EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Using SecureBlackbox with kbmMW

kbmMW uses different transports from different vendors. Currently they are Indy and DXSock. SecureBlackbox supports Indy transport. DXSock support is planned for some later date.

Data exchange via transport components can be affected by various plugins. Plugins are descendants of TkbmMWCustomTransportPlugin class. Depending on the version of Indy components you use, SecureBlackbox offers two different plugins: TElkbmMWIndy9Plugin for Indy 9 support and TElkbmMWIndy8Plugin for Indy 8 support.

The steps to add SecureBlackbox with Indy 9 transport on client side are:

  1. check that you have installed the necessary packages as described in SecureBlackbox ReadMe file. Install the package if necessary;
  2. Put TkbmMWTCPIPIndyClientTransport (let's name it "TCPTransport") to the form;
  3. Put TElkbmMWIndy9Plugin (let's name it "SSLPlugin") to the form;
  4. Put TElIndySSLIOHandlerSocket (lets name it "IOHandler") to the form;
  5. Set TCPTransport.Plugin property to SSLPlugin;
  6. Set SSLPlugin.ClientHandler property to IOHandler;
  7. (optional) Adjust properties of IOHandler;
  8. (optional) Put some certificate storage to the form and set IOHandler.CertStorage property to that certificate storage

The steps to add SecureBlackbox with Indy 9 transport on server side are:
  1. check that you have installed the necessary packages as described in SecureBlackbox ReadMe file. Install the package if necessary;
  2. Put TkbmMWTCPIPIndyServerTransport (let's name it "TCPTransport") to the form;
  3. Put TElkbmMWIndy9Plugin (let's name it "SSLPlugin") to the form;
  4. Put TElIndySSLServerIOHandler (lets name it "IOHandler") to the form;
  5. Set TCPTransport.Plugin property to SSLPlugin;
  6. Set SSLPlugin.ServerHandler property to IOHandler;
  7. (optional) Adjust properties of IOHandler;
  8. (optional) Put some certificate storage to the form and set IOHandler.CertStorage property to that certificate storage. This storage contains server certificates
  9. (optional) Put some certificate storage to the form and set IOHandler.ClientCertStorage property to that certificate storage. This storage contains certificates of the clients if they are requested from clients when connecting.

The steps to add SecureBlackbox with Indy 8 transport on client side are:
  1. check that you have installed the necessary packages as described in SecureBlackbox ReadMe file. Install the package if necessary;
  2. Put TkbmMWTCPIPIndyClientTransport (let's name it "TCPTransport") to the form;
  3. Put TElkbmMWIndy8Plugin (let's name it "SSLPlugin") to the form;
  4. Put TElIndyConnectionSSLIntercept (lets name it "Intercept") to the form;
  5. Set TCPTransport.Plugin property to SSLPlugin;
  6. Set SSLPlugin.ClientIntercept property to IOHandler;
  7. (optional) Adjust properties of Intercept;
  8. (optional) Put some certificate storage to the form and set Intercept.CertStorage property to that certificate storage

The steps to add SecureBlackbox with Indy 8 transport on server side are:
  1. check that you have installed the necessary packages as described in SecureBlackbox ReadMe file. Install the package if necessary;
  2. Put TkbmMWTCPIPIndyServerTransport (let's name it "TCPTransport") to the form;
  3. Put TElkbmMWIndy8Plugin (let's name it "SSLPlugin") to the form;
  4. Put TElIndyServerSSLIntercept (lets name it "Intercept") to the form;
  5. Set TCPTransport.Plugin property to SSLPlugin;
  6. Set SSLPlugin.ServerIntercept property to Intercept;
  7. (optional) Adjust properties of Intercept;
  8. (optional) Put some certificate storage to the form and set Intercept.CertStorage property to that certificate storage. This storage contains server certificates
  9. (optional) Put some certificate storage to the form and set Intercept.ClientCertStorage property to that certificate storage. This storage contains certificates of the clients if they are requested from clients when connecting.

You will find sample projects of using SecureBlackbox with kbmMW in <SecureBlackbox>\Samples\kbmMW folder.

Towards maximum security

In fact, after the above steps your connection is encrypted. It is not easy to see the data anymore. However the task is not complete. It is technically possible for some third-party to access the data. How is this done? Third-party establishes itself as a remote part of the communication and receives the information. Imagine you connect to a server and send a request. However the server you connected to is not the one you thought. In fact this is fraud server. Your reuqest can continue some valuable information and it does not matter if you discover the problem – valuable information has been already passed to a criminal.

To prevent this, proper authentication steps must be taken. Both server and client must be properly identified as authorized to access the data. This is done using X.509 certificates. X.509 certificate can identify the side (server or client) in communications and it can also contain supplementary information that, for example, contains description of the scope of actions, which the client is allowed to do.

For information about certificates see Certificate basics article

Download SecureBlackbox now.

Return to the list

|

Back to top