EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Requirements for validating a server's public key - OnKeyValidate

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#29274
Posted: 04/15/2014 17:04:39
by Dennis Spading (Basic support level)
Joined: 04/11/2014
Posts: 5

Hi,

I'm working on POC and so far have been able to successfully upload a file to an SFTP server. I understand that I need to validate a servers public key by capturing the TElSimpleSFTPClient.OnKeyValidate event.

I've read that link: https://www.eldos.com/documentation/sbb/documentation/ref_howto_ssh_common_validatekey.html

I also understand that I need to somehow manage a set of server keys locally and that I would do a lookup on the server keys database based upon server key which is contained in an TElSSSHKey instance within OnKeyValidate.

What is not clear to me is whether SecureBlackbox provides classes/methods for managing server public keys or if this is something I need to code, or use a 3rd party tool. If I need to code, what properties would you suggest are captured for validating against the values captured in OnKeyValidate.

So I guess my questions are:
1) SecureBlackbox provides classes/methods for managing server public keys?
2) If not, any third party solutions you can recommend?
3) If neither of the above what properties would you suggest are captured in a server key database for validating against the values captured in OnKeyValidate?
4) Any links to examples would be great!

I've read many posts and searched around for solutions - this is new to me so I'm trying to understand as best I can.

Thank you!

Dennis
#29278
Posted: 04/16/2014 01:49:40
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Quote
1) SecureBlackbox provides classes/methods for managing server public keys?

You can use our TElSSHMemoryKeyStorage class to store/load keys.

Quote
3) If neither of the above what properties would you suggest are captured in a server key database for validating against the values captured in OnKeyValidate?

Usually server address and public key are stored in local database.

Quote
4) Any links to examples would be great!

We don't have samples for keys storage, but everything is trivial. You should use TElSSHMemoryKeyStorage.SavePublic to save a set of keys and TElSSHMemoryKeyStorage .LoadPublic to read them.
#29279
Posted: 04/16/2014 01:51:39
by Eugene Mayevski (EldoS Corp.)

SSH keys are not handy because they, unlike X.509 certificates, don't contain extra information besides cryptographic key data. Thus you can't distinguish them unless you *know* which key comes from where.

When you validate the SSH key, you simply compare it with known/expected keys either by comparing hashes or complete keys.

So what you need to do is keep a list of keys with associated server name/address for each key.

When you serialize the individual key, both OpenSSH and Putty formats let you specify the comment where you can put the server name and address.

So the keys together can be simply put to the StringList and saved to the file.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 1088 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!