncrypt method.If the Ready property is False, the key will be automatically loaded.
Note: If the key is not private (IsPrivate = False), the exception will be raised.
See alsoE ncrypt
15.16.3.2 TScKey.Encrypt
function Encrypt(const buf: TBytes): TBytes;
DescriptionUse the Encrypt method, to encrypt data using the public key. This function returns an encrypted data.To decrypt data, use the Decrypt method.
Note: If the Ready property is False, the key will be automatically loaded.
See alsoDecrypt
15.16.3.3 TScKey.Equals
function Equals(Key: TScKey): Boolean;
DescriptionUse the Equals function to compare content of two keys. If data of both keys coincide, the functionreturns True. If either of keys is a public key, only public constituents of keys are compared. If both keysare private, both public and private constituents of keys are compared.If the Ready property of either of the keys is False, the key will be loaded automatically.
15.16.3.4 TScKey.ExportTo
typeTScKeyFormat = (kfDefault, kfDER, kfPKCS8, kfPKCS8enc, kfIETF);
procedure ExportTo(const FileName: string; const PublicKeyOnly: Boolean;const Password: string; const Cipher: TScSymmetricAlgorithm =saTripleDES; const KeyFormat: TScKeyFormat = kfDefault; const Comment:string = ''); overload;
procedure ExportTo(Stream: TStream; const PublicKeyOnly: Boolean; constPassword: string; const Cipher: TScSymmetricAlgorithm = saTripleDES;const KeyFormat: TScKeyFormat = kfDefault; const Comment: string = '');
SecureBridge Components81
SecureBridge Components, Copyright © 2007-2009 Devart
overload;
DescriptionUse this method to export the key to file or to stream.The key can be exported in different formats. Some formats let store only private keys, other - bothprivate and public. It is possible to store the key in encrypted form to protect it from illegal access. Inthis case you should specify encryption algorithm and password.Some formats also let you store additional information about the key except key data.
Parameters:
FileName - specifies file name in which the key will be exported. If the file with specified name
does not exist, in will be created. The existent file will be overwritten.
Stream - pointer to the stream in which the key will be exported. Data will be appended to the
stream.
PublicKeyOnly - determines, whether only the public key or both public and private keys will be
exported. If the current key contains only public constituent, an attempt to save the private key willlead to raising the exception.
Password - determines password that is used by encryption algorithm for storing the key in
encrypted form. If the Password is not specified, the key will be stored in open form.
Cipher - encryption algorithm name that is used for storing the key in encrypted form.
KeyFormat - the data format which will be used for storing the key.
Comment - an additional information defined by user.
Note: You can only store the public keys in open form. Therefore, when you try to save a public key withthe Password parameter assigned, an exception will be raised.
Value Meaning
kfDefault The format, that is used by OpenSSH. Lets you store both private and
public keys. You can add a comment when saving the public key. Datacan be stored in both open and encrypted form.
kfDER Stores only private keys in open form. Data is stored as a sequence of
bytes with no transformation.
kfPKCS8 Lets you store only private keys in open form.
kfPKCS8enc Lets you store only private keys in encrypted form.
kfIETF This format lets you store both private and public keys. Data can be
stored in open or encrypted form. You can add a comment when storingthe key.
See alsoImportFromGenerate
15.16.3.5 TScKey.Generate
procedure Generate(const Algorithm: TScAsymmetricAlgorithm; const BitCount:integer; Random: TScRandom = nil);
82
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
DescriptionGenerates a new key, and if the KeyName and KeyList parameters are specified, automatically saves it.If the key is created successfully, the Ready property is set to True.Random data, that is generated by the specified random number generator, is used for generating keys. IfRandom is nil, the default random number generator is used.
Parameters:
Algorithm - asymmetric algorithm that determines type of the key to be generated.
BitCount - key length in bits.
Random - pointer to the random number generator that is used for getting random data.
Note: The key length determines the firmness to breaking. Now for usual tasks the recommended keylength is 1024 bits, for crucial tasks - 2048 bits.
See alsoExportToImportFrom
15.16.3.6 TScKey.GetFingerprint
typeTScHashAlgorithm = (haSHA1, haMD5);
procedure GetFingerprint(const HashAlg: TScHashAlgorithm; out Fingerprint:TBytes); overload;procedure GetFingerprint(const HashAlg: TScHashAlgorithm; out Fingerprint:string); overload;
DescriptionReturns the key print into the Fingerprint parameter. The print is formed by using the specified hashalgorithm HashAlg.
See alsoReady
15.16.3.7 TScKey.ImportFrom
procedure ImportFrom(const FileName: string; const Password: string; outComment: string); overload;
procedure ImportFrom(const FileName: string; const Password: string = '');overload;
procedure ImportFrom(Stream: TStream; const Password: string; out Comment:string); overload;
procedure ImportFrom(Stream: TStream; const Password: string = '');overload;
DescriptionImports the key from the specified file or stream. The key can be stored in different formats. Format is determined automatically when loading the key.Some formats lets store the key in the encrypted form. If the key was encrypted, it is required to specifythe password for decryption.
SecureBridge Components83
SecureBridge Components, Copyright © 2007-2009 Devart
Parameters:
FileName - determined the file name from which the key will be imported. If the file does not
exists, the exception will be raised.
Stream - a pointer to the stream that holds data for importing the key.
Password - the password that is used for data decryption.
Comment - additional information specified by the user when saving the key is returned by this
parameter.
Note: If the key is loaded successfully, the Algorithm, BitCount, IsPrivate becomes assigned, and theReady property is set to True .
See alsoExportToGenerate
15.16.3.8 TScKey.Sign
function Sign(const Data: TBytes): TBytes;
DescriptionUse the Sign function, to sign necessary data by using the private key. The function returns thesignature of the specified data.
Use this signature to verify the data integrity. If the data substitution is possible when the data istransferred, it is required to transfer the data signature along with the data itself. In this case the receivermust have the public constituent of the key, that is used to verify the signature. To verify the signature use the VerifySign function.
Note: If the Ready property is False, the key will be automatically loaded.
Note: If the key is not private (IsPrivate = False), the exception will be raised.
See alsoVerifySign
15.16.3.9 TScKey.Verif ySign
function VerifySign(const Data: TBytes; const Sign: TBytes): Boolean;
DescriptionThe VerifySign function verifies whether the signature is correct for specified Data using the public key. Ifthe signature is correct, the function returns True.
To get data signature the Sign function should be used.
Note: If the Ready property is False, the key will be automatically loaded.
See alsoSign
84
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.17 TScKeyList
15.17.1 Description
UnitScBridge
DescriptionTScKeyList is used by a storage to manage the key objects that correspond to keys in the storage.
Use the properties and methods of TScKeyList to:
Access a specific key.
Add or delete persistent key objects from the list.
Find out how many keys there are.
See alsoTScKey
SecureBridge Components85
SecureBridge Components, Copyright © 2007-2009 Devart
15.17.2 Properties
15.17.2.1 TScKeyList.Count
property Count: Integer;
DescriptionUse Count to determine the number of keys referenced by the TScKeyList object.
15.17.2.2 TScKeyList.Keys
property Keys[Index: Integer]: TScKey; default;
DescriptionUse Keys to obtain a pointer to a specific key. The Index parameter indicates the index of the key,where 0 is the index of the first key, 1 is the index of the second key, and so on.Set Keys to assign the properties of another key object to one of the keys in the list.Use Keys with the Count property to iterate through all of the keys in the list.
15.17.2.3 TScKeyList.Storage
property Storage: TScStorage;
DescriptionCheck the value of the Storage property to determine the storage that is associated with the TScKeyListobject. Applications should not directly assign the Storage property of a KeyList. It is assignedautomatically when the KeyList is created.
86
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.17.3 Methods
15.17.3.1 TScKeyList.Add
procedure Add(Key: TScKey);
DescriptionInserts a new key to the end of the Keys array. At that the KeyList property of the key is replaced to thecurrent TScKeyList object and the key becomes stored in Storage.
Note: When adding a key, the Ready property of the key must be set to True.
15.17.3.2 TScKeyList.CheckKeyName
procedure CheckKeyName(const KeyName: string);
DescriptionChecks if a key name already exists in the TScKeyList object.CheckKeyName checks for the key specified by KeyName in the Keys property array. If the key with thespecified name is already listed, CheckKeyName raises an EScE rror exception with the duplicate keyname error message.
15.17.3.3 TScKeyList.Clear
procedure Clear;
DescriptionDeletes all keys from the TScKeyList object. Clear empties the Keys property array, frees the memoryused to store the array and delete the keys from the Storage.
15.17.3.4 TScKeyList.FindKey
function FindKey(const KeyName: string): TScKey;
DescriptionCall FindKey to determine if a specified key is referenced in the TScKeyList object. KeyName is thename of the key for which to search. If FindKey finds a key with a matching name, it returns the TScKeyobject for the specified key. Otherwise it returns nil.
Note:FindKey differs from the KeyByName method only when the named key is not in the list. When the keyis not found, FindKey returns nil, while KeyByName raises an exception.
See alsoKeyByName
15.17.3.5 TScKeyList.KeyByName
function KeyByName(const KeyName: string): TScKey;
DescriptionReturns a key by specified key name.Call the KeyByName method to retrieve key information for a key when only the key's name is known.
SecureBridge Components87
SecureBridge Components, Copyright © 2007-2009 Devart
KeyByName returns the TScKey object for the specified key. If the key can not be found, an exceptionis raised.
Note:KeyByName differs from the FindKey method only when the named key is not in the list. When the keyis not found, FindKey returns nil, while KeyByName raises an exception.
See alsoFindKey
15.17.3.6 TScKeyList.GetKeyNames
procedure GetKeyNames(List: TStrings);
DescriptionCall GetKeyNames to fill a list with the key names for all keys in the keys object. List is a TStringsdescendant created and maintained by the application.
See alsoTScKey
15.17.3.7 TScKeyList.IndexOf
function IndexOf(Key: TScKey): Integer;
DescriptionCall IndexOf to get the index for a key in the Keys array. Specify the key as the Key parameter. The first key in the array has index 0, the second key has index 1, and so on. If a key is not in the Keysarray, IndexOf returns -1.
15.17.3.8 TScKeyList.Remove
procedure Remove(Key: TScKey);
DescriptionDeletes the reference to the Key parameter from the Keys array and delete the key from the Storage.After the key is removed, all of the items that follow it are moved up in index position and the Count isreduced by one.
15.17.3.9 TScKeyList.Ref resh
procedure Refresh;
DescriptionReloads key list in the Keys array from the Storage.
See alsoStorage.Keys
88
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.18 TScObjList
15.18.1 Description
UnitScBridge
DescriptionTScObjList is an abstract class, which determines an interface to access lists of different object types(e. g. keys, users, certificates) stored in a storage.
Use the properties and methods of TScObjList to:
Find out how many objects there are.
Reload the list from the storage.
Save modified data in the storage.
See alsoTScKeyListTScUserListTScCertificateList
SecureBridge Components89
SecureBridge Components, Copyright © 2007-2009 Devart
15.18.2 Properties
15.18.2.1 TScObjList.Count
property Count: Integer;
DescriptionUse Count to determine the number of objects referenced by the TScObjList object.
15.18.2.2 TScObjList.Storage
property Storage: TScStorage;
DescriptionCheck the value of the Storage property to determine the storage that is associated with the TScObjListobject. Applications should not directly assign the Storage property of ObjList. It is assignedautomatically when the ObjList is created.
90
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.18.3 Methods
15.18.3.1 TScObjList.Clear
procedure Clear;
DescriptionDeletes all objects from the TScObjList object. The Clear method empties the objects array, frees thememory used to store the array and delete the objects from the Storage.
15.18.3.2 TScObjList.Flush
procedure Flush; virtual;
DescriptionUse this method to force data saving in the physical storage.
15.18.3.3 TScObjList.Ref resh
procedure Refresh;
DescriptionReloads object list in the array from the Storage.
SecureBridge Components91
SecureBridge Components, Copyright © 2007-2009 Devart
15.19 TScOid
15.19.1 Description
UnitScBridge
DescriptionThe TScOid class represents a cryptographic object identifier.Cryptographic object identifiers consist of a value/name pair. If one property in a pair is set to a knownvalue, the other property is updated automatically to a corresponding value.
92
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.19.2 Properties
15.19.2.1 TScOid.FriendlyName
property FriendlyName: string;
DescriptionGets or sets the friendly name of the identifier. If the Value property is set to a known value, the FriendlyName is updated automatically to acorresponding value.
15.19.2.2 TScOid.Value
property Value: string;
DescriptionGets or sets the dotted number of the identifier. If the FriendlyName property is set to a known value, the Value is updated automatically to acorresponding value.
SecureBridge Components93
SecureBridge Components, Copyright © 2007-2009 Devart
15.20 TScRandom
15.20.1 Description
UnitScRng
DescriptionThe TScRandom class implements functionality of a pseudo-random number generator. It produces asequence of numbers that meet certain statistical requirements for randomness.
The random number generation starts from a seed value. To set the start value, use the Randomizemethod. If the same seed is used repeatedly, the same series of numbers is generated. Seed can begenerated by using processor step counter, system timer information, information of random mousemovements or pressure of keyboard keys.
Note: Generation of a reliable starting sequence for the random-number generator is required to ensurehigh security level.
To improve performance, create only one TScRandom object to generate many random numbers,instead of creating a new TScRandom object to generate one random number.
See alsoTScRandom_LFSRPossible attack types and countermeasures
94
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.20.2 Methods
15.20.2.1 TScRandom.Randomize
{$IFNDEF CLR}procedure Randomize(Seed: Pointer; Count: integer); overload;{$ENDIF}procedure Randomize(const Seed: TBytes; const Offset, Count: Integer);overload; virtual;procedure Randomize(const Seed: TBytes); overload;procedure Randomize(const Seed: string); overload;procedure Randomize(Seed: TStream); overload;procedure Randomize; overload;
DescriptionUse the Randomize method to set a sequence of numbers, that will be used to generate a random-number sequence.
If Randomize without parameters is called, Seed based on the system timer readout is used.
Parameters:
Seed - the number sequence that is used for calculation of the starting value for a pseudo-randomnumber sequence;
Offset - zero-based byte offset in Seed, that points to the beginning of the data location;
Count - data length.
15.20.2.2 TScRandom.Random
procedure Random(var buf: TBytes; const Offset, Count: integer); virtual;
DescriptionFills the elements of a specified array of bytes with random numbers.
To initialize the random number generator, add a call to Randomize before making any calls to Random.
Parameters:
Buffer - an array of bytes to keep random numbers;
Offset - zero-based byte offset in Buffer, that points to the beginning of the data location to fill;
Count - data length.
SecureBridge Components95
SecureBridge Components, Copyright © 2007-2009 Devart
15.21 TScRandom_LFSR
15.21.1 Description
UnitScRng
DescriptionThis class is a descendant of the TScRandom class. It implements Linear Feedback Shift Register withvariable Period from 2^32 -1 to 2^2032 -1 method for generating random numbers.
Note: Generation of a reliable starting sequence for the random-number generator is required to ensurehigh security level.
See alsoTScRandomPossible attack types and countermeasures
96
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.22 TScRegStorage
15.22.1 Description
UnitScBridge
DescriptionTScRegStorage is used for storing information about keys, users and certificates in the system registry.
Use the KeyPath property to specify the registry key to store the information.Information about keys and users can be stored in an encrypted form. Use the Algorithm and Passwordproperties to specify encryption algorithm and password for storing objects in the encrypted form.
Objects are loaded automatically when the Certificates, Keys and Users properties are accessed.
See AlsoTScCertificateTScKeyTScUser
SecureBridge Components97
SecureBridge Components, Copyright © 2007-2009 Devart
15.22.2 Properties
15.22.2.1 TScRegStorage.Algorithm
property Algorithm: TScSymmetricAlgorithm;
DescriptionInformation about keys and users can be stored in an encrypted form.Use Algorithm to specify an encrypting algorithm which will be used for encoding and decoding fileswhen saving and loading.
Note: If the Password property is not assigned, files will not be encrypted when saving.
15.22.2.2 TScRegStorage.Password
property Password: string;
DescriptionInformation about keys and users can be stored in an encrypted form. Use this property to specify the password which will be used for encoding and decoding files whensaving and loading. If the Password property is not assigned, files will not be encrypted when saving.
15.22.2.3 TScRegStorage.KeyPath
property KeyPath: string;
DescriptionUse this property to specify what registry key will be used to store registry values that hold theinformation about certificates, keys and users. This information is loaded automatically when the Certificates, Keys and Users properties are accessed.
Default value of this property is '\SOFTWARE \SecureBridge\'.
15.22.2.4 TScRegStorage.RootKey
property RootKey: HKEY;
DescriptionUse RootKey to determine the hierarchy of subkeys that a Storage can access, or to specify the rootkey for the Storage.
By default, RootKey is set to HKEY_CURRENT_USER. To change the root key, specify a valid integervalue for the RootKey property.
98
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.23 TScSFTPACEItem
15.23.1 Description
UnitScSFTPUtils
DescriptionThe TScSFTPACE Item class holds the parameters of the ACL (Access Control List) attribute (takenfrom NFS Version 4 Protocol [RFC3010]).
SecureBridge Components99
SecureBridge Components, Copyright © 2007-2009 Devart
15.23.2 Properties
15.23.2.1 TScSFTPACEItem.AceFlags
typeTScSFTPAceFlag = (afFileInherit, afDirectoryInherit, afNo_propagateInherit,afInheritOnly, afSuccessfulAccess, afFailedAccess, afIdentifierGroup);TScSFTPAceFlags = set of TScSFTPAceFlag;
property AceFlags: TScSFTPAceFlags;
DescriptionThe AceFlags property holds a set of the Ace flags (taken from NFS Version 4 Protocol [RFC3010]).
15.23.2.2 TScSFTPACEItem.AceMask
typeTScSFTPAceMaskItem = (amReadData, amListDirectory, amWriteData, amAddFile,amAppendData, amAddSubdirectory, amReadNamedAttrs, amWriteNamedAttrs,amExecute, amDeleteChild, amReadAttributes, amWriteAttributes, amDelete,amReadAcl, amWriteAcl, amWriteOwner, amSynchronize);TScSFTPAceMask = set of TScSFTPAceMaskItem;
property AceMask: TScSFTPAceMask;
DescriptionThe AceMask property holds a set of the ACE flags (taken from NFS Version 4 Protocol [RFC3010]).
15.23.2.3 TScSFTPACEItem.AceType
typeTScSFTPAceType = (atAccessAllowed, atAccessDenied, atSystemAudit,atSystemAlarm);
property AceType: TScSFTPAceType;
DescriptionThe AceType property holds the ACE type (taken from NFS Version 4 Protocol [RFC3010]).
15.23.2.4 TScSFTPACEItem.Who
property Who: string;
DescriptionThe Who property holds a string of the form described in the Owner and Group properties. Also, thereare several identifiers that need to be understood universally. Some of these identifiers cannot beunderstood when a client accesses the server, but have meaning when a local process accesses thefile. The ability to display and modify these permissions is permitted over SFTP.
OWNER The owner of the file.GROUP The group associated with the file.E VE RYONE The world.
100
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
INTERACTIVE Accessed from an interactive terminal.NETWORK Accessed via the network.DIALUP Accessed as a dialup user to the server.BATCH Accessed from a batch job.ANONYMOUS Accessed without any authentication.AUTHENTICATED Any authenticated user (opposite of ANONYMOUS).SERVICE Access from a system service.
SecureBridge Components101
SecureBridge Components, Copyright © 2007-2009 Devart
15.24 TScSFTPClient
15.24.1 Description
UnitScSFTPClient
DescriptionThe TScSFTPClient component serves for implementing the functionality of SFTP protocol that providessecure file transfer (and more generally - file system access). It is used to implement secure remote filesystem service as well as secure file transfer service. SFTP client runs over a secure channel using the SSH protocol. At this the SFTP client authenticationis performed on the SSH protocol level. The secure connection is provided by an SSH client that can beassigned to the SSHClient property.
The TScSFTPClient component implements functionality of SFTP client.SFTP protocol provides secure file transfer (and more generally file system access). It is used toimplement secure remote file system service, as well as secure file transfer service.SFTP client runs over secure channel using the SSH protocol. On that the SFTP client authentication isperformed on the SSH protocol level. The secure connection is provided by an SSH client that can beassigned to the Client property.Use the ReadBlockSize and WriteBlockSize properties to increase the performance.
102
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.24.2 Properties
15.24.2.1 TScSFTPClient.Active
property Active: boolean;
DescriptionUse the Active property to determine whether the connection to SFTP server is established.
15.24.2.2 TScSFTPClient.SSHClient
property SSHClient: TScSSHClient;
DescriptionUse the SSHClient property to determine the secure connection between an SSH client and the SSHserver. This connection is used to exchange data. To create an SFTP connection, the SSHClientproperty should be set.This property can be set at design time by selecting a TScSSHClient object from the provided list.At runtime, set the SSHClient property to reference an existing TScSSHClient object.
15.24.2.3 TScSFTPClient.EOF
property EOF: boolean;
DescriptionUse the EOF property to determine that an attempt to read past the end-of-file was made or that thereare no more directory entries to return. This property has sense only when NonBlocking = False.
See AlsoNonBlockingReadDirectoryReadFileTextSeek
15.24.2.4 TScSFTPClient.NonBlocking
property NonBlocking: boolean;
DescriptionUse the NonBlocking property to determine the data transferring mode to use: synchronous orasynchronous. If NonBlocking is True, then all commands to the SFTP server will not block execution of other code inthe application. Data is transferred in the asynchronous mode. The result of the command execution canbe received only by processing corresponding event (for example, OnSuccess and OnE rror). IfNonBlocking is False, then the result of command execution is returned by the method when returningcontrol.The default value is False.
SecureBridge Components103
SecureBridge Components, Copyright © 2007-2009 Devart
15.24.2.5 TScSFTPClient.ReadBlockSize
property ReadBlockSize: integer;
DescriptionUse the ReadBlockSize property to determine the maximum size of the data block that will be sent asone query to the SFTP server when reading a file. Use this property to increase the applicationperformance. The default value is 32768.
See AlsoReadFile
15.24.2.6 TScSFTPClient.ServerProperties
property ServerProperties: TScSFTPServerProperties;
DescriptionThe ServerProperties property holds the detailed information about the current SFTP server that theserver may send when establishing a connection.
See AlsoTScSFTPServerProperties
15.24.2.7 TScSFTPClient.ServerVersion
type TScSFTPVersion = (vSFTP0, vSFTP1, vSFTP2, vSFTP3, vSFTP4, vSFTP5,vSFTP6);
property ServerVersion: TScSFTPVersion;
DescriptionThe ServerVersion property holds the version of the SFTP protocol that is used in the current connection.It is set when establishing a connection to the SFTP server (on the Initialize method call). This propertyis read-only.
See AlsoInitialize
15.24.2.8 TScSFTPClient.Timeout
property Timeout: integer;
DescriptionUse the Timeout property to determine the amount of time during which the client makes attempts toobtain data from the server.It is measured in seconds. The default value is 15.
104
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.24.2.9 TScSFTPClient.Version
type TScSFTPVersion = (vSFTP0, vSFTP1, vSFTP2, vSFTP3, vSFTP4, vSFTP5,vSFTP6);
property Version: TScSFTPVersion;
DescriptionThe Version property holds the version of the SFTP protocol the client is going to use.If the client wants to interoperate with servers that support discontinued versions of the SFTP protocol, itshould set this property to vSFTP3, and then use the OnVersionSelect event handler.The default value is vSFTP3.
See AlsoInitializeOnVersionSelect
15.24.2.10 TScSFTPClient.WriteBlockSize
property WriteBlockSize: boolean;
DescriptionUse the WriteBlockSize property to determine the maximum size of the data block that will be sent tothe SFTP server as one query when writing to file. Use this property to increase the applicationperformance. The default value is 32768.
See AlsoWriteFile
SecureBridge Components105
SecureBridge Components, Copyright © 2007-2009 Devart
15.24.3 Methods
15.24.3.1 TScSFTPClient.Block
type TScSFTPBlockMode = (bmRead, bmWrite, bmDelete, bmAdvisory); TScSFTPBlockModes = set of TScSFTPBlockMode;
procedure Block(const Handle: TScSFTPFileHandle; Offset, Count: Int64;BlockMode: TScSFTPBlockModes);
DescriptionCall the Block method to create a byte-range lock on the file specified by the handle. The lock can beeither mandatory (the server enforces that no other process or client can perform operations violating thelock) or advisory (no other processes can obtain a conflicting lock, but the server does not enforce thatno operation violates the lock).If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
Note: This operation is supported starting with the version 6 of the SFTP protocol.
Parameters:
Handle - is a handle returned by OpenFile or OpenDirectory methods. Note that some serversmay return the SSH_FX_OP_UNSUPPORTED error if the handle is a directory handle.
Offset - beginning of the byte-range to lock.
Count - the number of bytes in the range to lock. The special value 0 means lock from Offset tothe end of the file.
BlockMode - the blocking mode.Value MeaningbmRead the server guarantees that no other handle has been opened with
TScSFTPDesiredAccessItem.amReadData access, and that no otherhandle will be opened with amReadData access until the client closes thehandle. This applies both to other clients and to other processes on theserver.
bmWrite the server guarantees that no other handle has been opened with
TScSFTPDesiredAccessItem.amReadData or TScSFTPDesiredAccessItem.amWriteData access, and that no other handle will be opened withamReadData or amWriteData access until the client closes the handle. Thisapplies both to other clients and to other processes on the server.
bmDelete the server guarantees that no other handle has been opened with
TScSFTPDesiredAccessItem.amDelete access opened with theofDeleteOnClose flag set, and that no other handle will be opened with theamDelete access or with the ofDeleteOnClose flag set, and that the file itselfis not deleted in any other way until the client closes the handle.
bmAdvisory if this flag is set, the above block modes are advisory. In the advisory mode,
only other kinds of access that specify a block mode need to be consideredwhen determining whether the BLOCK can be granted, and the server doesnot prevent I/O operations that violate the block mode.
106
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.24.3.2 TScSFTPClient.CheckFile
procedure CheckFile(const FileName: string; StartOffset, Length: Int64;BlockSize: Integer; ReplyExtension: TScCheckFileReplyExtension = nil);
DescriptionCall the CheckFile method to check if a file (or its part) that client already has matches the one that ison the server.If the NonBlocking property is False, the method returns control after receiving an answer from the serverand writing the results to the ReplyExtension object. Otherwise the result is written to theReplyExtension object on executing the OnReplyCheckFile event. If the server returns an error, theOnE rror event is generated.
Note: this request is not supported by all SFTP servers.
Parameters:
FileName - the path to the file to check. If FileName is a directory, an error will be returned. IfFileName refers to a symbolic link, the target will be opened.
StartOffset - the starting offset of the data to include to the hash.
Length - the length of data to include to the hash. If the length is zero, all data from StartOffset tothe end-of-file should be included.
BlockSize - an independent hash that will be computed over every block in the file. The size ofblocks is specified by BlockSize. The BlockSize must not be smaller than 256 bytes. If theblock-size is 0, then only one hash over the entire range will be made.
ReplyExtension - an object to which the computed hashes will be written. If this parameter is setto nil or is not set at all, then the OnReplyCheckFile event should be processed. If the object isspecified, it will be returned in the OnReplyCheckFile event handler.
15.24.3.3 TScSFTPClient.CheckFileByHandle
procedure CheckFileByHandle(const Handle: TScSFTPFileHandle; StartOffset,Length: Int64; BlockSize: Integer; ReplyExtension: TScCheckFileReplyExtension = nil);
DescriptionCall the CheckFile method to check if a file (or its part) that client already has matches the one that ison the server.If the NonBlocking property is False, the method returns control after receiving an answer from the serverand writing the results to the ReplyExtension object. Otherwise the result is written to theReplyExtension object on executing the OnReplyCheckFile event. If the server returns an error, theOnE rror event is generated.
Note: this request is not supported by all SFTP servers.
Parameters:
Handle - an open file handle returned by the OpenFile method.
StartOffset - the starting offset of the data to include to the hash.
Length - the length of data to include to the hash. If the length is zero, all data from StartOffset tothe end-of-file should be included.
BlockSize - an independent hash that will be computed over every block in the file. The size ofblocks is specified by BlockSize. The BlockSize must not be smaller than 256 bytes. If theblock-size is 0, then only one hash over the entire range will be made.
ReplyExtension - an object to which the computed hashes will be written. If this parameter is set
SecureBridge Components107
SecureBridge Components, Copyright © 2007-2009 Devart
to nil or is not set at all, then the OnReplyCheckFile event should be processed. If the object isspecified, it will be returned in the OnReplyCheckFile event handler.
15.24.3.4 TScSFTPClient.CloseHandle
procedure CloseHandle(const Handle: TScSFTPFileHandle);
DescriptionCall the CloseHandle method to close an opened file handle.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by processing the OnSuccess and OnE rror events.
Parameters:
Handle - is a handle previously returned in the response to OpenFile or OpenDirectory. The handlebecomes invalid immediately after this command was sent.
See AlsoNonBlockingOnSuccessOnE rrorOpenFileOpenDirectory
15.24.3.5 TScSFTPClient.CopyRemoteFile
procedure CopyRemoteFile(const Source, Destination: string; Overwrite:Boolean);
DescriptionCall the CopyRemoteFile method to copy a file from one location to another on the server. If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
Parameters:
Source - holds the initial path to the file that is being copied.
Destination - holds the destination path to copy the file to.
Overwrite - specifies whether to overwrite the file with the same name if it exists.
See AlsoActiveOnSuccessOnE rror
15.24.3.6 TScSFTPClient.CreateLink
procedure CreateLink(const LinkPath, TargetPath: string; Symbolic: boolean= True);
DescriptionCall the CreateLink method to create either hard or symbolic link on the server.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
108
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
Parameters:
LinkPath - specifies the path name of the new link to create.
TargetPath - specifies the path of an existing file system object to which the new-link-path willrefer.
Symbolic - the link should be a symbolic link, or a special file that redirects file system parsing tothe resulting path. If Symbolic is false, the link should be a hard link, or a second directory entryreferring to the same file or directory object. This parameter is supported starting with the version4 of the SFTP protocol.
15.24.3.7 TScSFTPClient.Disconnect
procedure Disconnect;
DescriptionCall the Disconnect procedure to close an existing connection to the SFTP server. Disconnect sets the Active property to False.
See AlsoActive
15.24.3.8 TScSFTPClient.DownloadFile
procedure DownloadFile(const Source, Destination: string; Overwrite:Boolean);
DescriptionCall the DownloadFile method to copy a file from remote machine to the local.To create local resulting file with the required attributes (for example, with the attributes corresponding tothe ones that the file on the server has) process the OnCreateLocalFile event. By default file with defaultattributes is created.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
Parameters:
Source - holds the initial path to the file that is being copied.
Destination - holds the destination path to copy the file to.
Overwrite - specifies whether to overwrite the file with the same name if it exists.
See AlsoNonBlockingOnCreateLocalFileOnE rrorOnSuccess
15.24.3.9 TScSFTPClient.Initialize
procedure Initialize;
DescriptionCall the Initialize procedure to establish a connection to the SFTP server. Initialize sets the Activeproperty to True.If the Version property was set to the version 3 of the SFTP server before establishing a connection, andthe server supports higher versions of the SFTP protocol, then the OnVersionSelect event may beraised. At that user can choose the required version of the SFTP protocol. After the connection was
SecureBridge Components109
SecureBridge Components, Copyright © 2007-2009 Devart
established the method sets the ServerVersion and ServerProperties properties.
See AlsoActiveOnVersionSelectServerPropertiesServerVersion
15.24.3.10 TScSFTPClient.MakeDirectory
procedure MakeDirectory(const Path: string; Attributes:TScSFTPFileAttributes = nil);
DescriptionCall the MakeDirectory method to create new directory.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
Parameters:
Path - specifies the directory to be created.
Attributes - specifies the attributes that should be applied to it upon creation (refer to TScSFTPFileAttributes)
See AlsoTScSFTPFileAttributes
15.24.3.11 TScSFTPClient.OpenDirectory
function OpenDirectory(const Path: string): TScSFTPFileHandle;
DescriptionCall the OpenDirectory method to open an existing directory on the server for enumeration.If NonBlocking is False, the method returns the directory handle. Otherwise it returns nil, and to obtainthe directory handle the OnOpenFile event should be processed. If the server returns an error, theOnE rror event is generated.The obtained directory handle may be used in other operations? for example, in ReadDirectory.When enumeration is complete, the handle must be closed using the CloseHandle method.
Parameters:
Path - is the path name of the directory to be listed (without any trailing slash). If Path does notrefer to a directory, the server returns an error.
See AlsoCloseHandleOnE rrorOnOpenFileOpenFile
15.24.3.12 TScSFTPClient.OpenFile
typeTScSFTPFileOpenModeItem = (foRead, foWrite, foAppend, foCreate, foTrunc,
110
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
foExcl, foText);TScSFTPFileOpenModes = set of TScSFTPFileOpenModeItem;
TScSFTPFileOpenMode = (fmCreateNew, fmCreateOrTruncate, fmOpenExisting,fmOpenOrCreate, fmTruncateExisting);
TScSFTPFileOpenFlag = (ofAppendData, ofAppendDataAtomic, ofTextMode,ofNoFollow, ofDeleteOnClose, ofAccessAudit,ofAccessBackup, ofBackupStream, ofOverrideOwner);
TScSFTPFileOpenFlags = set of TScSFTPFileOpenFlag;
TScSFTPAceMaskItem = (amReadData, amListDirectory, amWriteData,amAddFile, amAppendData, amAddSubdirectory,amReadNamedAttrs, amWriteNamedAttrs, amExecute,amDeleteChild, amReadAttributes, amWriteAttributes,amDelete, amReadAcl, amWriteAcl, amWriteOwner,amSynchronize);
TScSFTPDesiredAccessItem = TScSFTPAceMaskItem;TScSFTPDesiredAccess = set of TScSFTPDesiredAccessItem;
function OpenFile(const FileName: string; Modes: TScSFTPFileOpenModes;Attributes: TScSFTPFileAttributes = nil): TScSFTPFileHandle; overload;function OpenFile(const FileName: string; Mode: TScSFTPFileOpenMode; Flags:TScSFTPFileOpenFlags = []; BlockMode: TScSFTPBlockModes = []; Access:TScSFTPDesiredAccess = []; Attributes: TScSFTPFileAttributes = nil):TScSFTPFileHandle; overload;
DescriptionCall the OpenFile method to open or create a remote file.
If the NonBlocking property is set to False, the method returns file handle. Otherwise it returns nil, andto receive the file handle the OnOpenFile event should be processed. If the server returns an error, theOnE rror event is generated. The file handle that was received may be used in other operations like ReadFile, WriteFile etc. After thework with the file handle was finished, you should close it by calling the CloseHandle method.It is preferable to use the first overload method with the version 4 of the SFTP protocol or lower, and thesecond - with the version 5 or higher (that's why it has more parameters, and, as a result, has enhancedfunctionality). Parameters:
FileName - the name of the file that is being opened. If FileName is the name of a directory, anerror will be raised.
Modes - flags for the file opening.
Value MeaningfoRead open the file for reading.
foWrite open the file for writing. If foRead is also specified, the
file is opened for reading and writing.foAppend force all writes to append data to the end of the file.
foCreate a new file will be created if one does not already exist
(if foTrunc is specified, the new file will be truncated tozero length if it existed).
SecureBridge Components111
SecureBridge Components, Copyright © 2007-2009 Devart
foTrunc forces an existing file with the same name to be
truncated to zero length when creating a file byspecifying foCreate. Causes the request to fail if the named file alreadyexists. foCreate should also be specified if this flag isused.
foText indicates that the server should treat the file as text
and convert it to the canonical newline convention inuse (refer to TScSFTPServerProperties.Newline ). Whena file is opened with the FXF_TEXT flag, the offset fieldin both read and write functions is ignored.
Mode - the mode of the file opening.
Value MeaningfmCreateNew a new file is created; if the file already exists, the server
returns the SSH_FX_FILE_ALREADY_EXISTS error.fmCreateOrTruncate a new file is created; if the file already exists, it is
opened and truncated.fmOpenExisting an existing file is opened. If the file does not exist, the
server returns the SSH_FX_NO_SUCH_FILE error. If adirectory in the path does not exist, the server returnsthe SSH_FX_NO_SUCH_PATH orSSH_FX_NO_SUCH_FILE error.
fmOpenOrCreate If the file exists, it is opened. If the file does not exist, it
is created.fmTruncateExisting an existing file is opened and truncated. If the file does
not exist, the server returns the same error codes asdefined for fmOpenExisting.
Flags - a set of flags for file opening.
Value MeaningofAppendData data is always written at the end of the file. The offset
parameter of the WriteFile method is ignored.ofAppendDataAtomic data is always written at the end of the file. The offset
parameter of the WriteFile method is ignored. Data willbe written atomically so that there is no chance thatmultiple appenders can collide and result in data beinglost.
ofTextMode Indicates that the server should treat the file as text and
convert it to the canonical newline convention in use(refer to TScSFTPServerProperties.Newline ). When afile is opened with this flag, the offset field in the readand write functions is ignored. To support seeks on textfiles you can use the TextSeek method.
ofNoFollow if the final component of the path is a symlink, then the
opening will fail, and the error SSH_FX_LINK_LOOP willbe returned.
ofDeleteOnClose the file should be deleted when the last handle to it is
closed. (The last handle may not be an sftp-handle.) This MAY be emulated by the server if the OS doesn'tsupport it by deleting the file when this handle isclosed.
112
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
ofAccessAudit The client wants the server to enable any privileges or
extra capabilities that the user may have to allow thereading and writing of AUDIT or ALARM access controlentries.
ofAccessBackup The client wants the server to enable any privileges or
extra capabilities that the user may have in order tobypass normal access checks for the purpose ofbacking up or restoring files.
ofBackupStream This flag indicates that the client wishes to read or write
a backup stream. A backup stream is a systemdependent structured data stream that encodes allinformation that must be preserved in order to restorethe file from backup medium.
ofOverrideOwner This flag indicates that the client wishes the server to
enable any privileges or extra capabilities that the usermay have in order to gain access to the file with theWRITE_OWNER permission. This bit must always bespecified in combination withTScSFTPDesiredAccessItem.amWriteOwner.
BlockMode - the blocking mode of the file that is being opened ( refer to the Block method)
Access - the rights for the file access that are a combination of values of the ace-mask flags. Ifthe server cannot grant the access desired, it returns the SSH_FX_PERMISSION_DENIEDerror. The meaning of these flags is given in [RFC3010].
Attributes - specifies the initial attributes for the file. Parameter is ignored if an existing file isopened.
See AlsoBlockCloseHandleNonBlockingOnOpenFileOnE rrorReadFileOpenDirectoryTScSFTPServerProperties.NewlineWriteFile
15.24.3.13 TScSFTPClient.QueryAvailableSpace
procedure QueryAvailableSpace(const Path: string; ReplyExtension:TScSpaceAvailableReplyExtension = nil);
DescriptionCall the QueryAvailableSpace method to learn the amount of available space for an arbitrary path.If the NonBlocking property is False, the method returns control after erceiving an answer from the serverand writing the result to the ReplyExtension object. Otherwise the result is written to ReplyExtension onexecuting the OnReplySpaceAvailable event. If the server returns an error, the OnE rror event isgenerated.
Note: this request is not supported by all SFTP servers.
Parameters:
SecureBridge Components113
SecureBridge Components, Copyright © 2007-2009 Devart
Path - the path for which the available space should be reported.
ReplyExtension - an object to which the data about available space will be written. If thisparameter is set to nil or not set at all, the OnReplySpaceAvailable event should be processed inorder to get the result. If the object is specified, it will be returned in the OnReplySpaceAvailableevent handler.
15.24.3.14 TScSFTPClient.QueryUserHomeDirectory
function QueryUserHomeDirectory(const Username: string): string;
DescriptionCall the QueryUserHomeDirectory method to request user home directory for the specified Username.An empty string implies the current user.Many users are used typing '~' as an alias for their home directory, or ~username as an alias for anotheruser's home directory. To support this feature use this method.If the NonBlocking property is False, the method returns user home directory. Otherwise it returns anempty string, and in order to get the directory the OnFileName event should be processed. If the serverreturns an error, the OnE rror event is generated.
Note: this request is not supported by all SFTP servers.
15.24.3.15 TScSFTPClient.ReadDirectory
procedure ReadDirectory(const Handle: TScSFTPFileHandle);
DescriptionCall the ReadDirectory method to retrieve a directory listing. In order to obtain a complete directorylisting, the client must call this method until the EOF property is set to True. For every received file ordirectory name the OnDirectoryList event is generated. If the server returns an error, the OnE rror event isgenerated.
Parameters:
Handle - a handle previously returned in the response to OpenDirectory. If Handle is an ordinaryfile handle returned by OpenFile, the server returns error.
See AlsoEOFOnDirectoryListOnE rrorOpenDirectoryOpenFile
15.24.3.16 TScSFTPClient.ReadFile
{$IFNDEF CLR}function ReadFile(const Handle: TScSFTPFileHandle; FileOffset: Int64; varBuffer; Count: Longint): Longint; overload;{$ENDIF}function ReadFile(const Handle: TScSFTPFileHandle; FileOffset: Int64; varBuffer: TBytes; Offset, Count: Longint): Longint; {$IFNDEF CLR}
114
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
overload;{$ENDIF}
DescriptionCall the ReadFile method to read remote file data. If the NonBlocking property is set to False it returns the amount of data read. Otherwise it returns 0 andthe data can be read from the buffer on processing the OnData event. The OnData event may occurseveral times for a single call of ReadFile, if the amount of requested data exceeds the possible amountof data the server can return during one request (refer to the ReadBlockSize property). If the serversreturns an error, the OnE rror event is generated.This method sets the EOF property to True if the end of file was reached.
Parameters:
Handle - is a handle previously returned in the response to OpenFile.
FileOffset - the offset in bytes relative to the beginning of the file that the read starts at. This field isignored if TEXT MODE was specified during the open.
Buffer - The buffer to which the data will be read. If the buffer is specified, it will be returned by theOnData event handler. If NonBlocking is True, the parameter can have the nil value.
Offset - the position in the buffer from which to start writing the data.
Count - the maximum number of bytes to read.
See AlsoNonBlockingOnDataReadBlockSize
15.24.3.17 TScSFTPClient.ReadSymbolicLink
function ReadSymbolicLink(const Path: string): string;
DescriptionCall the ReadSymbolicLinkReads the target of a symbolic link. Path specifies the path name of thesymlink to be read.If NonBlocking is False, the method returns the target of the link. Otherwise it returns an empty string,and in order to obtain the result, the OnFileName event should be processed. If the server returns anerror, the OnE rror event is generated.
15.24.3.18 TScSFTPClient.RemoveDirectory
procedure RemoveDirectory(const Path: string);
DescriptionCall the RemoveDirectory method to remove directory. The Path parameter specifies the directory to beremoved. This request cannot be used to remove a file.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
15.24.3.19 TScSFTPClient.RemoveFile
procedure RemoveFile(const FileName: string);
Description
SecureBridge Components115
SecureBridge Components, Copyright © 2007-2009 Devart
Call the RemoveFile method to remove a file. FileName is the name of the file to be removed. Thisrequest cannot be used to remove directories.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
15.24.3.20 TScSFTPClient.RenameFile
typeTScSFTPRenameFlag = (rfOverwrite, rfAtomic, rfNative);TScSFTPRenameFlags = set of TScSFTPRenameFlag;
procedure RenameFile(const OldPath, NewPath: string; Flags:TScSFTPRenameFlags = []);
DescriptionCall the RenameFile property to rename file or directory.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
Parameters:
OldPath - the name of an existing file or directory.
NewPath - the new name for the file or directory.
Flags - the renaming parameters. This parameter is supported only since the version 5 of theSFTP protocol.Value MeaningrfOverwrite if this flag is not included, and a file with the name specified by newpath
already exists, the server responds with theSSH_FX_FILE_ALREADY_EXISTS error.
rfAtomic if this flag is included, and the destination file already exists, it is replaced in
an atomic fashion. I.e., there is no observable instance in time where thename does not refer either to the old or the new file. rfAtomic impliesrfOverwrite.
rfNative if this flag is included and the server cannot replace the destination in an
atomic fashion, then the server responds with theSSH_FX_OP_UNSUPPORTED error.
15.24.3.21 TScSFTPClient.RequestExtension
procedure RequestExtension(const ExtName: string; const ExtData: TBytes;ReplyExtension: TScSFTPExtension = nil); overload;procedure RequestExtension(Extension: TScSFTPExtension; ReplyExtension:TScSFTPExtension = nil); overload;
DescriptionCall the RequestExtension method to send an extended request to the server.Extensions allow clients to query the server for additional information which may not be widelysupported, but all the same can be implemented by some servers.If the NonBlocking property is False, the method returns control after receiving an answer from the serverand writing it to the ReplyExtension object. Otherwise the result is written to the ReplyExtension objecton executing the OnReplyExtension event. If the server returns an error, the OnE rror event is generated.
Note: this option is supported starting from the version 3 of the SFTP protocol.
116
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
Parameters:
ExtName - string that holds the extension name.
ExtData - the extension data, that is specified by the specific extension.
Extension - the object the Name and Data properties of which specify the extension parameters.
ReplyExtension - the object to which the replied data will be written. Если этот параметрустановлен в nil или не задан, тогда для получения результата необходимо обработатьOnReplyExtension event. If the object is specified, it will be returned in the OnReplyExtensionevent handler.
15.24.3.22 TScSFTPClient.RetrieveAbsolutePath
typeTScSFTPRealpathControl = (rcNoCheck, rcStatIf, rcStatAlways);
function RetrieveAbsolutePath(const Path: string; Control:TScSFTPRealpathControl = rcNoCheck; ComposePath: TStringList = nil):string;
DescriptionCall the RetrieveAbsolutePath method to have the server canonize any given path name to an absolutepath. This is useful for converting path names containing ".." components or relative pathnames withouta leading slash into absolute paths.If NonBlocking is False, the method returns absolute path. Otherwise it returns an empty string, and inorder to obtain absolute path the OnFileName event should be processed. If the server returns an error,the OnE rror event is generated.
Parameters:
Path - original path which the client wants to be resolved into an absolute canonical path.
Control - the parameters of identifying the absolute path. This parameter is supported startingwith the version 6 of the SFTP protocol.Value MeaningrcNoCheck the server does not fail the request if the path does not exist, is hidden, or
the user does not have access to the path or some component thereof.rcStatIf the server uses the path if it exists and is accessible to the client.
However, if the path does not exist, isn't visible, or isn't accessible, theserver does not fail the request. If the status of the file fails, the file type willbe ftUnknown.
rcStatAlways the server uses the path. If the stat operation fails, the server fails the
request.
ComposePath - the client may specify multiple elements, in which case the server should buildthe resulting path by applying each compose path to the accumulated result until all elementshave been applied. This parameter is supported starting with the version 6 of the SFTP protocol.
15.24.3.23 TScSFTPClient.RetrieveAttributes
procedure RetrieveAttributes(Attrs: TScSFTPFileAttributes; const Path:string; SymbolicLinks: boolean = False; const Flags: TScSFTPAttributes =[]);
Description
SecureBridge Components117
SecureBridge Components, Copyright © 2007-2009 Devart
Call the RetrieveAttributes method to retrieve the attributes for a named file.If NonBlocking is False, then the method returns control after receiving attributes from the server andwriting them to the Attrs object. Otherwise the attributes are set to Attrs on executing the OnFileAttributes event. If the server returns an error, the OnE rror event is generated.
Parameters:
Attrs - an object to which the attributes of the requested file will be written.
Path - specifies the file system object for which status should be returned.
SymbolicLinks - specify if the server follows symbolic links.
Flags - specify the attribute flags in which the client has particular interest. This parameter issupported starting with the version 4 of the SFTP protocol.
See AlsoTScSFTPFileAttributes
15.24.3.24 TScSFTPClient.RetrieveAttributesByHandle
procedure RetrieveAttributesByHandle(Attrs: TScSFTPFileAttributes; constHandle: TScSFTPFileHandle; const Flags: TScSFTPAttributes = []);
DescriptionCall the RetrieveAttributesByHandle method to retrieve the attributes for a named file.If NonBlocking is False, then the method returns control after receiving attributes from the server andwriting them to the Attrs object. Otherwise the attributes are set to Attrs on executing the OnFileAttributes event. If the server returns an error, the OnE rror event is generated.
Parameters:
Attrs - an object to which the attributes of the requested file will be written.
Handle - is a handle previously returned in the response to OpenFile or OpenDirectory.
Flags - specify the attribute flags in which the client has particular interest. This parameter issupported starting with the version 4 of the SFTP protocol.
See AlsoTScSFTPFileAttributes
15.24.3.25 TScSFTPClient.SetAttributes
procedure SetAttributes(const Path: string; Attributes:TScSFTPFileAttributes);
DescriptionCall the SetAttributes method to set the attributes for a named file.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
Parameters:
Path - the file system object (e.g. file or directory) whose attributes are to be modified. If thisobject does not exist, or the user does not have sufficient access to write the attributes, theserver will return an error.
Attributes - object, that specifies the modified attributes to be applied.
See AlsoOpenFileOpenDirectory
118
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.24.3.26 TScSFTPClient.SetAttributesByHandle
procedure SetAttributesByHandle(const Handle: TScSFTPFileHandle;Attributes: TScSFTPFileAttributes);
DescriptionCall the SetAttributesByHandle method to set the attributes for a named file.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
Parameters:
Handle - is a handle previously returned in the response to OpenFile or OpenDirectory.
Attributes - object, that specifies the modified attributes to be applied.
See AlsoOpenFileOpenDirectory
15.24.3.27 TScSFTPClient.TextSeek
function TextSeek(const Handle: TScSFTPFileHandle; LineNumber: Int64):Boolean;
DescriptionCall the TextSeek method to support seek on text file. If the NonBlocking property is False, the method returns True, if the requested line was found, andFalse, if the end of file was reached.If the NonBlocking property is True, then control is returned at once and you can learn the result of theoperation execution by handling the OnSuccess and OnE rror events.
Note: this request is not supported by all SFTP servers.
Parameters:
Handle - a handle returned by the OpenFile method.
LineNumber - the index of the line number to look for, where byte 0 in the file is the line number0, and the byte directly following the first newline sequence in the file is the line number 1 and soon.
15.24.3.28 TScSFTPClient.UnBlock
procedure UnBlock(const Handle: TScSFTPFileHandle; Offset, Count: Int64);
DescriptionCall the UnBlock method to remove a previously acquired byte-range lock on the specified handle.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
Note: This operation is supported starting with the version 6 of the SFTP protocol.
Parameters:
Handle - a handle on which a Block request has previously been.
Offset - the beginning of the byte-range to lock.
SecureBridge Components119
SecureBridge Components, Copyright © 2007-2009 Devart
Count - the number of bytes in the range to lock. The special value 0 means lock from Offset tothe end of the file.
15.24.3.29 TScSFTPClient.UploadFile
procedure UploadFile(const Source, Destination: string; Overwrite:Boolean);
DescriptionCall the UploadFile method to copy a file from the local machine to the remote one.To create a resulting file on the server with the required attributes (for example, the attributes shouldcorrespond to the ones that the local file has) process the OnSetRemoteFileAttributes event.If the NonBlocking property is set to True, then control is returned at once and you can learn the result ofthe operation execution by handling the OnSuccess and OnE rror events.
Parameters:
Source - holds the initial path to the file that is being copied.
Destination - holds the destination path to copy the file to.
Overwrite - specifies whether to overwrite the file with the same name if it exists.
See AlsoNonBlockingOnSetRemoteFileAttributesOnE rrorOnSuccess
15.24.3.30 TScSFTPClient.WriteFile
{$IFNDEF CLR}procedure WriteFile(const Handle: TScSFTPFileHandle; FileOffset: Int64;const Buffer; Count: Longint); overload;{$ENDIF}procedure WriteFile(const Handle: TScSFTPFileHandle; FileOffset: Int64;const Buffer: TBytes; Offset, Count: Longint); {$IFNDEF CLR}overload;{$ENDIF}
DescriptionCall the WriteFile method to write data to the remote file.If the server returns an error, the OnE rror event is generated.
Parameters:
Handle - a handle previously returned as a response to OpenFile.
FileOffset - the offset in bytes relative to the beginning of the file that the writing started at. Thisfield is ignored if TEXT MODE was specified during the opening.
Buffer - the sequence of bytes that should be written to the file.
Offset - the position in the buffer from which to start reading the data.
Count - the number of bytes to write.
See AlsoOpenFile
120
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.24.4 Events
15.24.4.1 TScSFTPClient.OnConnect
property OnConnect: TNotifyEvent;
DescriptionThe OnConnect event occurs before establishing secure logical connection through an SSH tunnel.
15.24.4.2 TScSFTPClient.OnCreateLocalFile
typeTScSFTPCreateLocalFileEvent = procedure(Sender: TObject; constLocalFileName, RemoteFileName: string; Attrs: TScSFTPFileAttributes; varHandle: {$IFDEF CLR}System.IO.Stream {$ELSE}THandle {$ENDIF})of object;
property OnCreateLocalFile: TScSFTPCreateLocalFileEvent;
DescriptionThe OnCreateLocalFile event occurs when copying a file from remote machine to the local during theDownloadFile method call. When processing this event, you should create a file and set requiredattributes for it. The handle of the created file should be specified in the Handle parameter.
Parameters:
LocalFileName - the local path to copy the file to.
RemoteFileName - the path to the file (that should be copied) on the server.
Attrs - the object that holds the attributes of the file that is being copied (the original file).
Handle - set the handle of the created file as a value of this variable.
See AlsoDownloadFile
15.24.4.3 TScSFTPClient.OnData
typeTScSFTPDataEvent = procedure(Sender: TObject; const FileName: string;const Handle: TScSFTPFileHandle; const Buffer: TBytes; Offset, Count:Integer; EOF: Boolean) of object;
property OnData: TScSFTPDataEvent;
DescriptionThe OnData event occurs when reading data from a remote file when executing the ReadFile method.This event may occur several times during one call of this method.
Parameters:
FileName - the name of the file from which the data is being read.
Handle - the file handle for the file that was sent to the ReadFile method.
Buffer - the buffer which holds the data read from the file. It can hold the nil value if EOF = True.
Offset - the position in the buffer that indicates the beginning of the written data.
Count - the amount of data received in bytes.
SecureBridge Components121
SecureBridge Components, Copyright © 2007-2009 Devart
EOF - indicates that the end of file was reached. If its value is True, the end of file was reached.Otherwise it was not reached.
See AlsoReadFile
15.24.4.4 TScSFTPClient.OnDirectoryList
typeTScSFTPDirectoryListEvent = procedure(Sender: TObject; const Path:string; const Handle: TScSFTPFileHandle; FileInfo: TScSFTPFileInfo; EOF:Boolean) of object;
property OnDirectoryList: TScSFTPDirectoryListEvent;
DescriptionThe OnDirectoryList event occurs when receiving directory listing during the ReadDirectory method call.This event is generated for every name of a file or directory that was received.
Parameters:
Path - the path from which the directory listing is retrieved.
Handle - a handle of this directory, that was sent to the ReadDirectory method.
FileInfo - the object that holds information on the file. Can be of the nil value if EOF = True.
EOF - determines if there are more files or directories in the specified directory. If its value isTrue, this file is the last file in this directory and it does not contain any other files. Otherwisethere are more files in the directory.
See AlsoTScSFTPFileInfoReadDirectory
15.24.4.5 TScSFTPClient.OnDisconnect
property OnDisconnect: TNotifyEvent;
DescriptionThe OnDisconnect event occurs after the logical connection through an SSH server is closed.
15.24.4.6 TScSFTPClient.OnError
typeTScSFTPErrorEvent = procedure(Sender: TObject; Operation:TScSFTPOperation; const FileName: string; const Handle:TScSFTPFileHandle; ErrorCode: integer; const ErrorMessage: string; varFail: Boolean) of object;
property OnError: TScSFTPErrorEven;
DescriptionThe OnE rror event occurs when the server returns an error when executing some operation.
Parameters:
Operation - determines during which operation the error occurred.
122
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
FileName - the name of the file or directory with which the operation was performed.
Handle - the handle of the file with which the operation was executed. May be of the nil value.
E rrorCode - holds the error code. To learn the error codes, refer to the EScSFTPE rror topic.
E rrorMessage - holds the readable description of the error.
Fail - if the NonBlocking property is False, then set the Fail parameter to False to prevent raisingan exception, and set this parameter to True to raise the EScSFTPE rror exception. if theNonBlocking property is True, this parameter is ignored.
See AlsoTScSFTPOperationEScSFTPE rror
15.24.4.7 TScSFTPClient.OnFileAttributes
typeTScSFTPFileAttributesEvent = procedure(Sender: TObject; const FileName:string; const Handle: TScSFTPFileHandle; FileAttributes:TScSFTPFileAttributes) of object;
property OnFileAttributes: TScSFTPFileAttributesEvent;
DescriptionThe OnFileAttributes event occurs when requesting file attributes during the RetrieveAttributes orRetrieveAttributesByHandle method call.
Parameters:
FileName - the name of the file for which attributes are returned.
Handle - a file handle for this file. This property is set only if the RetrieveAttributesByHandlemethod is called. Otherwise it has nil value.
FileAttributes - the object that holds the attributes of the requested file.
See AlsoTScSFTPFileAttributesRetrieveAttributesRetrieveAttributesByHandle
15.24.4.8 TScSFTPClient.OnFileName
typeTScSFTPFileNameEvent = procedure(Sender: TObject; const SrcFileName,DestFileName: string) of object;
property OnFileName: TScSFTPFileNameEvent;
DescriptionThe OnFileName event occurs during the call to the ReadSymbolicLink, RetrieveAbsolutePath , orQueryUserHomeDirectory method.If the ReadSymbolicLink method was called, the SrcFileName parameter holds the name of thesymbolic link, and the DestFileName parameter holds the target of this symbolic link.During the RetrieveAbsolutePath method call SrcFileName holds the original path and DestFileNameholds the absolute path.During the QueryUserHomeDirectory method call SrcFileName holds the specified user name, andDestFileName - home directory for this user name.
SecureBridge Components123
SecureBridge Components, Copyright © 2007-2009 Devart
See AlsoReadSymbolicLinkRetrieveAbsolutePathQueryUserHomeDirectory
15.24.4.9 TScSFTPClient.OnOpenFile
typeTScSFTPOpenFileEvent = procedure(Sender: TObject; const FileName:string; const Handle: TScSFTPFileHandle) of object;
property OnOpenFile: TScSFTPOpenFileEvent;
DescriptionThe OnOpenFile event occurs when opening file or directory when executing OpenFile or OpenDirectorymethods.
Parameters:
FileName - the name of the file or directory that is being opened.
Handle - the file handle that was received from the server for the file or directory that is beingopened. This handle may be used in other operations like ReadFile, WriteFile etc.
See AlsoOpenFileOpenDirectory
15.24.4.10 TScSFTPClient.OnReplyCheckFile
typeTScSFTPReplyCheckFileEvent = procedure(Sender: TObject; const FileName:string; const Handle: TScSFTPFileHandle; CheckFileReplyExtension:TScCheckFileReplyExtension) of object;
property OnReplyCheckFile: TScSFTPReplyCheckFileEvent;
DescriptionThe OnReplyCheckFile event occurs when requesting file check during the CheckFile orCheckFileByHandle method call.
Parameters:
FileName - the path to the file to check.
Handle - a file hanle for this file. This property is set only when calling the CheckFileByHandlemethod. Otherwise its value is nil.
CheckFileReplyExtension - the object that holds received computed hashes.
See AlsoTScCheckFileReplyExtensionCheckFileCheckFileByHandle
15.24.4.11 TScSFTPClient.OnReplyExtension
typeTScSFTPReplyExtensionEvent = procedure(Sender: TObject; const ExtName:
124
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
string; Extension: TScSFTPExtension) of object;
property OnReplyExtension: TScSFTPReplyExtensionEvent;
DescriptionThe OnReplyExtension event occurs when the server answers the extended request during the RequestExtension method call.
Parameters:
ExtName - holds the extension name as string.
Extension - the object to which the replied ddata is written.
See AlsoTScSFTPExtensionRequestExtension
15.24.4.12 TScSFTPClient.OnReplySpaceAvailable
typeTScSFTPReplySpaceAvailableEvent = procedure(Sender: TObject; const Path:string; SpaceAvailableReplyExtension: TScSpaceAvailableReplyExtension)of object;
property OnReplySpaceAvailable: TScSFTPReplySpaceAvailableEvent;
DescriptionThe OnReplySpaceAvailable event occurs when requesting available space for an arbitrary path duringthe QueryAvailableSpace method call.
Parameters:
Path - the path for which the available space was requested.
SpaceAvailableReplyExtension - the object that holds data about the available space.
See AlsoTScSpaceAvailableReplyExtension
15.24.4.13 TScSFTPClient.OnSetRemoteFileAttributes
typeTScSFTPSetRemoteFileAttributesEvent = procedure(Sender: TObject; constLocalFileName, RemoteFileName: string; Attrs: TScSFTPFileAttributes) ofobject;
property OnSetRemoteFileAttributes: TScSFTPSetRemoteFileAttributesEvent;
DescriptionThe OnSetRemoteFileAttributes event occurs when copying a file from local machine to remote duringthe UploadFile method call. On processing this event you can set the attributes for the remote file usingthe Attrs object.
Parameters:
LocalFileName - the path to the file that is being copied on the local machine.
RemoteFileName - The path on the server where the file will be copied.
Attrs - the object where the attributes of the file on the server should be specified (the attributes of
SecureBridge Components125
SecureBridge Components, Copyright © 2007-2009 Devart
the local file may be used).
See AlsoUploadFile
15.24.4.14 TScSFTPClient.OnSuccess
typeTScSFTPSuccessEvent = procedure(Sender: TObject; Operation:TScSFTPOperation; const FileName: string; const Handle:TScSFTPFileHandle; const Message: string) of object;
property OnSuccess: TScSFTPSuccessEvent;
DescriptionThe OnSuccess event occurs after successful execution of an operation that does not return any data(for example, RemoveFile ).
Parameters:
Operation - determines which operation was executed.
FileName - the name of the file or directory with which the operation was performed.
Handle - the handle handle of the file with which the operation was performed. May be of the nilvalue.
Message - holds the message about the result of the operation execution.
See AlsoTScSFTPOperation
15.24.4.15 TScSFTPClient.OnVersionSelect
type TScSFTPVersion = (vSFTP0, vSFTP1, vSFTP2, vSFTP3, vSFTP4, vSFTP5, vSFTP6)
;TScSFTPVersions = set of TScSFTPVersion;
typeTScSFTPVersionSelectEvent = procedure(Sender: TObject; const Versions:TScSFTPVersions; var Version: TScSFTPVersion) of object;
property OnVersionSelect: TScSFTPVersionSelectEvent;
DescriptionThe OnVersionSelect event occurs when establishing a connection to the SFTP server on calling the Initialize method. If the server supports higher versions, then it was specified during the initialization, itcan notify the client about this and OnVersionSelect will be initiated.
Parameters:
Versions - the set of SFTP protocols that are supported by the SFTP server.
Version - the version of the SFTP protocol that is used. If client wants to change this version, thevalue of this variable may be changed to one of the supported versions of the SFTP protocol.
See AlsoInitializeServerVersion
126
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
Version
SecureBridge Components127
SecureBridge Components, Copyright © 2007-2009 Devart
15.25 TScSFTPCustomExtension
15.25.1 Description
UnitScSFTPUtils
DescriptionThe TScSFTPCustomExtension class is a base abstract class for other SFTP protocol extensionsclasses like TScSFTPExtension, TScCheckFileReplyExtension, TScSFTPSupportedExtension etc. Extensions make it possible for clients to query the server for additional information which may not bewidely supported, but may be implemented by some servers.
See AlsoTScSFTPExtension
128
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.25.2 Properties
15.25.2.1 TScSFTPCustomExtension.Name
property Name: string;
DescriptionThe Name property holds the extension name.
SecureBridge Components129
SecureBridge Components, Copyright © 2007-2009 Devart
15.26 TScSFTPExtension
15.26.1 Description
UnitScSFTPUtils
DescriptionThe TScSFTPExtension class is used to implement users' extensions.
See AlsoTScSFTPCustomExtension
130
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.26.2 Properties
15.26.2.1 TScSFTPExtension.Data
property Data: TBytes read FData write SetData;
DescriptionThe Data property holds the extension data defined by the specific extension.
SecureBridge Components131
SecureBridge Components, Copyright © 2007-2009 Devart
15.27 TScSFTPFileAttributes
15.27.1 Description
UnitScSFTPClient
DescriptionThe TScSFTPFileAttributes class is defined for encoding file attributes. The same encoding is used bothwhen returning file attributes from the server and when sending file attributes to the server. Whensending it to the server, the properties specify which attributes are included, and the server will use thedefault values for the remaining attributes (or will not modify the values of remaining attributes). Whenreceiving attributes from the server, the properties specify which attributes are included in the returneddata. The server normally returns all attributes it knows about.
The ValidAttributes property specifies the attributes values with meaning.
132
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.27.2 Properties
15.27.2.1 TScSFTPFileAttributes.AccessTime
property AccessTime: TDateTime;
DescriptionThe AccessTime property contains the time of the last access to the file. Many operating systems eitherdon't have this field, only optionally maintain it, or maintain it with less resolution than other fields.This time is presented in the UTC time scale.
See AlsoValidAttributes
15.27.2.2 TScSFTPFileAttributes.ACEs
property ACEs: TScCollection;
DescriptionACL (Access Control List) is a list of attributes. The ACEs property holds a set of TScSFTPACE Itemobjects.
Note: This property is supported starting with version 4 of the SFTP protocol.
See AlsoValidAttributes
15.27.2.3 TScSFTPFileAttributes.AclFlags
typeTScSFTPAclFlag = (aclControlIncluded, aclControlPresent,aclControlInherited, aclAuditAlarmIncluded,aclAuditAlarmInherited);TScSFTPAclFlags = set of TScSFTPAclFlag;
property AclFlags: TScSFTPAclFlags;
DescriptionThe AclFlags property holds the NFS Access Control attributes.
Note: This property is supported starting with version 6 of the SFTP protocol.
Value MeaningaclControlIncluded if this flag is set when creating file attributes, then the client intends to
modify the ALLOWED/DENIED entries of the property ACEs. Otherwise,the client intends for these entries to be preserved.
aclControlPresent if this flag is not set, then the client wishes to remove control entries. If
the flag is clear, then control of the file may be through the permissionsmask. The server may also grant full access to the file. If both the aclControlIncluded and the aclControlPresent flags are set,but they are not ALLOW/DENY entries in the property ACEs, the clientwishes to deny all access to the file or directory.
aclControlInherited if this flag is set, then ALLOW/DENY ACEs may be inherited from the
parent directory. If it is off, then they must not be INHERITED. If theserver does not support controlling inheritance, then the client must
SecureBridge Components133
SecureBridge Components, Copyright © 2007-2009 Devart
clear this bit; in this case the inheritance properties of the server areundefined.
aclAuditAlarmIncluded If flag is set when creating file attributes, then the client intends to
modify the AUDIT/ALARM entries of the ACEs. Otherwise, the clientintends for these entries to be preserved.
aclAuditAlarmInherited If flag is set, then AUDIT/ALARM ACEs may be inherited from the parent
directory. If it is off, then they must not be INHERITED. If the server doesnot support controlling inheritance, then the client must clear this bit; inthis case the inheritance properties of the server are undefined.
See AlsoValidAttributes
15.27.2.4 TScSFTPFileAttributes.AllocationSize
property AllocationSize: Int64;
DescriptionUse the AllocationSize property to specify thi file size on disk (in bytes). If this property is set when thefile is created, the file is created and the specified number of bytes is pre-allocated. If pre-allocationprocess fails, the file can be removed (if it was created), and an error will be arised. If the property is setwhen creating file attributes, the file can be extended or truncated to the specified size. The Sizeproperty may be affected by this operation.
Note: This property is supported starting with version 6 of the SFTP protocol.
See AlsoValidAttributes
15.27.2.5 TScSFTPFileAttributes.Attrs
typeTScSFTPFileAttr = (faReadonly, faSystem, faHidden, faCaseInsensitive,faArchive, faEncrypted, faCompressed, faSparse, faAppendOnly, faImmutable,faSync, faTranslationError);TScSFTPFileAttrs = set of TScSFTPFileAttr;
property Attrs: TScSFTPFileAttrs;
DescriptionThese flags reflect various attributes of the file or directory on the server.
Note: This property is supported starting with version 5 of the SFTP protocol.
Value MeaningfaReadonly advisory, read-only bit. This bit is not a part of the access control
information on the file, but is rather an advisory field indicating that thefile should not be written.
faSystem the file is a part of the operating system.
faHidden file should not be shown to user unless specifically requested. For
example, most UNIX systems should set this bit if the filename beginswith a 'period'. This bit may be read-only. Most UNIX systems will notallow this to be changed.
134
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
faCaseInsensitive this attribute applies only to directories. This attribute is always read-
only, and cannot be modified. This attribute means that files anddirectory names in this directory should be compared without regard tocase. Unless otherwise specified, filenames are assumed to be casesensitive.
faArchive the file should be included in backup/archive operations.
faEncrypted the file is stored on disk using file-system level transparent encryption.
This flag does not affect the file data on the wire (for either READ orWRITE requests.)
faCompressed the file is stored on disk using file-system level transparent
compression. This flag does not affect the file data on the wire.faSparse the file is a sparse file; this means that file blocks that have not been
explicitly written are not stored on disk. For example, if a client writes abuffer at 10 M from the beginning of the file, the blocks between theprevious EOF marker and the 10 M offset would not consume physicaldisk space.
Some servers may store all files as sparse files, in which case this bitwill be unconditionally set. Other servers may not have a mechanism fordetermining if the file is sparse, and so the file MAY be stored sparseeven if this flag is not set.
faAppendOnly opening the file without either the ofAppendData or the
ofAppendDataAtomic flag (TScSFTPClient.OpenFile) must result in anSSH_FX_INVALID_PARAMETER error.
faImmutable the file cannot be deleted or renamed, no hard link can be created to this
file, and no data can be written to the file. This bit implies a stronger level of protection than aReadonly, the file
permission mask, or ACLs. Typically even the superuser cannot write toimmutable files, and only the superuser can set or remove the bit.
faSync When the file is modified, the changes are written synchronously to the
disk.faTranslationError The server may include this bit in a directory listing or realpath response.
It indicates that there was a failure in the translation to UTF-8. If this flagis included, the server should also include the UntranslatedNameproperty.
See AlsoTScSFTPClient.OpenFileValidAttributes
15.27.2.6 TScSFTPFileAttributes.ChangeAttrTime
property ChangeAttrTime: TDateTime;
DescriptionThe ChangeAttrTime property contains the time of the last attribute modification. The exact meaning ofthis field depends on the server.This time is presented in the UTC time scale.
Note: This property is supported starting with version 4 of the SFTP protocol.
See AlsoValidAttributes
SecureBridge Components135
SecureBridge Components, Copyright © 2007-2009 Devart
15.27.2.7 TScSFTPFileAttributes.CreateTime
property CreateTime: TDateTime;
DescriptionThe CreateTime property contains the time when the file was created.This time is presented in the UTC time scale.
Note: This property is supported starting with version 4 of the SFTP protocol.
See AlsoValidAttributes
15.27.2.8 TScSFTPFileAttributes.ExtendedAttributes
property ExtendedAttributes: TObjectList;
DescriptionThe ExtendedAttributes holds the list of the TScSFTPExtension objects that are extended attributes.Additional fields can be added to the file attributes by defining extended attributes for them.
See AlsoValidAttributes
15.27.2.9 TScSFTPFileAttributes.FileType
typeTScSFTPFileType = (ftFile, ftDirectory, ftSymlink, ftSpecial, ftUnknown,ftSocket, ftCharDevice, ftBlockDevice, ftFifo);
property FileType: TScSFTPFileType;
DescriptionThe FileType property holds the file type.
Note: this option is supported starting with version 4 of the SFTP protocol.
Value MeaningftFile the type of the file is File
ftDirectory the type of the file is Directory
ftSymlink the type of the file is symbolic link
ftSpecial this value is used for files that are of a known type which cannot be
expressed in the protocolftUnknown this value is used if the type is unknown
ftSocket the type of the file is Socket
ftCharDevice the type of the file is Char device
ftBlockDevice the type of the file is Block device
ftFifo the type of the file is Fifo
See AlsoValidAttributes
136
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.27.2.10 TScSFTPFileAttributes.GID
property GID: integer;
DescriptionThe GID property contains numeric Unix-like group identifier for a file.
Note: This property is supported only with the version 3 of the SFTP protocol.
See AlsoValidAttributes
15.27.2.11 TScSFTPFileAttributes.Group
property Group: string;
DescriptionThe Group property holds the name of the group to which the file belongs. The string should be of the form "user@dns_domain". This will allow a client and server that do not usethe same local representation to translate to common syntax that can be interpreted by both. In thecase when no translation is possible for the client or server, the attribute value must be constructedwithout "@".
Note: This property is supported starting with version 4 of the SFTP protocol.
See AlsoValidAttributes
15.27.2.12 TScSFTPFileAttributes.LinkCount
property LinkCount: integer;
DescriptionThe LinkCount property contains the hard link count of the file. This property should not be set whencreating file attributes.
Note: This property is supported starting with version 6 of the SFTP protocol.
See AlsoValidAttributes
15.27.2.13 TScSFTPFileAttributes.MimeType
property MimeType: string;
DescriptionThe MimeType property contains the mime-type [RFC1521] string. Most servers will not know thisinformation and will not set the flag in their TScSFTPSupportedExtension.SupportedAttributes property.
Note: This property is supported starting with version 6 of the SFTP protocol.
See AlsoSupportedAttributesValidAttributes
SecureBridge Components137
SecureBridge Components, Copyright © 2007-2009 Devart
15.27.2.14 TScSFTPFileAttributes.ModifyTime
property ModifyTime: TDateTime;
DescriptionThe ModifyTime property contains the last of the last file modification.This time is presented in the UTC time scale.
See AlsoValidAttributes
15.27.2.15 TScSFTPFileAttributes.Owner
property Owner: string;
DescriptionThe Owner property holds the name of the file owner. The string should be of the form "user@dns_domain". This will allow a client and server that do not usethe same local representation to translate to a common syntax that can be interpreted by both. In thecase when no translation available to the client or server, the attribute value must be constructed without"@".
Note: This property is supported starting with version 4 of the SFTP protocol.
See AlsoValidAttributes
15.27.2.16 TScSFTPFileAttributes.Permissions
typeTScSFTPFilePermission = (pR_USR, pW_USR, pX_USR, pR_GRP, pW_GRP, pX_GRP,pR_OTH, pW_OTH, pX_OTH, pS_UID, pS_GID, pS_VTX);TScSFTPFilePermissions = set of TScSFTPFilePermission;
property Permissions: TScSFTPFilePermissions;
DescriptionThe Permissions property contains the flags specifying file permissions. These permissions correspondto the st_mode field of the stat structure defined by POSIX [IE EE .1003-1.1996].
Value MeaningpR_USR specifies the owner's read access right for the file.
pW_USR specifies the owner's write access right for the file.
pX_USR specifies the owner's execute access right for the file.
pR_GRP specifies the group read access right for a file.
pW_GRP specifies the group write access right for a file.
pX_GRP specifies the group execute access right for a file.
pR_OTH specifies the read access right for a file for the user who is not its owner
and doesn't belong to the same group as the file.pW_OTH specifies the write access right for a file for the user who is not its owner
and doesn't belong to the same group as the file.pX_OTH specifies the execute access right for a file for the user who is not its
owner and doesn't belong to the same group as the file.
138
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
pS_UID specifies if the file will be executed with the rights of its owner.
pS_GID specifies if the file will be executed with the rights of the group.
pS_VTX set this flag on directory in order to allow files renaming and deleting to
their owners only. Usage is now obsolete and the sticky bit is ignored onfiles.
See AlsoValidAttributes
15.27.2.17 TScSFTPFileAttributes.Size
property Size: Int64;
DescriptionUse the Size property to specify the number of bytes that can be read from the file, or in other words,the location of the end-of-file. This property should not be set while creating a file. If this property is setwhen creating file attributes, the file can be extended or truncated to the specified size.
See AlsoValidAttributes
15.27.2.18 TScSFTPFileAttributes.TextHint
typeTScSFTPTextHint = (thKnownText, thGuessedText, thKnownBinary,thGuessedBinary);
property TextHint: TScSFTPTextHint;
DescriptionThe value of the TextHint property can be one of the following set, and it indicates what information doesthe server have about the file content.This property should not be set when creating file attributes.
Note: This property is supported starting with version 6 of the SFTP protocol.
Value MeaningthKnownText the server knows that the file is a text file, and it will be opened using
the ofTextMode flag.thGuessedText the server will apply a hueristic or other mechanism and after that the
file will be opened with the ofTextMode flag.thKnownBinary the server knows that the file has binary content.
thGuessedBinary the server will apply a hueristic or other mechanism and believes has
binary content, and after that file will not be opened with the ofTextModeflag.
See AlsoValidAttributes
15.27.2.19 TScSFTPFileAttributes.UID
property UID: integer;
Description
SecureBridge Components139
SecureBridge Components, Copyright © 2007-2009 Devart
The UID property contains numeric Unix-like user identifiers for a file.
Note: This property is supported only with the version 3 of the SFTP protocol.
See AlsoValidAttributes
15.27.2.20 TScSFTPFileAttributes.UntranslatedName
property UntranslatedName: string;
DescriptionThe UntranslatedName property contains the name of the file before its translation was attempted. Itshould not be included unless the faTranslationE rror flag in the Attrs property is set on the server side.
Note: This property is supported starting with version 6 of the SFTP protocol.
See AlsoAttrsValidAttributes
15.27.2.21 TScSFTPFileAttributes.ValidAttributes
typeTScSFTPAttribute = (aSize, aAllocationSize, aOwnerGroup, aPermissions,aAccessTime, aCreateTime, aModifyTime, aChangeAttrTime, aSubsecondTimes,aAcl, aAttrs, aTextHint, aMimeType, aLinkCount, aUntranslatedName,aExtended);TScSFTPAttributes = set of TScSFTPAttribute;
property ValidAttributes: TScSFTPAttributes;
DescriptionUse the ValidAttributes property to define the file attributes that have meaning. While receiving attributesfrom the server when a flag for the required property was set, this value was received from the server. Ifthe flag is not set, the value of the property can be set to any value.When sending attributes to the server, only properties with the corresponding flag are sent. Otherproperties are ignored.
Value MeaningaSize the Size property is set;
aAllocationSize the AllocationSize prperty is set;
aOwnerGroup the GID, UID, Group and Owner properties are set;
aPermissions the Permissions property is set;
aAccessTime the AccessTime property is set;
aCreateTime the CreateTime property is set;
aModifyTime the ModifyTime property is set;
aChangeAttrTime the ChangeAttrTime property is set;
aSubsecondTimes the nseconds is to be added to the seconds AccessTime, CreateTime,
ModifyTime, ChangeAttrTime fields for the final time representation. aAcl the AclFlags и ACEs are set;
aAttrs the Attrs property is set;
aTextHint the TextHint property is set;
140
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
aMimeType the M imeType property is set;
aLinkCount the LinkCount property is set;
aUntranslatedName the UntranslatedName property is set;
aExtended the ExtendedAttributes property is set;
SecureBridge Components141
SecureBridge Components, Copyright © 2007-2009 Devart
15.28 TScSFTPFileInfo
15.28.1 Description
UnitScSFTPUtils
DescriptionThe TScSFTPFileInfo class holds the file information that is returned by server after the TScSFTPClient.ReadDirectory command was called.
See alsoTScSFTPClient.ReadDirectory
142
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.28.2 Properties
15.28.2.1 TScSFTPFileInfo.Attributes
property Attributes: TScSFTPFileAttributes;
DescriptionThe Attributes property holds the attributes of the file or directory.
See alsoTScSFTPFileAttributes
15.28.2.2 TScSFTPFileInfo.Filename
property Filename: string;
DescriptionThe Filename property holds the name of the file.
15.28.2.3 TScSFTPFileInfo.Longname
property Longname: string;
DescriptionThe Longname property holds an expanded format for the file name, similar to the one returned by "ls -l"on Unix systems.
Note: Is set only by version 3 of the SFTP protocol.
SecureBridge Components143
SecureBridge Components, Copyright © 2007-2009 Devart
15.29 TScSFTPServerProperties
15.29.1 Description
UnitScSFTPClient
DescriptionThe TScSFTPServerProperties class holds detailed information about the SFTP server that server cansend when establishing a connection. This class consists of the pairs of properties. One property holdsinformation about the specific extension, and the other is a boolean property that specifies if thisproperty was received from the server. For example:
property FilenameCharset: string;property FilenameCharsetAvailable: boolean;
If the FilenameCharsetAvailable property is True, then the value of the FilenameCharset property may beused. Otherwise FilenameCharset is not initialized.
144
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.29.2 Properties
15.29.2.1 TScSFTPServerProperties.FilenameCharset
property FilenameCharset: string;
DescriptionThe FilenameCharset property contains the charset of file names used by server. If server sends information about filename charset, then filenames can be received in the specifiedencoding. If the server does not send this information, then the names of files will be converted and willbe received in the UTF-8 encoding. If the server sent the filename charset and you want to receive data inthe specified encoding, you should send TScFilenameTranslationControlExtension with the DoTranslateproperty set to False. If you need to receive data in the UTF-8 encoding, you may sendTScFilenameTranslationControlExtension with the DoTranslate property set to True. To check if the information about filename charset was received from the server use the FilenameCharsetAvailable property.
See AlsoTScFilenameTranslationControlExtensionDoTranslateFilenameCharsetAvailable
15.29.2.2 TScSFTPServerProperties.FilenameCharsetAvailable
property FilenameCharsetAvailable: boolean;
DescriptionUse the FilenameCharsetAvailable property to check if the information about filename charset wasreceived from the server.If FilenameCharsetAvailable is True, then the FilenameCharset property was set by the server. OtherwiseFilenameCharset is not initialized.
See AlsoFilenameCharset
15.29.2.3 TScSFTPServerProperties.Newline
property Newline: string;
DescriptionThe Newline property contains newline sequences used on the server. Newline sequences are used inorder to process text files in a cross platform compatible way correctly.To check if data about newline sequences was received from the server, use the NewlineAvailableproperty.
See AlsoNewlineAvailable
15.29.2.4 TScSFTPServerProperties.NewlineAvailable
property NewlineAvailable: boolean;
DescriptionUse the NewlineAvailable property to check if information about newline sequences was received from
SecureBridge Components145
SecureBridge Components, Copyright © 2007-2009 Devart
the server.If the NewlineAvailable is True, then the Newline property is set by the serverу. Otherwise Newline is notinitialized.
See AlsoNewline
15.29.2.5 TScSFTPServerProperties.SupportedAcls
property SupportedAcls: TScSFTPSupportedAclExtension;
DescriptionThe SupportedAcls property holds the supported by server capabilities of the ACL attribute.To check if this extension was receied from the server use the SupportedAclsAvailable property.
See AlsoSupportedAclsAvailable
15.29.2.6 TScSFTPServerProperties.SupportedAclsAvailable
property SupportedAclsAvailable: boolean;
DescriptionUse the SupportedAclsAvailable property to check if the information about supported capabilities of theACL attribute was received from the server. If the SupportedAclsAvailable property is True, then the SupportedAcls property is set by the server. Otherwise SupportedAcls is not initialized.
See AlsoSupportedAcls
15.29.2.7 TScSFTPServerProperties.SupportedExtension
property SupportedExtension: TScSFTPSupportedExtension;
DescriptionThe SupportedExtension contains features supported by server.
To check if this extension was received from the server, use the SupportedExtensionAvailable property.
See AlsoSupportedExtensionAvailable
15.29.2.8 TScSFTPServerProperties.SupportedExtensionAvailable
property SupportedExtensionAvailable: boolean;
DescriptionUse the SupportedExtensionAvailable property to check if the information about supported features wasreceived from the server.If the SupportedExtensionAvailable property is True, then the SupportedExtension property was set bythe server. Otherwise SupportedExtension is not initialized.
See AlsoSupportedExtension
146
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.29.2.9 TScSFTPServerProperties.Vendor
property Vendor: TScSFTPVendorExtension;
DescriptionThe Vendor property holds detailed information about the version and build of the SFTP server. To checkif this extension was received from the server use the VendorAvailable property.
See AlsoVendorAvailable
15.29.2.10 TScSFTPServerProperties.VendorAvailable
property VendorAvailable: boolean;
DescriptionUse the VendorAvailable property to check if the Vendor extension was received from the server. If theVendorAvailable property is True, then the Vendor property is set by the server. Otherwise Vendor is notinitialized.
See AlsoVendor
15.29.2.11 TScSFTPServerProperties.Versions
property Versions: TScSFTPVersionsExtension;
DescriptionThe Versions property contains a list of the SFTP protocol versions supported by the server. To check ifthis information was received from the server use the VersionsAvailable property.
See AlsoVersionsAvailable
15.29.2.12 TScSFTPServerProperties.VersionsAvailable
property VersionsAvailable: boolean;
DescriptionUse the VersionsAvailable property to check if the list of the supported SFTP protocol versions wasreceived from the server. If the VersionsAvailable property is True, then the Versions property was setby the server. Otherwise the Versions property is not initialized.
See AlsoVersions
SecureBridge Components147
SecureBridge Components, Copyright © 2007-2009 Devart
15.30 TScSFTPSupportedAclExtension
15.30.1 Description
UnitScSFTPClient
DescriptionThe TScSFTPSupportedAclExtension class holds the capabilities of the ACL attribute supported by theserver. The server sends this extension during the connection initialization.
Note: Is supported starting with the version 6 of the SFTP protocol.
See AlsoTScSFTPServerProperties.SupportedAcls
148
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.30.2 Properties
15.30.2.1 TScSFTPSupportedAclExtension.SupportedAcls
type TScSFTPSupportedAcl = (saAllow, saDeny, saAudit, saAlarm,saInheritAccess, saInheritAuditAlarm);TScSFTPSupportedAcls = set of TScSFTPSupportedAcl;
property SupportedAcls: TScSFTPSupportedAcls;
DescriptionThe SupportedAcls property holds a set of the supported capabilities of the ACL attribute.
Value Meaning
saAllow The server supports the associated ACL ACE type;
saDeny The server supports the associated ACL ACE type;
saAudit The server supports the associated ACL ACE type;
saAlarm The server supports the associated ACL ACE type;
saInheritAccess The server can control whether an ACL will inherit DENY and ALLOW
ACEs that are marked as inheritable from it's parent object;saInheritAuditAlarm The server can control whether an ACL will inherit AUDIT or ALARM
ACEs that are marked inheritable from it's parent object.
SecureBridge Components149
SecureBridge Components, Copyright © 2007-2009 Devart
15.31 TScSFTPSupportedExtension
15.31.1 Description
UnitScSFTPUtils
DescriptionNow SFTP protocol supports a number of features that may not be supported by all servers. When aserver receives a request for a feature it does not support, it returns 'UNSUPPORTED' error status code,unless otherwise specified. The TScSFTPSupportedExtension class facilitates clients that are able touse the maximum available feature set, and yet not be overburdened by dealing with the error statuscodes.
Server sends this extension during the connection initialization. When client executes some command,it checks if this operation and its attributes are supported. In case server does not support this operationor its attributes, it generates an exception or uses a mask for the attributes depending on the value ofthe RaiseE rror property.
Note: Is supported since the version 5 of the SFTP protocol.
See AlsoTScSFTPServerProperties.SupportedExtension
150
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.31.2 Properties
15.31.2.1 TScSFTPSupportedExtension.MaxReadSize
property MaxReadSize: Integer;
DescriptionThe MaxReadSize property holds the maximum read size that the server guarantees to complete. Forexample, certain server implementations complete only the first 4K of a read, even if there is additionaldata to be read from the file.
15.31.2.2 TScSFTPSupportedExtension.RaiseError
property RaiseError: Boolean;
DescriptionIf the RaiseE rror property is set to True, an error is raised when attempting to execute an invalidcommand or attributes. In this case the command is not sent to the server.
If False, then a mask is applied to the attributes (if possible) and the command is sent to the server. Inthis case, if the server does not support the command, it will return an error message.
The default value is True.
15.31.2.3 TScSFTPSupportedExtension.SupportedAccessMask
property SupportedAccessMask: TScSFTPAceMask;
DescriptionUse the SupportedAccessmask property to specify the supported access flags on file opening using TScSFTPClient.OpenFile.
See AlsoTScSFTPClient.OpenFile
15.31.2.4 TScSFTPSupportedExtension.SupportedAttribExtensionNames
property SupportedAttribExtensionNames: TStringList;
DescriptionThe SupportedAttribExtensionNames property holds the list of extension names that can be used inTScSFTPFileAttributes.ExtendedAttributes.
15.31.2.5 TScSFTPSupportedExtension.SupportedAttributeBits
property SupportedAttributeBits: TScSFTPFileAttrs;
DescriptionUse the SupportedAttributeBits property to specify the file attributes (supported by the server) usage inTScSFTPFileAttributes.Attrs.
15.31.2.6 TScSFTPSupportedExtension.SupportedAttributes
property SupportedAttributes: TScSFTPAttributes;
SecureBridge Components151
SecureBridge Components, Copyright © 2007-2009 Devart
DescriptionUse the SupportedAttributes property to specify the attributes (supported by the server) ofTScSFTPFileAttributes.
See AlsoValidAttributes
15.31.2.7 TScSFTPSupportedExtension.SupportedBlockModes
property SupportedBlockModes: TScSFTPBlockModes;
DescriptionUse the SupportedBlockModes property to pass the supported block modes as one of the supportedparameters to the TScSFTPClient.OpenFile method on file opening.
See AlsoTScSFTPClient.OpenFile
15.31.2.8 TScSFTPSupportedExtension.SupportedExtensionNames
property SupportedExtensionNames: TStringList;
DescriptionThe SupportedExtensionNames property holds the list of extension that can be used in the TScSFTPClient.RequestExtension method.
See AlsoTScSFTPClient.RequestExtension
15.31.2.9 TScSFTPSupportedExtension.SupportedOpenFlags
property SupportedOpenFlags: TScSFTPFileOpenFlags;
DescriptionUse the SupportedOpenFlags property to specify the supported file open flags used in TScSFTPClient.OpenFile.
See AlsoTScSFTPClient.OpenFile
152
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.31.3 Methods
15.31.3.1 TScSFTPSupportedExtension.IsSupportedBlockSet
function IsSupportedBlockSet(const BlockModes: TScSFTPBlockModes): boolean;
DescriptionCall the IsSupportedBlockSet method to check if the specified block modes set is supported by SFTPserver on file opening. If the mode is supported, it returns True. False otherwise.
See AlsoOpenFile
15.31.3.2 TScSFTPSupportedExtension.IsSupportedOpenBlockSet
function IsSupportedOpenBlockSet(const BlockModes: TScSFTPBlockModes):boolean;
DescriptionCall the IsSupportedOpenBlockSet to check if the specified block modes set is supported by SFTPserver on requesting to block a file. If the mode is supported, it returns True. False otherwise.
See AlsoBlock
SecureBridge Components153
SecureBridge Components, Copyright © 2007-2009 Devart
15.32 TScSFTPVendorExtension
15.32.1 Description
UnitScSFTPUtils
Description It is often necessary to detect the version of the server to workaround bugs. This extension allows theclient to do so. Server sends this extension during the connection initialization. See AlsoVendor
154
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.32.2 Properties
15.32.2.1 TScSFTPVendorExtension.ProductBuildNumber
property ProductBuildNumber: Int64;
DescriptionThe ProductBuildNumber property holds the build-number for the product. So, if a bug is fixed in thebuild-number 'x', it can be assumed that (barring regression in the product) it is fixed in all build-numbersafter 'x'.
15.32.2.2 TScSFTPVendorExtension.ProductName
property ProductName: string;
DescriptionThe ProductName property holds an arbitrary name identifying the product.
15.32.2.3 TScSFTPVendorExtension.ProductVersion
property ProductVersion: string;
DescriptionThe ProductVersion property holds an arbitrary string identifying the version of the product.
15.32.2.4 TScSFTPVendorExtension.VendorName
property VendorName: string;
DescriptionThe VendorName property holds an arbitrary name identifying the product vendor.
SecureBridge Components155
SecureBridge Components, Copyright © 2007-2009 Devart
15.33 TScSFTPVersionsExtension
15.33.1 Description
UnitScSFTPClient
DescriptionIf the server supports any other versions besides the one that was sent by client during negotiation, itmay send this extension to inform the client of this fact. In this case the client may choose which of thesupported versions to use.
Server sends this extension during the connection initialization. See AlsoVersions
156
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.33.2 Properties
15.33.2.1 TScSFTPVersionsExtension.AsString
property AsString: string;
DescriptionThe AsString property holds a string of version numbers separated by commas. The defined versionsare: "2", "3", "4", "5", "6". Any other version advertised by the server should follow the DNS extensibilitynaming convention outlined in [I-D.ietf-secsh-architecture]. For example: "2,3,6,[email protected]".
15.33.2.2 TScSFTPVersionsExtension.Versions
type TScSFTPVersion = (vSFTP0, vSFTP1, vSFTP2, vSFTP3, vSFTP4, vSFTP5, vSFTP6)
;TScSFTPVersions = set of TScSFTPVersion;
property Versions: TScSFTPVersions;
DescriptionThe Versions property is an unparsed set of versions that are supported by the server. The AsStringproperty holds this set as a string of version numbers separated by commas.
SecureBridge Components157
SecureBridge Components, Copyright © 2007-2009 Devart
15.34 TScSpaceAvailableReplyExtension
15.34.1 Description
UnitScSFTPUtils
DescriptionThe TScSpaceAvailableReplyExtension class holds the answer of the SFTP server on the request of the QueryAvailableSpace extension.
See AlsoQueryAvailableSpace
158
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.34.2 Properties
15.34.2.1 TScSpaceAvailableReplyExtension.BytesAvailableToUser
property BytesAvailableToUser: Int64;
DescriptionThe BytesAvailableToUser property holds the total number of bytes, both used and unused, available tothe authenticated user on the device. Holds 0 if this number is unknown.
15.34.2.2 TScSpaceAvailableReplyExtension.BytesOnDevice
property BytesOnDevice: Int64;
DescriptionThe BytesOnDevice property holds the total number of bytes on the device, both used and unused. Is 0 ifthe total number of bytes is unknown.
15.34.2.3 TScSpaceAvailableReplyExtension.BytesPerAllocationUnit
property BytesPerAllocationUnit: Int64;
DescriptionThe BytesPerAllocationUnit property holds the number of bytes in each allocation unit on the device, orin other words, the minimum number of bytes that a file allocation size can grow or shrink by. If theserver does not know this information, or the file-system in use does not use allocation blocks, this valuemust be 0.
15.34.2.4 TScSpaceAvailableReplyExtension.UnusedBytesAvailableToUser
property UnusedBytesAvailableToUser: Int64;
DescriptionThe UnusedBytesAvailableToUser property holds the total number of unused bytes available to theauthenticated user on the device. Holds 0 if the number is unknown.
15.34.2.5 TScSpaceAvailableReplyExtension.UnusedBytesOnDevice
property UnusedBytesOnDevice: Int64;
DescriptionThe UnusedBytesOnDevice property holds the total number of unused bytes available on the device.Holds 0 if the number unknown.
SecureBridge Components159
SecureBridge Components, Copyright © 2007-2009 Devart
15.35 TScSSHChannel
15.35.1 Description
UnitScSSHChannel
DescriptionTScSSHChannel is the component that creates logical connection via an SSH tunnel and gives aninterface for data exchange. Physically the secure connection is provided by an SSH client that can beassigned to the Client property.
When setting the Direct property to True, a connection to specified DestHost and DestPort via securechannel is established. To exchange data, you should use the ReadBuffer and WriteBuffer functions.
If the Direct property is not set, the component lets you forwarding data from one machine to another
through an encrypted SSH tunnel. In this case the component is listening the SourcePort on the local orremote host (depending on the Remote property) and forwards received data to specified DestHost andDestPort.
See AlsoConnectedTScSSHClientStep-by-step tutorialSSH-tunnel principles
160
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.35.2 Properties
15.35.2.1 TScSSHChannel.Connected
property Connected: Boolean;
DescriptionIf the Direct property is set to True, Connected determines whether the connection to the specifiedDestHost is established. Otherwise, it determines whether the port forwarding is running.If Direct is False, and you are setting Connected to True, the component starts listening SourcePort onthe local or remote host (on which the SSH server is located) depending on the Remote property value. Ifsomeone is connected to this port, the logical connection to the specified DestHost and DestPort isestablished. When setting Connected to False, all open channels are closed and the listener thread is terminatedand freed.
Note: To establish a connection, it is required to set the Client property with a component that providessecure physical connection to the SSH server. After the connection is established, the information willbe transferred through the secure channel.
See AlsoGatewayPorts
15.35.2.2 TScSSHChannel.DestHost
property DestHost: string;
DescriptionA host name to which the connection will be established.
See AlsoDestPortConnected
15.35.2.3 TScSSHChannel.DestPort
property DestPort: integer;
DescriptionUse DestPort to specify the port number on DestHost for TCP/IP connection.
See AlsoDestHostConnected
15.35.2.4 TScSSHChannel.Direct
property Direct: Boolean;
DescriptionIt Direct is True, the direct connection to the specified DestHost and DestPort will be created. Otherwisethe component will forward data from one machine to another through an encrypted SSH channel.
SecureBridge Components161
SecureBridge Components, Copyright © 2007-2009 Devart
See AlsoConnected
15.35.2.5 TScSSHChannel.GatewayPorts
property GatewayPorts: Boolean;
DescriptionSpecifies whether remote hosts are allowed to connect to forwarded SourcePort. If GatewayPorts isFalse (default value), remote hosts are not allowed to connect to forwarded ports.
15.35.2.6 TScSSHChannel.InCount
property InCount: integer;
DescriptionDetermines data size received from the server. This data can be obtained using the ReadBuffer method.
Note: This property has sense only if the Direct and NonBlocking properties are set to True.
See AlsoDirectNonBlockingReadBuffer
15.35.2.7 TScSSHChannel.NonBlocking
property NonBlocking: Boolean;
DescriptionUse this property to determine what data transferring mode will be used: synchronous or asynchronous.If NonBlocking is True, the WriteBuffer method will not block the execution of other code in theapplication. The data is transferred in asynchronous mode. When data is received from the server, the OnAsyncReceive event arises.
Note: This property has sense only if the Direct property is set to True.
See AlsoInCountOutCountOnAsyncReceiveOnAsyncE rrorReadBufferWriteBuffer
15.35.2.8 TScSSHChannel.OutCount
property OutCount: Integer;
DescriptionDetermines data size that is waiting for sending to the server.
162
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
Note: This property has sense only if the Direct and NonBlocking properties are set to True.
See AlsoNonBlockingWriteBuffer
15.35.2.9 TScSSHChannel.Remote
property Remote: Boolean;
DescriptionDetermines on which side the SourcePort will be listened when port forwarding. If this property is False,port on the localhost will be listened, if Remote is True - port on the remote host (on which the SSHserver is located) will be listened.
Note: This property has sense only if the Direct property is set to False.
See AlsoConnected
15.35.2.10 TScSSHChannel.SourcePort
property SourcePort: integer;
DescriptionUse the SourcePort property to specify the port number that will be listened on the local or remote hostfor port forwarding.
See AlsoConnectedGatewayPorts
15.35.2.11 TScSSHChannel.SSHStream
property SSHStream: TScSSHStream;
DescriptionUse SSHStream to access the object that lets working with an SSH channel through the Streaminterface.
SecureBridge Components163
SecureBridge Components, Copyright © 2007-2009 Devart
15.35.3 Methods
15.35.3.1 TScSSHChannel.ReadBuf f er
{$IFNDEF CLR}function ReadBuffer(var Buffer; const Count: Longint): Longint; overload;{$ENDIF}function ReadBuffer(var Buffer: TBytes; const Offset, Count: Longint): Longint; overload;
DescriptionCall ReadBuffer to read Count bytes from the stream into Buffer . ReadBuffer returns bytes count thatwere actually read.If size of the received data is less than Count bytes, ReadBuffer waits during amount of time specified in Timeout, and then returns control.
If the NonBlocking property is True, the OnAsyncReceive event arises when data from the server isreceived asynchronously. It means that you can call ReadBuffer to read this data. The InCount propertyindicates the size of received data.
Note: This method works only if the Direct property is set to True. Otherwise, an exception is raised.
See AlsoNonBlockingWriteBuffer
15.35.3.2 TScSSHChannel.WriteBuf f er
{$IFNDEF CLR}function WriteBuffer(const Buffer; const Count: Longint): Longint; overload;{$ENDIF}function WriteBuffer(const Buffer: TBytes; const Offset, Count: Longint): Longint; overload;
DescriptionCall WriteBuffer transfer Count bytes from Buffer through an existent connection. The function returnsbytes count that was actually transferred.
Note: This method works only if the Direct property is set to True. Otherwise, an exception is raised.
Note: If the NonBlocking property is True, the function returns control immediately. Data is transferredasynchronously. The OutCount indicates size of the data that is waiting for sending to the server.
See AlsoNonBlockingReadBuffer
15.35.3.3 TScSSHChannel.WriteString
UnitScSSHChannel
164
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
DescriptionTScSSHShell is responsible for opening the shell on remote side. Usually, there is only one shell logicalconnection established during secure session. Physically secure connection is provided by SSH clientthat can be assigned to the Client property.
There are two ways to use this component. The first way is to execute a command with the ExecuteCommand method.The second way is connection in NonBlocking mode. Set NonBlocking to True, connect to the server,send commands to the server using the WriteString method. The OnAsyncReceive event notifies thatsome data from the server was received. Use the ReadString method to read it.
See AlsoTScSSHClientSSHShell demo
SecureBridge Components165
SecureBridge Components, Copyright © 2007-2009 Devart
15.35.4 Events
15.35.4.1 TScSSHChannel.OnError
typeTScError = procedure(Sender: TObject; E: Exception) of object;
property OnError: TScError;
DescriptionOccurs with local port forwarding if an error arose in the listening thread. Sender is the object that raised the exception. E is the exception object that describes the exception.
See AlsoConnected
15.35.4.2 TScSSHChannel.OnSocketConnect
typeTScSocketEvent = procedure(Sender: TObject; const SockAddr: {$IFNDEF CLR}
TSockAddr{$ELSE}IPEndPoint{$ENDIF}) of object;
property OnSocketConnect: TScSocketEvent;
DescriptionThis event occurs if someone tries to connect to the SourcePort when local port forwarding.Sender is the object that raised the event. SockAddr it the object that describes the socket for dataexchange.
See AlsoOnSocketDisconnectConnected
15.35.4.3 TScSSHChannel.OnSocketDisconnect
typeTScSocketEvent = procedure(Sender: TObject; const SockAddr: {$IFNDEF CLR}
TSockAddr{$ELSE}IPEndPoint{$ENDIF}) of object;
property OnSocketDisconnect: TScSocketEvent;
DescriptionThis event occurs if the socket which the connection was established with, become closed or broken.Sender is the object that raised the event. SockAddr it the object that describes the socket for dataexchange.
See AlsoOnSocketConnectConnected
166
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.36 TScSSHClient
15.36.1 Description
UnitScSSHClient
DescriptionTScSSHClient is a component that implements functionality of SSH client. TScSSHClient unites severallogical server connections in one physical secure connection. Logical connections can exist in differentthreads. It connects to the SSH server to which point the HostName and Port properties.To connect to an SSH server, you can use the following parameters:
authentication method Authentication that will be used by the server to authenticate the client.
asymmetric encrypting algorithms HostKeyAlgorithms and server public key HostKeyName areused by the client to authenticate for the SSH server;
symmetric encrypting algorithms CiphersClient and CiphersServer to encrypt transferred data;
information about user: User, Password, PrivateKeyName .
See AlsoConnectedStep-by-step tutorialSSH-tunnel destination
SecureBridge Components167
SecureBridge Components, Copyright © 2007-2009 Devart
15.36.2 Properties
15.36.2.1 TScSSHClient.Authentication
typeTScSSHAuthentication = (atPublicKey, atPassword, atKeyboardInteractive);
property Authentication: TScSSHAuthentication;
DescriptionThe Authentication property determines what method will be used by server to authenticate the client.
atPublicKey authentication by the user's public key. Under this authentication method,
server verifies user the name User and the client key PrivateKeyName . If apublic key on the server corresponds to this user, the user can login to thisserver if he have a secret key. This method is considered more secure than atPassword, because the key is harder to crack. You should take care the
key to be periodically regenerated and confidential delivered (see the Keystransferring topic).
atPassword authentication by password. Under this authentication method, server verifies
the user name User and password of the user Password. The password shouldbe pretty length to ensure high secure level. The long password name, theharder it to crack.
atKeyboardInteractive keyboard-interactive authentication.
See AlsoConnected
15.36.2.2 TScSSHClient.CiphersClient
property CiphersClient: TScSSHCiphers;
DescriptionThe CiphersClient property holds a list of the acceptable symmetric algorithms that can be used forencrypting data that is passed from client to server.
See AlsoConnected
15.36.2.3 TScSSHClient.CiphersServer
property CiphersServer: TScSSHCiphers;
DescriptionThe CiphersServer property holds a list of the acceptable symmetric algorithms that can be used forencrypting data that is passed from server to client.
See Also
168
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
Connected
15.36.2.4 TScSSHClient.ClientInfo
property ClientInfo: TScSSHClientInfo;
DescriptionHolds information about the current connection. ClientInfo is initialized after the client is authenticated byserver.
See AlsoConnected
15.36.2.5 TScSSHClient.Connected
property Connected: Boolean;
DescriptionDetermines whether the connection to SSH server is established. Switch it to True, to establishconnection to SSH server. Switch it to False, to close the connection to SSH server.
See AlsoConnectDisconnect
15.36.2.6 TScSSHClient.HostKeyAlgorithms
property HostKeyAlgorithms: TScSSHHostKeyAlgorithms;
DescriptionThe HostKeyAlgorithms property holds the list of the algorithms supported for the server host key. Specify the asymmetric algorithms, for what the client have a server public key, or want to obtain thiskey. This key used by client to authenticate the server.
See AlsoHostKeyNameConnected
15.36.2.7 TScSSHClient.HostKeyName
property HostKeyName: string;
DescriptionDetermines name of the server public key that is stored in KeyStorage.
The public key received from the server is compared with the key from KeyStorage when server isauthenticating. If the keys does not coincide, or the corresponding key is not found in the Storage, theOnServerKeyValidate event is raised. If the keys coincide, the server is considered valid.
SecureBridge Components169
SecureBridge Components, Copyright © 2007-2009 Devart
Note: If HostKeyName is not specified, the key is searched by HostName.
See AlsoOnServerKeyValidateHostKeyAlgorithms
15.36.2.8 TScSSHClient.HostName
property HostName: string;
DescriptionHost name to connect to SSH server.
See AlsoPortConnected
15.36.2.9 TScSSHClient.KeyStorage
property KeyStorage: TScStorage;
DescriptionKeyStorage is used to access key list in storage. If KeyStorage is not assigned, an exception will beraised when attempting to connect.
See AlsoHostKeyNamePrivateKeyName
15.36.2.10 TScSSHClient.Options
typeTScSSHClientOptions = class(TPersistent)publishedproperty RekeyLimit: string;property ServerAliveCountMax: integer;property ServerAliveInterval: integer;property TCPKeepAlive: Boolean;property BindAddress: string;property ClientVersion: string;property MsgIgnoreRate: integer;
end;
property Options: TScSSHClientOptions;
DescriptionOptions determines behaviour of a TScSSHClient object. The members of the Options are describedbelow:
Property Description
RekeyLimit This option determines how much data can be transferred before the
170
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
session key is renegotiated. You can specify a number with a prefix thatindicates unit (K - Kilobytes, M - Megabytes, G - Gigabytes).
ServerAliveCountMax Determines how many messages may be sent to server before a
message from the server is received. If the value of this property isreached, TScSSHClient will disconnect from the server.The default value is 3.
ServerAliveInterval Determines a timeout interval in seconds after which TScSSHClient will
send a message through the encrypted channel to request a responsefrom the server if no data has been received from the server.The default value is 0. It means that these messages will not be sent tothe server.
TCPKeepAlive This option specifies whether the system should send TCP keep alive
messages to the other side. If they are sent, death of the connection orcrash of one of the machines will be properly noticed.
BindAddress Use the specified address on the local machine as the source address of
the connection. Only useful on systems with more than one address.
ClientVersion The version of the SSH-client.
MsgIgnoreRate Determines probability of sending a packet that will be ignore by the
server (SSH_MSG_IGNORE packets) after each data packet. Theseignore packets are intended for increasing data protection level againstcracking by traffic analyzing. The value of this property can vary from 0 to100. 0 means that no ignore packages will be sent. 100 means that oneignore package will be sent after the each data package.Note: The traffic is increased when you increase the value of this option.
See AlsoConnected
15.36.2.11 TScSSHClient.Password
property Password: string;
DescriptionPassword is used to connect to the server when user is authenticated by password.
See AlsoAuthenticationConnected
15.36.2.12 TScSSHClient.Port
property Port: integer;
DescriptionUse Port property to specify port number for TCP/IP connection with SSH-server.
SecureBridge Components171
SecureBridge Components, Copyright © 2007-2009 Devart
The default value is 22.
See AlsoHostNameConnected
15.36.2.13 TScSSHClient.PrivateKeyName
property PrivateKeyName: string;
DescriptionSpecifies private key name that is stored in KeyStorage.
If the authentication by key is used, the user must have his pair of keys. The public key should betransferred to the server, while the private key will be used by the client to sign data, that will be used byserver to authenticate the user.
Note: If PrivateKeyName is not specified, the key will be searched by the name in User.
See AlsoAuthenticationKeys transferring
15.36.2.14 TScSSHClient.Timeout
property Timeout: integer;
DescriptionDetermines the time interval in seconds during which the client will try to obtain data from the serverwhen authenticating. If data is not obtained, the connection becomes closed.The default value is 15.
See AlsoConnected
15.36.2.15 TScSSHClient.User
property User: string;
DescriptionUser name that is used to connect to the server.
See AlsoPasswordConnected
172
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.36.3 Methods
15.36.3.1 TScSSHClient.Connect
procedure Connect;
DescriptionEstablishes connection to SSH server. Connect sets the Connected property to True.
See AlsoDisconnectAfterConnectBeforeConnect
15.36.3.2 TScSSHClient.Disconnect
procedure Disconnect;
DescriptionCloses an existent connection to SSH server. Disconnect sets the Connected property to False.
See AlsoConnectAfterDisconnectBeforeDisconnect
SecureBridge Components173
SecureBridge Components, Copyright © 2007-2009 Devart
15.36.4 Events
15.36.4.1 TScSSHClient.Af terConnect
property AfterConnect: TNotifyEvent;
DescriptionOccurs after a connection to an SSH server is established.
See AlsoAfterDisconnectBeforeConnectBeforeDisconnectConnected
15.36.4.2 TScSSHClient.Af terDisconnect
property AfterDisconnect: TNotifyEvent;
DescriptionOccurs after the connection to an SSH server becomes closed.
See AlsoAfterConnectBeforeConnectBeforeDisconnectConnected
15.36.4.3 TScSSHClient.BeforeConnect
property BeforeConnect: TNotifyEvent;
DescriptionOccurs immediately before establishing a connection to an SSH server.
See AlsoAfterConnectAfterDisconnectBeforeDisconnectConnected
15.36.4.4 TScSSHClient.BeforeDisconnect
property BeforeDisconnect: TNotifyEvent;
DescriptionOccurs immediately before the connection to an SSH server becomes closed.
See AlsoAfterConnectAfterDisconnectBeforeConnectConnected
174
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.36.4.5 TScSSHClient.OnBanner
typeTBannerEvent = procedure(Sender: TObject; const Banner: string) ofobject;
property OnBanner: TBannerEvent;
DescriptionOccurs if SSH server returns a banner when authenticating. The Banner hold received banner.The banner may contain a warning message or any other information message.
See AlsoConnected
15.36.4.6 TScSSHClient.OnServerKeyValidate
typeTScServerKeyValidate = procedure(Sender: TObject; NewServerKey: TScKey;var Accept: Boolean) of object;
property OnServerKeyValidate: TScServerKeyValidate;
DescriptionOccurs if the key received from the server and the key specified in HostKeyName does not coincide.
It the client connects to the server for the first time and does not have the server public key, it is possibleto accept the key received from the server. This key will be stored in Storage. It will be used toauthenticate the server in the future. But in this case to provide safety, you ought to verify in any way (e.g. by phone) the key print. If you trust the server, set the Accept to True to establish the connection.To get the key print, use the GetFingerprint method.To save a key to the Storage, specify the key name (NewServerKey.KeyName) and invoke KeyStorage.Keys.Add(NewServerKey) .
Parameters:
Sender - the object that raised the event;
NewServerKey - the public key received from the server;
Accept - when Accept is set to True, the server is considered valid, and the server authentication
is successful. When Accept is set to False, the server is considered invalid and the connection isclosed.
See AlsoHostKeyNameConnected
SecureBridge Components175
SecureBridge Components, Copyright © 2007-2009 Devart
15.37 TScSSHCustomChannel
15.37.1 Description
UnitScSSHChannel
DescriptionTScSSHCustomChannel is an abstract class that ensures the logical connection creation via the SSHtunnel and gives an interface for data exchange. Physically a secure connection is provided by an SSHclient that can be assigned to the Client property.
To exchange data, you should use ReadBuffer , ReadString and WriteBuffer, WriteString methods.
See AlsoTScSSHChannelTScSSHShellTScSSHClient
176
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.37.2 Properties
15.37.2.1 TScSSHCustomChannel.Client
property Client: TScSSHClient;
DescriptionThe Client property determines the physical connection between SSH client and SSH server. Thisconnection is used to exchange data. To create a logical connection, the Client property must be set.This property can be set at design time by selecting a TScSSHClient object from the provided list.At runtime, set the Client property to reference of an existent TScSSHClient object.
15.37.2.2 TScSSHCustomChannel.Connected
property Connected: Boolean;
DescriptionConnected determines, whether the connection is established. Switch it to True, to establish a logicalconnection to an SSH server. Switch it to False, to close a logical connection to the SSH server.
Note: To establish a connection, it is required to set the Client property, that provides secure physicalconnection to the SSH server. After the connection is established, the information is transferred throughthe secure channel.
See AlsoClient
15.37.2.3 TScSSHCustomChannel.InCount
property InCount: integer;
DescriptionDetermines data size received from the server. This data can be obtained using the ReadBuffer method.
Note: This property has sense only if the NonBlocking property is set to True.
See AlsoNonBlockingReadBuffer
15.37.2.4 TScSSHCustomChannel.NonBlocking
property NonBlocking: Boolean;
DescriptionUse this property to determine what data transferring mode will be used: synchronous or asynchronous.If NonBlocking is True, the WriteBuffer method will not block the execution of other code in theapplication. The data is transferred in asynchronous mode. When data is received from the server, the OnAsyncReceive event will arise.
See AlsoInCountOutCountOnAsyncReceive
SecureBridge Components177
SecureBridge Components, Copyright © 2007-2009 Devart
OnAsyncE rrorReadBufferWriteBuffer
15.37.2.5 TScSSHCustomChannel.OutCount
property OutCount: Integer;
DescriptionDetermines data size that is waiting for sending to the server.
Note: This property has sense only if the NonBlocking properties are set to True.
See AlsoNonBlockingWriteBuffer
15.37.2.6 TScSSHCustomChannel.Timeout
property Timeout: integer;
DescriptionDetermines amount of time during which the client makes attempts to obtain data from the server.
It is measured in seconds. Default value is 1.
See AlsoReadBuffer
178
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.37.3 Methods
15.37.3.1 TScSSHCustomChannel.Connect
procedure Connect;
DescriptionCall Connect to establish a logical connection through an SSH tunnel. Connect sets the Connectedproperty to True.
See AlsoConnected
15.37.3.2 TScSSHCustomChannel.Disconnect
procedure Disconnect;
DescriptionCall Disconnect to close a logical connection through an SSH tunnel. Disconnect sets the Connectedproperty to False.
See AlsoConnected
15.37.3.3 TScSSHCustomChannel.ReadBuf fer
{$IFNDEF CLR}function ReadBuffer(var Buffer; const Count: Longint): Longint; overload;{$ENDIF}function ReadBuffer(var Buffer: TBytes; const Offset, Count: Longint): Longint; overload;
DescriptionCall ReadBuffer to read Count bytes from the stream into Buffer. ReadBuffer returns bytes count thatwas actually read.If size of the received data is less than Count bytes, ReadBuffer waits during amount of time specified in Timeout, and then returns control.
Note: If the NonBlocking property is True, the OnAsyncReceive event arises when data from server is received.The InCount property indicates the size of received data.
See AlsoNonBlockingWriteBuffer
15.37.3.4 TScSSHCustomChannel.ReadString
function ReadString: string;
DescriptionThe ReadString method reads all data from the stream and returns it as a string.
SecureBridge Components179
SecureBridge Components, Copyright © 2007-2009 Devart
Note: If the NonBlocking property is True, the OnAsyncReceive event arises when data from server is received.
See AlsoReadBufferWriteString
15.37.3.5 TScSSHCustomChannel.WriteBuf f er
{$IFNDEF CLR}function WriteBuffer(const Buffer; const Count: Longint): Longint; overload;{$ENDIF}function WriteBuffer(const Buffer: TBytes; const Offset, Count: Longint): Longint; overload;
DescriptionCall WriteBuffer transfer Count bytes from Buffer through an existent connection. The function returnsbytes count that was actually transferred.
Note: If the NonBlocking property is True, the function returns control immediately. Data is transferredasynchronous. The OutCount indicates size of the data that is waiting for sending to the server.
See AlsoNonBlockingReadBuffer
180
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.37.4 Events
15.37.4.1 TScSSHCustomChannel.OnAsyncError
typeTScAsyncError = procedure (Sender: TObject; E: Exception) of object;
property OnAsyncError: TScAsyncError;
DescriptionOccurs when an exception is raised during asynchronous data receiving or transferring. Sender is the object that raised the exception. E is the exception object that describes the exception.
Note: This event occurs only if NonBlocking is True.
See AlsoNonBlocking
15.37.4.2 TScSSHCustomChannel.OnAsyncReceive
typeTScAsyncReceive = procedure(Sender: TObject) of object;
property OnAsyncReceive: TScAsyncReceive;
DescriptionOccurs when data is received from the server in asynchronous mode. The data can be read with the ReadBuffer method. The InCount property indicates size of received data. This event occurs only if NonBlocking is True.
See AlsoNonBlocking
15.37.4.3 TScSSHCustomChannel.OnConnect
property OnConnect: TNotifyEvent;
DescriptionOccurs before establishing logical connection through an SSH tunnel.
See AlsoOnDisconnect
15.37.4.4 TScSSHCustomChannel.OnDisconnect
property OnDisconnect: TNotifyEvent;
DescriptionOccurs after the logical connection to an SSH server becomes closed.
See Also
SecureBridge Components181
SecureBridge Components, Copyright © 2007-2009 Devart
OnConnect
182
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.38 TScSSHServer
15.38.1 Description
UnitScSSHServer
DescriptionThe TScSSHServer component implements functions of SSH server.TScSSHServer listens to the port TCP/IP port specified in the Port property, and if an SSH client tries toconnect to this port, TScSSHServer authenticates the client. If authentication is successful, it willestablish connection. After that the TScSSHServer carries out client queries.Storage.Users holds the list of the users that are allowed to connect to the server.
See AlsoActiveTScSSHClientStep-by-step tutorial
SecureBridge Components183
SecureBridge Components, Copyright © 2007-2009 Devart
15.38.2 Properties
15.38.2.1 TScSSHServer.Active
property Active: Boolean;
DescriptionIndicates whether the SSH server is running.Set Active to True to run the SSH server. After the server is activated, it starts listening the TCP/IPspecified in the Port property.Set Active to False to stop the SSH server.
See AlsoPortStorage
15.38.2.2 TScSSHServer.Authentications
typeTScSSHAuthentication = (atPublicKey, atPassword);TScSSHAuthentications = set of TScSSHAuthentication;
property Authentications: TScSSHAuthentications;
DescriptionThe Authentications property holds a set of acceptable client authentication methods.
atPublicKey authentication by public key;
atPassword authentication by password.
15.38.2.3 TScSSHServer.Ciphers
property Ciphers: TScSymmetricAlgorithms;
DescriptionThe Ciphers property holds a set of the acceptable symmetric encryption algorithms, that are used forencrypting transferred data.
15.38.2.4 TScSSHServer.HostKeyAlgorithms
property HostKeyAlgorithms: TScAsymmetricAlgorithms;
DescriptionThe HostKeyAlgorithms property holds set of the algorithms supported for the host key.
Indicate the asymmetric algorithms, for which server has private key that. This key is used by client toauthenticate the server.
See AlsoKeyNameRSAKeyNameDSA
184
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.38.2.5 TScSSHServer.KeyNameDSA
property KeyNameDSA: string;
DescriptionDetermines name of the private DSA key that is stored in Storage.
The server must have one or more couples of keys so that clients are able to authenticate the server. Thepublic key should be passed to the client. The private key will be used by the server whenauthenticating.
Note: If KeyNameDSA is not specified, the key is searched by the name 'ssh-dss'.
See AlsoKeyNameRSAHostKeyAlgorithmsTScSSHClient.HostKeyNameKeys transferring
15.38.2.6 TScSSHServer.KeyNameRSA
property KeyNameRSA: string;
DescriptionDetermines name of the private RSA key that is stored in Storage.
The server must have one or more couples of keys so that clients are able to authenticate the server. Thepublic key should be passed to the client. The private key will be used by the server whenauthenticating.
Note: If KeyNameRSA is not specified, the key is searched by the name 'ssh-dss'.
See AlsoKeyNameDSAHostKeyAlgorithmsTScSSHClient.HostKeyNameKeys transferring
15.38.2.7 TScSSHServer.Options
typeTScSSHServerOptions = class(TPersistent)published
property AllowEmptyPassword: Boolean;property Banner: string;property ClientAliveCountMax: integer;property ClientAliveInterval: integer;property RekeyLimit: string;property TCPKeepAlive: Boolean;property ListenAddress: string;property MaxStartups: integer;
end;
SecureBridge Components185
SecureBridge Components, Copyright © 2007-2009 Devart
property Options: TScSSHServerOptions;
DescriptionSet properties of Options to specify the behaviour of TScSSHServer object. The meanings of Options'
properties are:
Property Description
AllowEmptyPassword Determines whether connection with an empty password is allowed.
Banner Holds a warning message that is sent to a client before authentication is
allowed.
ClientAliveCountMax Determines how many messages may be sent to a client before a
message from the client is received. If the value of this property isreached, TScSSHServer will close connection with this client.The default value is 3.
ClientAliveInterval Determines a timeout interval in seconds after which TScSSHServer will
send a message through the encrypted channel to request a responsefrom the client if no data has been received from the client. The default value is 0. It means that these messages will not be sent tothe client.
RekeyLimit This option determines how much data can be transferred before the
session key is renegotiated. You can specify a number with a prefix thatindicates unit (K - Kilobytes, M - Megabytes, G - Gigabytes).
TCPKeepAlive Specifies whether the system should send TCP keepalive messages to
the other side. If they are sent, death of the connection or crash of oneof the machines will be properly noticed. Useful on systems with morethan one IP.
ListenAddress Specifies the local address which TScSSHServer should listen to. If
there are several netcards installed on the computer, and ListenAddressis not assigned, the "0.0.0.0" address will be listened. It means that it ispossible to connect to any of the installed netcards.
MaxStartups Specifies the maximum number of concurrent unauthenticated
connections to the TScSSHServer. Additional connections will bedropped until authentication succeeds. The default is 20.
See AlsoActive
15.38.2.8 TScSSHServer.Port
property Port: integer;
DescriptionUse the Port property to specify what TCP/IP port will TScSSHServer listen on.
186
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
The default value is 22.
See AlsoActive
15.38.2.9 TScSSHServer.ServerVersion
property ServerVersion: string;
DescriptionThe version of the SSH server.
See AlsoActive
15.38.2.10 TScSSHServer.Storage
property Storage: TScStorage;
DescriptionUse this property to store keys and user list in storage.The Storage.Users holds the user list that can connect to the server.
15.38.2.11 TScSSHServer.Timeout
property Timeout: integer;
DescriptionDetermines time interval in seconds during which the server will be trying to obtain data from the clientwhen authenticating. If the data is not received, server closes this connection.
The default value is 15.
SecureBridge Components187
SecureBridge Components, Copyright © 2007-2009 Devart
15.38.3 Methods
15.38.3.1 TScSSHServer.SendToClient
{$IFNDEF CLR}procedure SendToClient(ChannelInfo: TScSSHChannelInfo; const Buffer;
const Count: Longint); overload;{$ENDIF}procedure SendToClient(ChannelInfo: TScSSHChannelInfo; const Buffer:
TBytes; const Offset, Count: Longint); overload;
DescriptionUse SendToClient, to send data to SSH client.
Use this method if for the channel specified in ChannelInfo. The direct mode is used. To handle datareceived from the client, the OnDataFromClient and OnDataToClient events are used.
Parameters:
ChannelInfo - holds an information about SSH channel;
Buffer - points to the buffer that contains data to be transferred ;
Offset - zero-based byte offset in Buffer that indicates location of the data to transfer;
Count - length of the data to be transferred .
188
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.38.4 Events
15.38.4.1 TScSSHServer.Af terChannelDisconnect
typeTScAfterChannelDisconnect = procedure(Sender: TObject; ChannelInfo:
TScSSHChannelInfo) of object;
property AfterChannelDisconnect: TScAfterChannelDisconnect;
DescriptionOccurs after the SSH channel is disconnected.
Parameters:
Sender - the object that raised the event;
ChannelInfo - holds an information about the current SSH channel.
15.38.4.2 TScSSHServer.Af terShellDisconnect
typeTScAfterShellDisconnect = procedure(Sender: TObject; ClientInfo:TScSSHClientInfo) of object;
property AfterShellDisconnect: TScAfterShellDisconnect;
DescriptionOccurs after the SSH shell session is disconnected.
Parameters:
Sender - the object that raised the event;
ClientInfo - holds information about the current connection state.
See AlsoTScSSHShell
15.38.4.3 TScSSHServer.Af terClientConnect
typeTScClientEvent = procedure(Sender: TObject; ClientInfo: TScSSHClientInfo)
of object;
property AfterClientConnect: TScClientEvent;
DescriptionThis event occurs after the connection with an SSH client is established.
Parameters:
Sender - an SSH server to which the client connects;
ClientInfo - holds an information about the current state.
SecureBridge Components189
SecureBridge Components, Copyright © 2007-2009 Devart
15.38.4.4 TScSSHServer.Af terClientDisconnect
typeTScClientEvent = procedure(Sender: TObject; ClientInfo: TScSSHClientInfo)
of object;
property AfterClientDisconnect: TScClientEvent;
DescriptionOccurs after an SSH client is disconnected, or if connection to the client is lost.
Parameters:
Sender - an SSH server that raised the event;
ClientInfo - holds an information about the current state.
15.38.4.5 TScSSHServer.BeforeChannelConnect
typeTScBeforeChannelConnect = procedure(Sender: TObject; ChannelInfo:
TScSSHChannelInfo; var Direct: Boolean) of object;
property BeforeChannelConnect: TScBeforeChannelConnect;
DescriptionThis event occurs on opening a new channel.If you set the Direct parameter to True, the data obtained from the client will not be transferred anywhere.It is required to add a handler for the OnDataFromClient event to handle the data obtained from client.
Parameters:
Sender - the object that raised the event;
ChannelInfo - holds an information about the current SSH channel;
Direct - determines whether the data obtained from the client will be transferred to the host and portspecified by user. Set Direct to True if you want to process the data received from the clientyourself.
See AlsoOnDataFromClientOnDataToClient
15.38.4.6 TScSSHServer.BeforeShellConnect
typeTScBeforeShellConnect = procedure(Sender: TObject; ClientInfo:
TScSSHClientInfo) of object;
property BeforeShellConnect: TScBeforeShellConnect;
DescriptionOccurs before opening a new shell session.
Parameters:
Sender - the object that raised the event;
190
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
ClientInfo - holds information about the current connection state.
See AlsoTScSSHShell
15.38.4.7 TScSSHServer.OnChannelError
typeTScChannelError = procedure(Sender: TObject; ChannelInfo:
TScSSHChannelInfo; E: Exception) of object;
property OnChannelError: TScChannelError;
DescriptionThis event occurs on errors that arise in SSH channel thread.The event handler is called in the thread in which the Exception arose.
Parameters:
Sender - the object that raised the exception;
ChannelInfo - holds an information about the current SSH channel;
E - the object that describes the exception.
15.38.4.8 TScSSHServer.OnClientError
typeTScClientError = procedure(Sender: TObject; ClientInfo: TScSSHClientInfo;
E: Exception) of object;
property OnClientError: TScClientError;
DescriptionThis event occurs on errors that arise in SSH client thread.The event handler is called in the thread in which the Exception arose.
Parameters:
Sender - the SSH server that raised the exception;
ClientInfo - holds an information about the current connection;
E - the object that describes the exception.
15.38.4.9 TScSSHServer.OnDataFromClient
typeTScData = procedure(Sender: TObject; ChannelInfo: TScSSHChannelInfo;
const Buffer: TBytes; const Offset, Count: Longint) of object;
property OnDataFromClient: TScData;
DescriptionOccurs when a new data chunk from the client is received end decrypted.
Parameters:
SecureBridge Components191
SecureBridge Components, Copyright © 2007-2009 Devart
Sender - the object that raised the event;
ChannelInfo - holds an information about the current SSH channel;
Buffer - points to the buffer that contains received data;
Offset - zero-based byte offset in Buffer that indicates location of the received data;
Count - length of the received data.
See AlsoOnDataToClient
15.38.4.10 TScSSHServer.OnDataToClient
typeTScData = procedure(Sender: TObject; ChannelInfo: TScSSHChannelInfo;
const Buffer: TBytes; const Offset, Count: Longint) of object;
property OnDataToClient: TScData;
DescriptionThis event occurs after a data chunk is received from the host with which connection is established inthe current channel, and before the data will be encrypted and sent to SSH an client.
Parameters:
Sender - the object that raised the event;
ChannelInfo - holds an information about the current SSH channel;
Buffer - points to the buffer that contains data to be transferred;
Offset - zero-based byte offset in Buffer that indicates location of the data to be encrypted andtransferred ;
Count - length of the data to be transferred.
See AlsoOnDataFromClient
15.38.4.11 TScSSHServer.OnError
typeTScError = procedure(Sender: TObject; E: Exception) of object;
property OnError: TScError;
DescriptionThis event occurs, if an error arise in the main thread of TScSSHServer.Event handler is called in the same thread where the exception arose.
Parameters:
Sender - the object that raised the exception;
E - the object that describes the exception.
See AlsoActive
192
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.39 TScSSHShell
15.39.1 Description
UnitScSSHChannel
DescriptionTScSSHShell is responsible for opening the shell on remote side. Usually, there is only one shell logicalconnection established during secure session. Physically secure connection is provided by SSH clientthat can be assigned to the Client property.
There are two ways to use this component. The first way is to execute a command with the ExecuteCommand method.The second way is connection in NonBlocking mode. Set NonBlocking to True, connect to the server,send commands to the server using the WriteString method. The OnAsyncReceive event notifies thatsome data from the server was received. Use the ReadString method to read it.
See AlsoTScSSHClientSSHShell demo
SecureBridge Components193
SecureBridge Components, Copyright © 2007-2009 Devart
15.39.2 Properties
15.39.2.1 TScSSHShell.Environment
property Environment: TStrings;
DescriptionThis property should contain a list of environment variables in format of «Variable=Value». Thesevariables are sent to the server on connect.
194
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.39.3 Methods
15.39.3.1 TScSSHShell.ExecuteCommand
function ExecuteCommand(const Command: string): string;
DescriptionExecutes Command on the server. ExecuteCommand establishes the logical connection to the SSHserver and sends a command execution inquiry. If NonBlocking mode is not enabled, the method waits until the command is executed, and then returnsa result. After the result is obtained, connection to the server is closed. So, this method can executeonly one command within a connection.In NonBlocking mode the method immediately returns an empty string, and does not wait until thecommand is executed. The command execution result can be obtained with the ReadString orReadBuffer method.The result of the Execute method is tightly related to the SSH server that executes the command. An alternative way to execute commands remotely is calling the WriteString and WriteBuffer methods.
See AlsoNonBlockingReadStringWriteString
15.39.3.2 TScSSHShell.ReadString
function ReadString: string;
DescriptionThe ReadBuffer method reads the result of a command executed by the WriteString method.In NonBlocking mode the result can be read after the OnAsyncReceive event arises.
See AlsoReadBufferWriteString
15.39.3.3 TScSSHShell.WriteString
procedure WriteString(const Buffer: string);
DescriptionUse the WriteString method to send a command with parameters to the server. The command is passedthrough an existent connection and executed remotely. The line feed symbol must conclude thecommand. The result of the command execution can be obtained by the ReadString and ReadBuffer methods.
Note: If the NonBlocking property is True, the function returns control immediately. Data is transferredasynchronously. The OutCount indicates size of the data that is waiting for sending to the server.
See AlsoReadStringWriteBuffer
SecureBridge Components195
SecureBridge Components, Copyright © 2007-2009 Devart
15.40 TScSSLClient
15.40.1 Description
UnitScSSLClient
DescriptionTScSSLClient is a component that implements functionality of the SSL client. TScSSLClient connectsto an application supporting the SSL protocol to which point the HostName and Port properties.
When you connect to a server that supports SSL, data will be transferred in a plain form until you switch IsSecure to True.To establish secure connection through SSL, you can use the following parameters:
security protocol kind;
encryption and data integrity algorithms to encrypt the data to be transferred;
the client certificate.
To exchange data, you should use the ReadBuffer and WriteBuffer methods.
See AlsoConnectedIsSecure
196
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.40.2 Properties
15.40.2.1 TScSSLClient.CACertName
property CACertName: string;
DescriptionSpecifies the server CA certificate name that is stored in Storage. CA certificate is used to authenticatethe server through SSL.From the server comes a certificate when authenticating. This certificate must be signed by the specifiedCA certificate. If received certificate is not signed by the CA certificate, the Accept parameter will be setto False in the OnServerCertValidate . If the server certificate is signed by the CA certificate, Accept willbe set to True.
If the certificate with the name specified in CACertName was not found, an exception is raised.
See AlsoOnServerCertValidate
15.40.2.2 TScSSLClient.CertName
property CertName: string;
DescriptionSpecifies the client certificate name that is stored in Storage. The client certificate is used toauthenticate the client by the server. It must be signed by CACertName, and must have a private key (TScCertificate.Key.IsPrivate is True).
If the specified certificate was not found in the storage and the SSL server requires the client certificatefor authentication, secure connection will not be established.
Note: If CertName is not specified, the certificate is searched by HostName.
See AlsoCACertName
15.40.2.3 TScSSLClient.CipherSuites
property CipherSuites: TScSSLCipherSuites;
DescriptionThe CipherSuites property holds a list of acceptable algorithms that can be used for encrypting andsupport integrity of the data transferred between the client and the server through a secure connection.
See AlsoIsSecure
SecureBridge Components197
SecureBridge Components, Copyright © 2007-2009 Devart
15.40.2.4 TScSSLClient.Connected
property Connected: Boolean;
DescriptionDetermines whether the connection to an SSL server is established. Switch it to True, to establishconnection to an SSL server. Switch it to False, to close the connection.
See AlsoConnectDisconnect
15.40.2.5 TScSSLClient.ConnectionInfo
property ConnectionInfo: TScSSLConnectionInfo;
DescriptionHolds information about the current connection. ConnectionInfo is initialized after the client isauthenticated by a server.
See AlsoIsSecure
15.40.2.6 TScSSLClient.HostName
property HostName: string;
DescriptionHost name to connect to the server through SSL.
See AlsoPortConnected
15.40.2.7 TScSSLClient.InCount
property InCount: integer;
DescriptionDetermines data size received from the server in NonBlocking mode. This data can be obtained usingthe ReadBuffer method.
See AlsoNonBlocking
15.40.2.8 TScSSLClient.IsSecure
property IsSecure: Boolean;
DescriptionDetermines whether the connection to SSL server is protected.
198
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
When you connect to a server that supports SSL, data will be transferred in a plain form until you switchIsSecure to True. Switching it to False closes the connection.
See AlsoProtocols
15.40.2.9 TScSSLClient.NonBlocking
property NonBlocking: Boolean;
DescriptionUse this property to determine what data transferring mode will be used: synchronous or asynchronous.If NonBlocking is True, the WriteBuffer method will not block the main application thread in theapplication. The data is transferred in asynchronous mode. When data is received from the server, the OnAsyncReceive event will arise.
See AlsoInCountOutCountOnAsyncReceiveOnAsyncE rror
15.40.2.10 TScSSLClient.OutCount
property OutCount: Integer;
DescriptionDetermines data size that is waiting for sending to the server.
Note, that this property has a sense only if the NonBlocking property is set to True.
See AlsoNonBlocking
15.40.2.11 TScSSLClient.Port
property Port: integer;
DescriptionSpecifies the port number for TCP/IP connection with the SSL server.
See AlsoHostNameConnected
15.40.2.12 TScSSLClient.Protocols
typeTScSSLProtocol = (spSsl3, spTls1);TScSSLProtocols = set of TScSSLProtocol;
SecureBridge Components199
SecureBridge Components, Copyright © 2007-2009 Devart
property Protocols: TScSSLProtocols;
DescriptionSpecifies supported security protocols. The default value is [spSsl3, spTls1]. If you change the Protocolvalue to [spSsl3], the client will not support the TLS 1.0 protocol. If only spTls1 is in set, the client willsupport both SSL 3.0 an TLS 1.0. But SSL 3.0 will be used only if the server refuses to connnectthrough TLS 1.0.
See AlsoIsSecure
15.40.2.13 TScSSLClient.Storage
property Storage: TScStorage;
DescriptionThis property is used to access certificate list in the linked storage. If Storage is not assigned, anexception will be raised on connect.
See AlsoCACertNameCertName
15.40.2.14 TScSSLClient.Timeout
property Timeout: integer;
DescriptionDetermines the time interval in seconds during which the client will wait for data from the server whenreading by the ReadBuffer method, or passing data to the server by the WriteBuffer method. After thetime has expired, methods return the result and control to the program.The default value is 0.
See AlsoReadBufferWriteBuffer
200
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.40.3 Methods
15.40.3.1 TScSSLClient.Connect
procedure Connect;
DescriptionEstablishes connection to the specified SSL server. Connect sets the Connected property to True.
See AlsoDisconnectAfterConnectBeforeConnect
15.40.3.2 TScSSLClient.Disconnect
procedure Disconnect;
DescriptionCloses an existent connection to the SSL server. Disconnect sets the Connected property to False.
See AlsoConnectAfterDisconnectBeforeDisconnect
15.40.3.3 TScSSLClient.ReadBuf f er
{$IFNDEF CLR}function ReadBuffer(var Buffer; const Count: Longint): Longint; overload;
{$ENDIF}function ReadBuffer(var Buffer: TBytes; const Offset, Count: Longint):
Longint; overload;
DescriptionCall ReadBuffer to read Count bytes from the stream into Buffer. ReadBuffer returns bytes count thatwas actually read.If size of the received data is less than Count bytes, ReadBuffer waits during amount of time specified in Timeout, and then returns control.
Note: If the NonBlocking property is True, the OnAsyncReceive event arises when data from server is received.The InCount property indicates the size of received data.
See AlsoNonBlockingTimeoutWriteBuffer
SecureBridge Components201
SecureBridge Components, Copyright © 2007-2009 Devart
15.40.3.4 TScSSLClient.WriteBuf f er
{$IFNDEF CLR}function WriteBuffer(const Buffer; const Count: Longint): Longint;
overload;{$ENDIF}function WriteBuffer(const Buffer: TBytes; const Offset, Count: Longint):
Longint; overload;
DescriptionWriteBuffer passes Count bytes from Buffer through an existent connection. The function returns bytescount that was actually passed.
Note: If the NonBlocking property is True, the function returns control immediately. Data is transferredasynchronously. The OutCount parameter indicates the size of the data that is waiting to be sent to theserver.
See AlsoNonBlockingReadBufferTimeout
202
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.40.4 Events
15.40.4.1 TScSSLClient.Af terConnect
property AfterConnect: TNotifyEvent;
DescriptionOccurs after a connection to an SSL server is established.
See AlsoAfterDisconnectBeforeConnectBeforeDisconnectConnected
15.40.4.2 TScSSLClient.Af terDisconnect
property AfterDisconnect: TNotifyEvent;
DescriptionOccurs after the connection to an SSL server becomes closed.
See AlsoAfterConnectBeforeConnectBeforeDisconnectConnected
15.40.4.3 TScSSLClient.BeforeConnect
property BeforeConnect: TNotifyEvent;
DescriptionOccurs immediately before establishing a connection to an SSL server.
See AlsoAfterConnectAfterDisconnectBeforeDisconnectConnected
15.40.4.4 TScSSLClient.BeforeDisconnect
property BeforeDisconnect: TNotifyEvent;
DescriptionOccurs immediately before the connection to an SSL server becomes closed.
See AlsoAfterConnectAfterDisconnectBeforeConnectConnected
SecureBridge Components203
SecureBridge Components, Copyright © 2007-2009 Devart
15.40.4.5 TScSSLClient.OnAsyncError
typeTScAsyncError = procedure (Sender: TObject; E: Exception) of object;
property OnAsyncError: TScAsyncError;
DescriptionOccurs when an exception is raised during asynchronous data receiving or transferring. Sender is an object that raised the exception. E is the exception object that describes the exception.
Note: This event occurs only if NonBlocking is True.
See AlsoNonBlocking
15.40.4.6 TScSSLClient.OnAsyncReceive
typeTScAsyncReceive = procedure(Sender: TObject) of object;
property OnAsyncReceive: TScAsyncReceive;
DescriptionOccurs if data was received from the server in asynchronous mode. The data can be read with the ReadBuffer method. The InCount property indicates size of the received data.
Note: This event occurs only if NonBlocking is True.
See AlsoNonBlocking
15.40.4.7 TScSSLClient.OnServerCertValidate
typeTScServerCertValidate = procedure(Sender: TObject; ServerCertificate:
TScCertificate; var Accept: boolean) of object;
property OnServerCertValidate: TScServerCertValidate;
DescriptionOccurs when the server certificate is received from the server.
When authenticating an SSL server, from the server comes a certificate that must be signed by thespecified CA certificate. If received certificate is not signed by the CA certificate, the Accept parameterwill be set to False in the OnServerCertValidate. If the server certificate is signed by the CA certificate,Accept will be set to True in the OnServerCertValidate event. A handler of this event can performadditional verifications to authenticate the server. If you trust the server, set the Accept to True and theconnection will be established.
Parameters:
Sender - the object that raised the event;
204
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
ServerCertificate - the server certificate received from the server;
Accept - SecureBridge determines the value of the Accept parameter and passes it intothis event. You can change the Accept value within this event handler. If Accept is set to True, theserver is considered valid, and the server authentication is considered successful. Otherwise, theserver is considered invalid, and the connection is closed.
See AlsoIsSecure
SecureBridge Components205
SecureBridge Components, Copyright © 2007-2009 Devart
15.41 TScStorage
15.41.1 Description
UnitScBridge
DescriptionTScStorage is an abstract class that describes the interface for storing asymmetric keys, certificatesand users of TScSSHServer .
See alsoTScFileStorageTScRegStorageTScCryptoAPIStorageTScCertificateTScKeyTScUser
206
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.41.2 Properties
15.41.2.1 TScStorage.Certif icates
property Certificates: TScCertificateList;
DescriptionLists all certificate objects of the Storage.Accessing certificates with the Certificates property is useful for applications that iterate over some or allcertificates in a storage.
15.41.2.2 TScStorage.Keys
property Keys: TScKeyList;
DescriptionLists all key objects of the Storage.Accessing keys with the Keys property is useful for applications that iterate over some or all keys in astorage.
15.41.2.3 TScStorage.Users
property Users: TScUserList;
DescriptionLists all user objects of the Storage.Accessing users with the Users property is useful for applications that iterate over some or all users ina storage.
15.41.2.4 TScStorage.ReadOnly
property ReadOnly: Boolean;
DescriptionDetermines whether the storage content can be changed.Set the ReadOnly property to True to forbid removing, adding, and changing objects in the storage. Setthe ReadOnly property to False to allow edit the storage.
SecureBridge Components207
SecureBridge Components, Copyright © 2007-2009 Devart
15.41.3 Methods
15.41.3.1 TScStorage.DeleteStorage
procedure DeleteStorage; virtual;
DescriptionPhysically deletes the storage and all its contents (keys, certificates, user list).
208
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.41.4 Events
15.41.4.1 TScStorage.OnCheckUserPass
typeTScCheckUserPass = procedure(ClientInfo: TScSSHClientInfo; const
Password: string; var Accept: Boolean) of object;
property OnCheckUserPass: TScCheckUserPass;
DescriptionThe OnCheckUserPass event arises when the password authentication is demanded on the server. Theserver previously verifies the given user and password in the Storage and specifies the value for theAccept parameter. If you want to grant or deny access for the current connection attempt, you shouldchange the Accept parameter value.
Parameters:
ClientInfo - the information about the user to be authenticated;
Password - a user password to be verified;
Accept - if Accept is set to True, the user is allowed to connect to the server, otherwise the user
is not allowed to connect to the server.
See alsoTScUser
15.41.4.2 TScStorage.OnCheckUserKey
typeTScCheckUserKey = procedure(ClientInfo: TScSSHClientInfo; Key: TScKey;
var Accept: Boolean) of object;
property OnCheckUserKey: TScCheckUserKey;
DescriptionThe OnCheckUserKey event arises when the authentication by the public key is demanded on theserver. The server previously verifies the given user and key in the Storage and specifies the value for theAccept parameter. If you want to grant or deny access for the current connection attempt, you shouldchange the Accept parameter value.
Parameters:
ClientInfo - the information about the user to be authenticated;
Key - a user public key to be verified;
Accept - if Accept is set to True, the user is allowed to connect to the server, otherwise the user
is not allowed to connect to the server.
See alsoTScUser
SecureBridge Components209
SecureBridge Components, Copyright © 2007-2009 Devart
15.42 TScUser
15.42.1 Description
UnitScBridge
DescriptionTScUser holds data about a user. This data is used by SSH server when the SSH client authenticationis performed.
To store a user list in a the Storage, use the UserList property.
See AlsoTScStorage
210
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.42.2 Properties
15.42.2.1 TScUser.Authentications
typeTScUserAuthentication = (uaPublicKey, uaPassword, uaOSAuthentication);TScUserAuthentications = set of TScUserAuthentication;
property Authentications: TScUserAuthentications;
DescriptionThe Authentications property contains available authentication methods.
Value Meaning
uaPublicKey Determines whether the connecting by key is allowed. If the
Authentications property does not contain this value, the Key property isnil. When this value is added, the TScKey object is createdautomatically, when it is removed, the Key is freed.
uaPassword Determines whether the connecting by password is allowed. In this case
the password is obtained from the Password property.
uaOSAuthentication Determines whether the connecting by password is allowed. In this case
the system password is used. The Password property can be empty.
Note: If both uaPassword and uaOSAuthentication values are in the set, at first the password
from the Password property is used. If the authentication fails, then the system password is used.
15.42.2.2 TScUser.Key
property Key: TScKey;
DescriptionThe key property Key holds the public key of the user that is used for authentication by key. Theauthentication by key is possible if the Authenticationsproperty includes the uaPublicKey value.
Note: If the Authentications property does not include the uaPublicKey value, the Key is nil.
See AlsoAuthentications
15.42.2.3 TScUser.Password
property Password: string;
DescriptionThe Password property holds the password that is used for password authentication. The authenticationby key is possible if the Authentications property includes the uaPassword value.
SecureBridge Components211
SecureBridge Components, Copyright © 2007-2009 Devart
See AlsoAuthentications
15.42.2.4 TScUser.UserList
property UserList: TScUserList;
DescriptionUserList is used for automatic loading and saving the information about user in the Storage.
See AlsoUserNameUserList.Storage
15.42.2.5 TScUser.UserName
property UserName: string;
DescriptionUserName is used for authentication, and for automatic loading and saving data in the UserList.
See AlsoTScStorage
212
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.42.3 Methods
15.42.3.1 TScUser.BeginUpdate
procedure BeginUpdate;
DescriptionBeginUpdate prevents changed data from saving to Storage until the EndUpdate method is called. UseBeginUpdate for improving the performance of you application. It will prevent data from rewriting it to the Storage each time when a property has been changed. This is useful if you are going to change multipleproperties of TScUser.
See AlsoEndUpdate
15.42.3.2 TScUser.EndUpdate
procedure EndUpdate;
DescriptionUse EndUpdate to save changed data to the Storage and cancel the mode that was enabled by theBeginUpdate.
See AlsoBeginUpdate
SecureBridge Components213
SecureBridge Components, Copyright © 2007-2009 Devart
15.43 TScUserList
15.43.1 Description
UnitScBridge
DescriptionTScUserList is used by a storage to manage the user objects that correspond to users in the storage.This class is used for storing the user list on the server.
Use the properties and methods of TScUserList to:
Access a specific user.
Add a new user object or delete persistent user objects from the list.
Find out how many users there are.
See alsoTScUser
214
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.43.2 Properties
15.43.2.1 TScUserList.Count
property Count: Integer;
DescriptionUse Count to determine the number of users referenced by the TScUserList object.
See AlsoUsers
15.43.2.2 TScUserList.Users
property Users[Index: Integer]: TScUser; default;
DescriptionUse Users to obtain a pointer to a specific user. The Index parameter indicates the index of the user,where 0 is the index of the first user, 1 is the index of the second user, and so on.Set Users to assign the properties of another user object to one of the users in the list.Use Users with the Count property to iterate through all of the users in the list.
See AlsoCount
15.43.2.3 TScUserList.Storage
property Storage: TScStorage;
DescriptionCheck the value of the Storage property to determine the storage that is associated with theTScUserList object. Applications should not directly assign the Storage property of a UserList. It isassigned automatically when the UserList is created.
See AlsoTScStorage
SecureBridge Components215
SecureBridge Components, Copyright © 2007-2009 Devart
15.43.3 Methods
15.43.3.1 TScUserList.Add
procedure Add(User: TScUser);
DescriptionInserts a new user to the end of the Users array. At that the UserList property of User is replaced to thecurrent TScUserList object and information about the User is saved to the Storage.
See AlsoTScUser
15.43.3.2 TScUserList.CheckUserName
procedure CheckUserName(const UserName: string);
DescriptionChecks for the user specified by UserName in the Users property array. If the user with the specifiedname is already listed, CheckUserName raises an EScE rrorexception with a duplicate user name errormessage.
See AlsoUsersEScE rror
15.43.3.3 TScUserList.Clear
procedure Clear;
DescriptionDeletes all users from the TScUserList object. Clear empties the Users property array, frees the memoryused to store the array and delete the users from the Storage.
See AlsoUsers
15.43.3.4 TScUserList.FindUser
function FindUser(const UserName: string): TScUser;
DescriptionCall FindUser to determine if a specified user is referenced in the TScUserList object. UserName is thename of the user for which to search. If FindUser finds a user with a matching name, it returns the TScUser object for the specified user. Otherwise it returns nil.
Note:FindUser differs from the UserByName method only when the named user is not in the list. When theuser is not found, FindUser returns nil, while UserByName raises an exception.
See alsoUserByName
216
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
15.43.3.5 TScUserList.UserByName
function UserByName(const UserName: string): TScUser;
DescriptionCall UserByName to determine if a specified user is referenced in the TScUserList object. UserName isthe name of the user for which to search. If UserByName finds a user with a matching name, it returnsthe TScUser object for the specified user. Otherwise it raises an exception.
Note:UserByName differs from the FindUser method only when the named user is not in the list. When theuser is not found, FindUser returns nil, while UserByName raises an exception.
See alsoFindUser
15.43.3.6 TScUserList.GetUserNames
procedure GetUserNames(List: TStrings);
DescriptionCall GetUserNames to fill the List with the user names for all users in the users object. List is a TStringsdescendant created and maintained by the application.
See alsoTScUser
15.43.3.7 TScUserList.IndexOf
function IndexOf(User: TScUser): Integer;
DescriptionCall IndexOf to get the index for a user in the Users array. Specify the user as the User parameter. The first user in the array has index 0, the second user has index 1, and so on. If a user is not in the Users array, IndexOf returns -1.
See alsoTScUser
15.43.3.8 TScUserList.Remove
procedure Remove(User: TScUser);
DescriptionDeletes the reference to the User parameter from the Users array and delete the user from the Storage.After a user is removed, all of the items that follow it are moved up in index position and the Count isreduced by one.
See alsoTScUser
SecureBridge Components217
SecureBridge Components, Copyright © 2007-2009 Devart
15.43.3.9 TScUserList.Ref resh
procedure Refresh;
DescriptionReloads the Users list from the Storage.
See alsoStorage.Users
218
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
16 SecureBridge Object and Component Listingby Unit
16.1 ScBridge
16.1.1 Classes
ScBridge unit implements the following classes:
TScCollectionTScSSHCipherItemTScSSHCiphersTScSSHHostKeyAlgorithmItemTScSSHHostKeyAlgorithmsTScKeyTScKeyListTScUserTScUserListTScStorageTScFileStorageTScRegStorageTScSSHConnectionInfoTScSSHClientInfoTScSSHChannelInfoTScOidTScDistinguishedNameTScCertExtensionTScCertBasicConstraintsExtensionTScCertEnhancedKeyUsageExtensionTScCertKeyUsageExtensionTScCertificateTScCertificateList
SecureBridge Components219
SecureBridge Components, Copyright © 2007-2009 Devart
16.2 ScCryptoAPIStorage
16.2.1 Classes
ScCryptoAPIStorage unit implements the following classes:
TScCryptoAPIStorage
220
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
16.3 ScIndy
16.3.1 Classes
ScIndy unit implements the following classes:
TScIdIOHandler
SecureBridge Components221
SecureBridge Components, Copyright © 2007-2009 Devart
16.4 ScRNG
16.4.1 Classes
ScRNG unit implements the following classes:
TScRandomTScRandom_LFSR
222
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
16.5 ScSFTPClient
16.5.1 Classes
ScSFTPClient unit implements the following classes:
TScSFTPClientTScSFTPServerProperties
SecureBridge Components223
SecureBridge Components, Copyright © 2007-2009 Devart
16.6 ScSFTPUtils
16.6.1 Classes
ScSFTPUtils unit implements the following classes:
EScSFTPE rrorTScCheckFileReplyExtensionTScSFTPACE ItemTScSFTPCustomExtensionTScSFTPExtensionTScSFTPFileAttributesTScSFTPFileInfoTScSFTPSupportedAclExtensionTScSFTPSupportedExtensionTScSFTPVendorExtensionTScSFTPVersionsExtensionTScFilenameTranslationControlExtensionTScSpaceAvailableReplyExtension
224
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
16.7 ScSSHChannel
16.7.1 Classes
ScSSHChannel unit implements the following classes:
TScSSHCustomChannelTScSSHChannelTScSSHStreamTScSSHShell
SecureBridge Components225
SecureBridge Components, Copyright © 2007-2009 Devart
16.8 ScSSHClient
16.8.1 Classes
ScSSHClient unit implements the following classes:
TScSSHClientTScSSHClientOptions
226
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
16.9 ScSSLClient
16.9.1 Classes
ScSSLClient unit implements the following classes:
TScSSLClientTScSSLConnectionInfoTScSSLCipherSuiteItemTScSSLCipherSuites
SecureBridge Components227
SecureBridge Components, Copyright © 2007-2009 Devart
16.10 ScSSHServer
16.10.1 Classes
ScSSHServer unit implements the following classes:
TScSSHServerTScSSHServerOptions
228
SecureBridge Components, Copyright © 2007-2009 Devart
SecureBridge Components
16.11 ScSSHUtil
16.11.1 Classes
ScSSHUtil unit implements the following classes and types:
EScE rrorTScSymmetricAlgorithmTScSymmetricAlgorithmsTScHashAlgorithmTScHashAlgorithmsTScAsymmetricAlgorithmTScAsymmetricAlgorithms
SecureBridge Components229
SecureBridge Components, Copyright © 2007-2009 Devart
Index- A -AccessTime 132
TScSFTPFileAttributes 132
AceFlags 99
TScSFTPACE Item 99
AceMask 99
TScSFTPACE Item 99
ACEs 132
TScSFTPFileAttributes 132
AceType 99
TScSFTPACE Item 99
AclFlags 132
TScSFTPFileAttributes 132
Active 102
TScSFTPClient 102
TScSSHServer 183
Add
TScCertificateList 56
TScKeyList 86
TScUserList 215
AfterChannelDisconnect
TScSSHServer 188
AfterClientConnect
TScSSHServer 188
AfterClientDisconnect
TScSSHServer 189
AfterConnect
TScSSHClient 173
TScSSLClient 202
AfterDisconnect
TScSSHClient 173
TScSSLClient 202
AfterShellDisconnect
TScSSHServer 188
Algorithm 74, 97
TScFileStorage 74
TScKey 78
TScRegStorage 97
AllocationSize 133
TScSFTPFileAttributes 133
AsString
TScSFTPVersionsExtension 156
Attributes 142
TScSFTPFileInfo 142
Attrs 133
TScSFTPFileAttributes 133
Authentication
TScSSHClient 167
Authentications
TScSSHServer 183
TScUser 210
- B -BeforeChannelConnect
TScSSHServer 189
BeforeConnect
TScSSHClient 173
TScSSLClient 202
BeforeDisconnect
TScSSHClient 173
TScSSLClient 202
BeforeShellConnect
TScSSHServer 189
BeginUpdate
TScUser 212
BitCount 78
TScKey 78
Block
TScSFTPClient 105
BytesAvailableToUser
TScSpaceAvailableReplyExtension 158
BytesOnDevice
TScSpaceAvailableReplyExtension 158
BytesPerAllocationUnit
TScSpaceAvailableReplyExtension 158
- C -CACertName
TScSSLClient 196
CertificateAuthority 41
TScCertBasicConstraintsExtension 41
CertificateByName
TScCertificateList 56
CertificateList 47
TScCertificate 47
Certificates
TScCertificateList 55
TScStorage 206
Index 230
SecureBridge Components, Copyright © 2007-2009 Devart
CertLocation 66
TScCryptoAPIStorage 66
CertName 47
TScCertificate 47
TScSSLClient 196
CertProviderType 66
TScCryptoAPIStorage 66
CertStoreName 67
TScCryptoAPIStorage 67
ChangeAttrTime 134
TScSFTPFileAttributes 134
CheckCertificateName
TScCertificateList 56
CheckFile
TScSFTPClient 106
CheckFileByHandle
TScSFTPClient 106
CheckKeyName
TScKeyList 86
CheckUserName
TScUserList 215
Ciphers
TScSSHServer 183
CiphersClient
TScSSHClient 167
CiphersServer
TScSSHClient 167
CipherSuites
TScSSLClient 196
Clear
TScCertificateList 56
TScKeyList 86
TScObjList 90
TScUserList 215
Client
TScIdIOHandler 76
TScSSHCustomChannel 176
ClientInfo
TScSSHClient 168
CloseHandle
TScSFTPClient 107
Connect
TScSSHClient 172
TScSSHCustomChannel 178
TScSSLClient 200
Connected
TScSSHChannel 160
TScSSHClient 168
TScSSHCustomChannel 176
TScSSLClient 197
Connection timeout 7
ConnectionInfo
TScSSLClient 197
CopyRemoteFile
TScSFTPClient 107
Count 70
TScCertificateList 55
TScDistinguishedName 70
TScKeyList 85
TScObjList 89
TScUserList 214
CreateLink
TScSFTPClient 107
CreateTime 135
TScSFTPFileAttributes 135
Critical 45
TScCertExtension 45
- D -Data 130
TScSFTPExtension 130
Decrypt
TScCertificate 51
TScKey 80
DeleteStorage
TScStorage 207
DestHost
TScSSHChannel 160
DestPort
TScSSHChannel 160
Direct
TScSSHChannel 160
Disconnect
TScSFTPClient 108
TScSSHClient 172
TScSSHCustomChannel 178
TScSSLClient 200
DoTranslate 72
DoTranslate 72
TScFilenameTranslationControlExtension 72
DownloadFile
TScSFTPClient 108
SecureBridge Components231
SecureBridge Components, Copyright © 2007-2009 Devart
- E -Encrypt
TScCertificate 51
TScKey 80
EndUpdate
TScUser 212
EnhancedKeyUsages 43
TScCertEnhancedKeyUsageExtension 43
Environment
TScSSHShell 193
EOF 102
TScSFTPClient 102
Equals
TScCertificate 51
TScKey 80
E rrorCode 39
EScSFTPE rror 39
EScE rror 37
EScSFTPE rror 38
E rrorCode 39
ExecuteCommand
TScSSHShell 194
ExportTo
TScCertificate 51
TScKey 80
ExtendedAttributes 135
TScSFTPFileAttributes 135
Extensions 47
TScCertificate 47
- F -Filename 142
TScSFTPFileInfo 142
FilenameCharset 144
TScSFTPServerProperties 144
FilenameCharsetAvailable 144
TScSFTPServerProperties 144
FileType 135
TScSFTPFileAttributes 135
FindCertificate
TScCertificateList 57
FindKey
TScKeyList 86
FindUser
TScUserList 215
Flush
TScObjList 90
FriendlyName 92
TScOid 92
- G -GatewayPorts
TScSSHChannel 161
Generate
TScKey 81
GetCertificateNames
TScCertificateList 57
GetFingerprint
TScCertificate 52
TScKey 82
GetKeyNames
TScKeyList 87
GetProviderNames
TScCryptoAPIStorage 68
GetUserNames
TScUserList 216
GID 136
TScSFTPFileAttributes 136
Group 136
TScSFTPFileAttributes 136
- H -HashAlgorithm 64
TScCheckFileReplyExtension 64
Hashes 64
TScCheckFileReplyExtension 64
HashesCount 64
TScCheckFileReplyExtension 64
HasPathLengthConstraint 41
TScCertBasicConstraintsExtension 41
HostKeyAlgorithms
TScSSHClient 168
TScSSHServer 183
HostKeyName
TScSSHClient 168
HostName 169
TScSSHClient 169
TScSSLClient 197
Index 232
SecureBridge Components, Copyright © 2007-2009 Devart
- I -ImportFrom
TScCertificate 52
TScKey 82
InCount
TScSSHChannel 161
TScSSHCustomChannel 176
TScSSLClient 197
IndexOf
TScCertificateList 57
TScKeyList 87
TScUserList 216
Initialize
TScSFTPClient 108
IsPrivate 78
TScKey 78
IsSecure
TScSSLClient 197
Issuer 47
TScCertificate 47
IssuerName 48
TScCertificate 48
IsSupportedBlockSet
TScSFTPSupportedExtension 152
IsSupportedOpenBlockSet
TScSFTPSupportedExtension 152
- K -Key 48
TScCertificate 48
TScUser 210
KeyByName
TScKeyList 86
KeyList 78
TScKey 78
KeyName 79
TScKey 79
KeyNameDSA
TScSSHServer 184
KeyNameRSA
TScSSHServer 184
KeyPath 97
TScRegStorage 97
Keys
TScKeyList 85
TScStorage 206
KeyStorage 169
TScSSHClient 169
KeyUsages 60
TScCertKeyUsageExtension 60
- L -LinkCount 136
TScSFTPFileAttributes 136
Longname 142
TScSFTPFileInfo 142
- M -MakeDirectory
TScSFTPClient 109
MaxReadSize
TScSFTPSupportedExtension 150
MimeType 136
TScSFTPFileAttributes 136
ModifyTime 137
TScSFTPFileAttributes 137
- N -Name 70, 128
TScDistinguishedName 70
TScSFTPCustomExtension 128
Names 70
TScDistinguishedName 70
Newline 144
TScSFTPServerProperties 144
NewlineAvailable 144
TScSFTPServerProperties 144
NonBlocking 102
TScSFTPClient 102
TScSSHChannel 161
TScSSHCustomChannel 176
TScSSLClient 198
NotAfter 48
TScCertificate 48
NotBefore 48
TScCertificate 48
SecureBridge Components233
SecureBridge Components, Copyright © 2007-2009 Devart
- O -Oid 45
TScCertExtension 45
OnAsyncE rror
TScSSHCustomChannel 180
TScSSLClient 203
OnAsyncReceive
TScSSHCustomChannel 180
TScSSLClient 203
OnBanner
TScSSHClient 174
OnChannelE rror
TScSSHServer 190
OnCheckUserKey
TScStorage 208
OnCheckUserPass
TScStorage 208
OnClientE rror
TScSSHServer 190
OnConnect
TScSFTPClient 120
TScSSHCustomChannel 180
OnCreateLocalFile
TScSFTPClient 120
OnData
TScSFTPClient 120
OnDataFromClient
TScSSHServer 190
OnDataToClient
TScSSHServer 191
OnDirectoryList
TScSFTPClient 121
OnDisconnect
TScSFTPClient 121
TScSSHCustomChannel 180
OnE rror
TScSFTPClient 121
TScSSHChannel 165
TScSSHServer 191
OnFileAttributes
TScSFTPClient 122
OnFileName
TScSFTPClient 122
OnOpenFile
TScSFTPClient 123
OnReplyCheckFile
TScSFTPClient 123
OnReplyExtension
TScSFTPClient 123
OnReplySpaceAvailable
TScSFTPClient 124
OnServerCertValidate
TScSSLClient 203
OnServerKeyValidate
TScSSHClient 174
OnSetRemoteFileAttributes
TScSFTPClient 124
OnSocketConnect
TScSSHChannel 165
OnSocketDisconnect
TScSSHChannel 165
OnSuccess
TScSFTPClient 125
OnVersionSelect
TScSFTPClient 125
OpenDirectory
TScSFTPClient 109
OpenFile
TScSFTPClient 109
Options
TScSSHClient 169
TScSSHServer 184
OutCount
TScSSHChannel 161
TScSSHCustomChannel 177
TScSSLClient 198
Owner 137
TScSFTPFileAttributes 137
- P -Password 74, 97
TScFileStorage 74
TScRegStorage 97
TScSSHClient 170
TScUser 210
Path 74
TScFileStorage 74
PathLengthConstraint 41
TScCertBasicConstraintsExtension 41
Permissions 137
TScSFTPFileAttributes 137
Port
TScSSHClient 170
Index 234
SecureBridge Components, Copyright © 2007-2009 Devart
Port
TScSSHServer 185
TScSSLClient 198
PrivateKeyName
TScSSHClient 171
ProductBuildNumber
TScSFTPVendorExtension 154
ProductName
TScSFTPVendorExtension 154
ProductVersion
TScSFTPVendorExtension 154
Protocols 198
TScSSLClient 198
ProviderName 67
TScCryptoAPIStorage 67
- Q -QueryAvailableSpace
TScSFTPClient 112
QueryUserHomeDirectory
TScSFTPClient 113
- R -RaiseE rror
TScSFTPSupportedExtension 150
Random
TScRandom 94
Randomize
TScRandom 94
RawData 45
TScCertExtension 45
ReadBlockSize 103
TScSFTPClient 103
ReadBuffer
TScSSHChannel 163
TScSSHCustomChannel 178
TScSSLClient 200
ReadDirectory
TScSFTPClient 113
ReadFile
TScSFTPClient 113
ReadOnly
TScStorage 206
ReadString
TScSSHCustomChannel 178
TScSSHShell 194
ReadSymbolicLink
TScSFTPClient 114
Ready 49, 79
TScCertificate 49
TScKey 79
Refresh
TScCertificateList 58
TScKeyList 87
TScObjList 90
TScUserList 217
Remote
TScSSHChannel 162
Remove
TScCertificateList 58
TScKeyList 87
TScUserList 216
RemoveDirectory
TScSFTPClient 114
RemoveFile
TScSFTPClient 114
RenameFile
TScSFTPClient 115
RequestExtension
TScSFTPClient 115
RetrieveAbsolutePath
TScSFTPClient 116
RetrieveAttributes
TScSFTPClient 116
RetrieveAttributesByHandle
TScSFTPClient 117
RootKey 97
TScRegStorage 97
- S -ScBridge
classes 218
ScCryptoAPIStorage
classes 219
ScIndy
classes 220
ScRNG
classes 221
ScSFTPClient
classes 222
ScSFTPUtils
classes 223
SecureBridge Components235
SecureBridge Components, Copyright © 2007-2009 Devart
ScSSHChannel
classes 224
ScSSHClient
classes 225
ScSSHServer
classes 227
ScSSHUtil
classes 228
ScSSLClient
classes 226
SendToClient
TScSSHServer 187
SerialNumber 49
TScCertificate 49
ServerProperties 103
TScSFTPClient 103
ServerVersion 103
TScSFTPClient 103
TScSSHServer 186
SetAttributes
TScSFTPClient 117
SetAttributesByHandle
TScSFTPClient 118
Sign
TScCertificate 52
TScKey 83
SignatureAlgorithm 49
TScCertificate 49
Size 138
TScSFTPFileAttributes 138
SourcePort
TScSSHChannel 162
SSH_tunnel_principles 159
SSHClient 102
TScSFTPClient 102
SSHStream
TScSSHChannel 162
Storage 199
TScCertificateList 55
TScKeyList 85
TScObjList 89
TScSSHServer 186
TScSSLClient 199
TScUserList 214
Subject 49
TScCertificate 49
SubjectKeyIdentifier 62
TScCertSubjectKeyIdExtension 62
SubjectName 49
TScCertificate 49
SupportedAccessMask
TScSFTPSupportedExtension 150
SupportedAcls 145
TScSFTPServerProperties 145
TScSFTPSupportedAclExtension 148
SupportedAclsAvailable 145
TScSFTPServerProperties 145
SupportedAttribExtensionNames
TScSFTPSupportedExtension 150
SupportedAttributeBits
TScSFTPSupportedExtension 150
SupportedAttributes
TScSFTPSupportedExtension 150
SupportedBlockModes
TScSFTPSupportedExtension 151
SupportedExtension 145
TScSFTPServerProperties 145
SupportedExtensionAvailable 145
TScSFTPServerProperties 145
SupportedExtensionNames
TScSFTPSupportedExtension 151
SupportedOpenFlags
TScSFTPSupportedExtension 151
- T -TextHint 138
TScSFTPFileAttributes 138
TextSeek
TScSFTPClient 118
Timeout 103
TScSFTPClient 103
TScSSHClient 171
TScSSHCustomChannel 177
TScSSHServer 186
TScSSLClient 199
TScCertBasicConstraintsExtension 40
CertificateAuthority 41
HasPathLengthConstraint 41
PathLengthConstraint 41
TScCertEnhancedKeyUsageExtension 42
EnhancedKeyUsages 43
TScCertExtension 44
Critical 45
Oid 45
RawData 45
Index 236
SecureBridge Components, Copyright © 2007-2009 Devart
TScCertificate 46
CertificateList 47
CertName 47
Decrypt 51
Encrypt 51
Equals 51
ExportTo 51
Extensions 47
GetFingerprint 52
ImportFrom 52
Issuer 47
IssuerName 48
Key 48
NotAfter 48
NotBefore 48
Ready 49
SerialNumber 49
Sign 52
SignatureAlgorithm 49
Subject 49
SubjectName 49
VerifySign 53
Version 50
TScCertificateList 54
Add 56
CertificateByName 56
Certificates 55
CheckCertificateName 56
Clear 56
Count 55
FindCertificate 57
GetCertificateNames 57
IndexOf 57
Refresh 58
Remove 58
Storage 55
TScCertKeyUsageExtension 59
KeyUsages 60
TScCertSubjectKeyIdExtension 61
SubjectKeyIdentifier 62
TScCheckFileReplyExtension 63
HashAlgorithm 64
Hashes 64
HashesCount 64
TScCryptoAPIStorage 65
CertLocation 66
CertProviderType 66
CertStoreName 67
GetProviderNames 68
ProviderName 67
TScDistinguishedName 69
Count 70
Name 70
Names 70
ValueFromIndex 70
Values 70
TScFilenameTranslationControlExtension 71
TScFileStorage 73
Algorithm 74
Password 74
Path 74
TScIdIOHandler 75
Client 76
TScKey 48, 77
Algorithm 78
BitCount 78
Decrypt 80
Encrypt 80
Equals 80
ExportTo 80
Generate 81
GetFingerprint 82
ImportFrom 82
IsPrivate 78
KeyList 78
KeyName 79
Ready 79
Sign 83
VerifySign 83
TScKeyList 84
Add 86
CheckKeyName 86
Clear 86
Count 85
FindKey 86
GetKeyNames 87
IndexOf 87
KeyByName 86
Keys 85
Refresh 87
Remove 87
Storage 85
TScObjList 88
Clear 90
Count 89
SecureBridge Components237
SecureBridge Components, Copyright © 2007-2009 Devart
TScObjList 88
Flush 90
Refresh 90
Storage 89
TScOid 91
FriendlyName 92
Value 92
TScRandom 93
Random 94
Randomize 94
TScRandom_LFSR 95
TScRegStorage 96
Algorithm 97
KeyPath 97
Password 97
RootKey 97
TScSFTPACE Item 98
AceFlags 99
AceMask 99
AceType 99
Who 99
TScSFTPClient 101
Active 102
Block 105
CheckFile 106
CheckFileByHandle 106
CloseHandle 107
CopyRemoteFile 107
CreateLink 107
Disconnect 108
DownloadFile 108
EOF 102
Initialize 108
MakeDirectory 109
NonBlocking 102
OnConnect 120
OnCreateLocalFile 120
OnData 120
OnDirectoryList 121
OnDisconnect 121
OnE rror 121
OnFileAttributes 122
OnFileName 122
OnOpenFile 123
OnReplyCheckFile 123
OnReplyExtension 123
OnReplySpaceAvailable 124
OnSetRemoteFileAttributes 124
OnSuccess 125
OnVersionSelect 125
OpenDirectory 109
OpenFile 109
QueryAvailableSpace 112
QueryUserHomeDirectory 113
ReadBlockSize 103
ReadDirectory 113
ReadFile 113
ReadSymbolicLink 114
RemoveDirectory 114
RemoveFile 114
RenameFile 115
RequestExtension 115
RetrieveAbsolutePath 116
RetrieveAttributes 116
RetrieveAttributesByHandle 117
ServerProperties 103
ServerVersion 103
SetAttributes 117
SetAttributesByHandle 118
SSHClient 102
TextSeek 118
Timeout 103
UnBlock 118
UploadFile 119
Version 104
WriteBlockSize 104
WriteFile 119
TScSFTPCustomExtension 127
Name 128
TScSFTPExtension 129
Data 130
TScSFTPFileAttributes 131
AccessTime 132
ACEs 132
AclFlags 132
AllocationSize 133
Attrs 133
ChangeAttrTime 134
CreateTime 135
ExtendedAttributes 135
FileType 135
GID 136
Group 136
LinkCount 136
MimeType 136
ModifyTime 137
Index 238
SecureBridge Components, Copyright © 2007-2009 Devart
TScSFTPFileAttributes 131
Owner 137
Permissions 137
Size 138
TextHint 138
UID 138
UntranslatedName 139
ValidAttributes 139
TScSFTPFileInfo 141
Attributes 142
Filename 142
Longname 142
TScSFTPServerProperties 143
FilenameCharset 144
FilenameCharsetAvailable 144
Newline 144
NewlineAvailable 144
SupportedAcls 145
SupportedAclsAvailable 145
SupportedExtension 145
SupportedExtensionAvailable 145
Vendor 146
VendorAvailable 146
Versions 146
VersionsAvailable 146
TScSFTPSupportedAclExtension 147
SupportedAcls 148
TScSFTPSupportedExtension 149
IsSupportedBlockSet 152
IsSupportedOpenBlockSet 152
MaxReadSize 150
RaiseE rror 150
SupportedAccessMask 150
SupportedAttribExtensionNames 150
SupportedAttributeBits 150
SupportedAttributes 150
SupportedBlockModes 151
SupportedExtensionNames 151
SupportedOpenFlags 151
TScSFTPVendorExtension 153
ProductBuildNumber 154
ProductName 154
ProductVersion 154
VendorName 154
TScSFTPVersionsExtension 155
AsString 156
Versions 156
TScSpaceAvailableReplyExtension 157
BytesAvailableToUser 158
BytesOnDevice 158
BytesPerAllocationUnit 158
UnusedBytesAvailableToUser 158
UnusedBytesOnDevice 158
TScSSHChannel 159
Connected 160
DestHost 160
DestPort 160
Direct 160
GatewayPorts 161
InCount 161
NonBlocking 161
OnE rror 165
OnSocketConnect 165
OnSocketDisconnect 165
OutCount 161
ReadBuffer 163
Remote 162
SourcePort 162
SSHStream 162
WriteBuffer 163
TScSSHClient 166
AfterConnect 173
AfterDisconnect 173
Authentication 167
BeforeConnect 173
BeforeDisconnect 173
CiphersClient 167
CiphersServer 167
ClientInfo 168
Connect 172
Connected 168
Disconnect 172
HostKeyAlgorithms 168
HostKeyName 168
HostName 169
KeyStorage 169
OnBanner 174
OnServerKeyValidate 174
Options 169
Password 170
Port 170
PrivateKeyName 171
Timeout 171
User 171
TScSSHCustomChannel 175
Client 176
SecureBridge Components239
SecureBridge Components, Copyright © 2007-2009 Devart
TScSSHCustomChannel 175
Connect 178
Connected 176
Disconnect 178
InCount 176
NonBlocking 176
OnAsyncE rror 180
OnAsyncReceive 180
OnConnect 180
OnDisconnect 180
OutCount 177
ReadBuffer 178
ReadString 178
Timeout 177
WriteBuffer 179
WriteString 163
TScSSHServer 182
Active 183
AfterChannelDisconnect 188
AfterClientConnect 188
AfterClientDisconnect 189
AfterShellDisconnect 188
Authentications 183
BeforeChannelConnect 189
BeforeShellConnect 189
Ciphers 183
HostKeyAlgorithms 183
KeyNameDSA 184
KeyNameRSA 184
OnChannelE rror 190
OnClientE rror 190
OnDataFromClient 190
OnDataToClient 191
OnE rror 191
Options 184
Port 185
SendToClient 187
ServerVersion 186
Storage 186
Timeout 186
TScSSHShell 192
Environment 193
ExecuteCommand 194
ReadString 194
WriteString 194
TScSSLClient 195
AfterConnect 202
AfterDisconnect 202
BeforeConnect 202
BeforeDisconnect 202
CACertName 196
CertName 196
CipherSuites 196
Connect 200
Connected 197
ConnectionInfo 197
Disconnect 200
HostName 197
InCount 197
IsSecure 197
NonBlocking 198
OnAsyncE rror 203
OnAsyncReceive 203
OnServerCertValidate 203
OutCount 198
Port 198
Protocols 198
ReadBuffer 200
Storage 199
Timeout 199
WriteBuffer 201
TScStorage 205
Certificates 206
DeleteStorage 207
Keys 206
OnCheckUserKey 208
OnCheckUserPass 208
ReadOnly 206
Users 206
TScUser 209
Authentications 210
BeginUpdate 212
EndUpdate 212
Key 210
Password 210
UserList 211
UserName 211
TScUserList 213
Add 215
CheckUserName 215
Clear 215
Count 214
FindUser 215
GetUserNames 216
IndexOf 216
Refresh 217
Index 240
SecureBridge Components, Copyright © 2007-2009 Devart
TScUserList 213
Remove 216
Storage 214
UserByName 216
Users 214
- U -UID 138
TScSFTPFileAttributes 138
UnBlock
TScSFTPClient 118
UntranslatedName 139
TScSFTPFileAttributes 139
UnusedBytesAvailableToUser
TScSpaceAvailableReplyExtension 158
UnusedBytesOnDevice
TScSpaceAvailableReplyExtension 158
UploadFile
TScSFTPClient 119
User
TScSSHClient 171
UserByName
TScUserList 216
UserList 211
TScUser 211
UserName 211
TScUser 211
Users
TScStorage 206
TScUserList 214
- V -ValidAttributes 139
TScSFTPFileAttributes 139
Value 92
TScOid 92
ValueFromIndex 70
TScDistinguishedName 70
Values 70
TScDistinguishedName 70
Vendor 146
TScSFTPServerProperties 146
VendorAvailable 146
TScSFTPServerProperties 146
VendorName
TScSFTPVendorExtension 154
VerifySign
TScCertificate 53
TScKey 83
Version 50, 104
TScCertificate 50
TScSFTPClient 104
Versions 146
TScSFTPServerProperties 146
TScSFTPVersionsExtension 156
VersionsAvailable 146
TScSFTPServerProperties 146
- W -Who 99
TScSFTPACE Item 99
WriteBlockSize 104
TScSFTPClient 104
WriteBuffer
TScSSHChannel 163
TScSSHCustomChannel 179
TScSSLClient 201
WriteFile
TScSFTPClient 119
WriteString
TScSSHCustomChannel 163
TScSSHShell 194