Discuss this help topic in SecureBlackbox Forum

Use OpenPGP keys for authentication

SSL-enabled classes in SecureBlackbox support authentication using OpenPGP as defined by RFC 5081.

To use OpenPGP authentication on the client side you need to use TElSSLClientPGPCertificateTypeHandler class. Set it's SSLClass property to the SSL client class that you want to secure. Next specify the OpenPGP keyring using Keyring and set the index of the key that you want to use for authentication using KeyIndex properties.

To validate the OpenPGP key sent by the server you need to handle OnKeyValidate event.

In some cases (this is configurable on the server side) the server can send not the OpenPGP key itself, but just it's key fingerprint. If this happens, the TElSSLClientPGPCertificateTypeHandler class needs to get the complete key in order to perform cryptographic operations. You need to provide a key by handling OnKeyFind event.

To use OpenPGP authentication on the server side you need to use TElSSLServerPGPCertificateTypeHandler class. Set it's SSLClass property to the SSL server class that you want to secure (currently this is TElSSLServer or TElDTLSServer). Next specify the OpenPGP keyring using Keyring and set the index of the key that you want to use for authentication using KeyIndex properties.

To validate the OpenPGP key sent by the client you need to handle OnKeyValidate event.

Remember, that OpenPGP authentication is a very recent addition to TLS, and it's not supported by most third-party TLS clients and servers.

How To articles about common SSL/TLS questions

Discuss this help topic in SecureBlackbox Forum