EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Wish List (complete)

View the complete list of ideas and suggestions. To vote for ideas or submit your own idea, please visit Wish List page.


0
votes

Dropbox for business
Currently, dropbox only works for "simple" accounts. Please implement support for "Business accounts" as well. Thanks!
2
votes

Blob Storages for WinAzure
Please implement support for this.
0
votes
SCEP client / server implementation
SCEP client / server implementation
2
votes
Implement DNS client over TLS
New RFC 7858 ( https://www.rfc-editor.org/info/rfc7858 ) defines the mechanism to send DNS requests over TLS.
1
votes
Add support for RSA-OAEP encryption scheme using non exportable certificates.
The problem is that the data is encrypted using RSA-OAEP encryption scheme, but the OAEP padding for non-exportable certificates is not supported at the moment. So the component tries to emulate OAEP padding and extract private key, and it fails. Note: only the latest Windows do support OAEP padding by Cryptographic Service Providers.
1
votes
Add compression to the S/MIME class as per RFC 5751
S/MIME is currently defined by RFC 5751 (S/MIME v3.2). The primary difference is a new CompressedData content type. The sender can compress the message and attachments at message compose time, then encrypt the result. Once encrypted, it is essentially impossible to compress a message, as compression depends on patterns which are destroyed by encryption. Upon receipt, the message is decrypted and then the compressed message expanded.

The intent is to reduce the size of mail messages, and hence the time required for transmission.
1
votes
S3 bucket logging options property access
Add a Set/Get to TElAWSS3DataStorageBucket to manipulate a bucket's logging options where you can log access to a bucket into a target bucket/prefix. /?logging=....
2
votes
RSA-PSS signature using certificates with not-exportable private key
Please support XML signing with RSA-PSS using
certificates with non-exportable private key
as soon as possible.
4
votes
Support for Ed25519 as a public key type
Ed25519 is supported by OpenSSH

thanks
3
votes
Add text or graphics to PDF
Make a method to add text or graphics to existing PDFs (signed or unsigned).
0
votes
Support TPM Key Attestation during certificate generation
Key Attestation is a Trusted Platform Module feature that enables the TPM to confirm that the private key is stored within it and is not usable outside the TPM. This is used to ensure that there is only one PC that holds a private key (ensures a unique identity).

It would be great if SecureBlackbox supported certificate request generation that generated the key using the TPM and invoked the Key Attestation feature to attest this in the certificate signing request.

Here is a potentially useful link showcasing some other TPM features that developers are interested in using but that existing security software implementations fail to provide: https://stackoverflow.com/questions/28862767/how-to-encrypt-bytes-using-the-tpm

Maybe good opportunity for SecureBlackbox to provide some exclusive features here.
0
votes
Portable Symmetric Key Container (PSKC)
Support for RFC6030
3
votes
Support for loading/saving ECDSA private keys from/to PuTTy PPK files
The latest development build of PuTTy includes support for ECDSA keys.

It would be great to see SecureBlackBox support them as well.
1
votes
Sync CloudStorage
I am currently writing generic code that sync between different file storage systems. The storage systems are implemented as interfaces so that I can sync between any 2 storage systems. For example to sync between Dropbox and local file system or sync between 2 FTP sites.

Now to Eldos Cloud Storage. You have already created an abstract base to generalize between storage systems. I think it would be a nice addition to provide a sync function in the same way I described above.

In a broader view however, your cloud storage does not implement everything. I think a good approach would be to use a simple interface for syncing rather than inheritance. This would make it easier to add other user defined storage.
2
votes
Add FTP and SFTP to CloudBlackBox
Add FTP and SFTP to CloudBlackBox in order to have a unified method of access for all file systems.

The use case is in b2b file transmissions. Many businesses are small companies that build data files in excel manually. Many desire drop box over FTP. By including FTP in CloudBlackBox, it will allow rewriting server code so that it supports current FTP users as well as utilizing cloud storage.
0
votes
Implement EPP (Extensible Provisioning Protocol) client
Implement EPP (Extensible Provisioning Protocol) client as defined in RFC 5730 ( https://tools.ietf.org/html/rfc5730 ).
0
votes
Implement EPP (Extensible Provisioning Protocol) server
Implement EPP (Extensible Provisioning Protocol) server as defined in RFC 5730 ( https://tools.ietf.org/html/rfc5730 ).
0
votes
Implement KMIP (Key Management Interoperability Protocol) server components
See https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol for details
0
votes
Implement KMIP (Key Management Interoperability Protocol) client components
See https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol for details
14
votes

Support X.509 certificates in SSH
http://tools.ietf.org/html/rfc6187 defines the ways to directly and natively support X.509 as an authentication mechanism in SSH.
2
votes
Implement block mode for objects in Azure
Currently objects are written to Azure in page mode, which gives slightly larger size and format incompatible with other software. Block mode would let other software use the original data, written with CloudBlackbox.
10
votes
Support for Amazon Cloud Drive
Amazon Cloud Drive is a cloud storage solution from Amazon targeted after end users.

The service has existed for a long time but the API was only opened recently. It is interesting because of its good pricing.

https://developer.amazon.com/public/apis/experience/cloud-drive/
9
votes
IPv6 support in OS X/Linux
SecureBlackBox's IPv6 support is currently Windows only and the relevant functions aren't implemented on OS X/Linux in native code (Mono on Linux and OS X works fine).
8
votes
Try to connect to all resolved IP addresses
If the host name resolves to several IP addresses, and the first address doesn't respond, connection attempts must be done to all addresses in a loop until one of them responds.
1
votes
Object expiration of S3 bucket via LifeCycle property access
Add a Set/Get to TElAWSS3DataStorageBucket to manipulate a bucket's lifecycle configuration properties. In particular, I'm after the ability to set the # of days that the objects auto-delete in order to provide automatic maintenance of particular bucket objects. (Like log files.)


http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html
4
votes
Implement multi-volume support in ZIP components
ZIP archives can be split to multiple volumes. Add support for multivolume archives to ZIP components.
15
votes
Support HTTP/2 specification
HTTP/2 is a new protocol with built-in fallback to HTTP 1.1, that aims to give speed increase for browsers, that usually request several files from one server. HTTP/2 is not needed by regular applications as HTTP/2.0 servers must support HTTP 1.1 request
5
votes
Implement UAF and U2F clients
Implement UAF and U2F client components (https://fidoalliance.org/specifications/download).

UAF and U2F are protocols for multifactor authentication offered by FIDO Alliance.
3
votes
Implement UAF and U2F servers
Implement UAF and U2F server components (https://fidoalliance.org/specifications/download)

UAF and U2F are protocols for multifactor authentication offered by FIDO Alliance.
5
votes
Implement some AEAD mode (EAX for instance) in encryption
When dealing with low-level crypto, picking an appropriate encryption mode of operation for the task becomes important. SBB currently implement several mode: ECB (which is a real risk), CBC, CTR, CFB8, GCM and CCM.

Unfortunately, none of these mode is an authenticated encryption with associated data (AEAD) mode of operation which leaves application responsible for authenticating data by a separate channel (typically, by supplying an IV manually and then storing the result of a HMAC directly in the message) which results in more code, less compatibility and more complexity (and could lead to bigger messages as well).

Implementing at least one of the modern block cipher mode would remove the necessity to implement that code.

My preferred mode for this would be EAX since it has many desirable properties and isn't linked to any patent but other modes could be considered as well in order to improve compatibility (see http://csrc.nist.gov/groups/ST/toolkit/BCM/modes_development.html#01 for a list and detail of currently considered AEAD modes).
0
votes
Use SecureBlackbox in Unity
Unity3d lets you add custom extensions using .NET assemblies. It would be nice to have SecureBlackbox as a package installable to Unity.
9
votes
implement kerberos authentication in SSH server side
it would be great if you can implement gss-api on SSH server side library component similar to your ssh client modules. this will help us build our applications listening to standard ssh clients.
6
votes
Implement SMB client
It would be nice to have an SMB client that can access files shared over a Windows Network.
2
votes
Implement NetConf client components
As per RFC 6241 ( http://tools.ietf.org/html/rfc6241 )
2
votes
Implement NetConf server components
As per RFC 6241 ( http://tools.ietf.org/html/rfc6241 )
3
votes
SMTP Server Component
It would be good to have an SMTP server with Eldos quality to complement the existing SMTP Client.
1
votes
.NET Micro Framework support in .NET edition
.NET Micro Framework is offered by Microsoft for constrained devices.
4
votes
Partial object upload (Cloud)
Implement partial object uploads in cloud object storage objects (Azure, S3).
The Azure API, for example, allows for upload of 512-byte aligned blocks (pages), if only 1KB of a 100 MB file stored in the cloud is changed, it would be helpful to be able to upload just that 1KB instead of having to reupload the entire file.
7
votes

Add support for creating TElXMLDOMDocument from aTextReader and/or XmlReader in SBB.NET
I would like to be able to read an XML document from a TextReader or an XmlReader, as it can in the .NET classes, since these already have information about text encoding taken care of.
6
votes
Support asynchronous methods in communication API.
There should be asynchronous versions of communication methods such as connect/send/receive, so that we don't have to spawn a new thread just to wait for the reply from the server when this can be done more efficiently via overlapped IO etc. Preferrably with cancellationsupport the same way that the various .NET 4.5 Async methods work, e.g. System.Net.Sockets.Socket.ReceiveAsync.
1
votes
Implement Powershell snap-ins based on SecureBlackbox
Implement modules with simplified API for use with Powershell.
5
votes

SugarSync storage support in CloudBlackbox
SugarSync provides its own cloud and API to access files. CloudBlackbox can make use of that API.
10
votes

Google cloud storage
Add support for Google cloud storage in CloudBlackbox. Google Cloud Storage is different from Google Drive and Google Docs: https://developers.google.com/storage/docs/concepts-techniques
7
votes
Amazon Glacier
Add Amazon Glacier support in CloudBlackbox
8
votes
Support OpenStack storage in CloudBlackbox
Add support for OpenStack storage and KeyStone authentication (http://www.openstack.org/software/openstack-storage/)
5
votes
Implement Server-based Certificate Validation Protocol (SCVP)
The protocol lets resource-constrained devices build certification path on the server rather than locally.

See http://en.wikipedia.org/wiki/SCVP for details.
8
votes
Support Azure Tables and Queues
Azure implementation currently only supports Containers and Blobs. Full Azure storage support should include Tables and Queues.
24
votes

Add CalDAV/CardDAV support
Add CalDAV and CardDAV support to WebDAVBlackbox package.
4
votes
decoding of CA certificates bundle file on linux
it could be useful to have a function to load all the CA certificates on linux from the CA certificates bundle file provided by Mozilla.
2
votes
Implement encoding Iso9796 scheme 1 and Iso9796 scheme 2
Implement encoding Iso9796 scheme 1 and Iso9796 scheme 2 in PKI module
9
votes
Shamir's Secret Sharing
Shamir's Secret Sharing is an algorithm in cryptography. It is a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part, where some of the parts or all of them are needed in order to reconstruct the secret.


http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing
7
votes
Support Card Verifiable Certificates
Card Verifiable Certificates (CVC) are digital certificates that are designed to be processed by devices with limited computing power such as smart cards. This is achieved by using simple TLV ( Tag Length Value) encoding with fixed fields. Fixed fields means that each field in the certificate is of fixed, or maximum, length and each field comes in a well defined order. This makes parsing easy, in contrast to asn.1 parsing which requires more processing and has to keep fields in memory while parsing nested content.

CVC is used by the third generation ePassports implementing Extended Access Control (EAC).

(from Wikipedia: http://en.wikipedia.org/wiki/Card_Verifiable_Certificate)
8
votes
(Java) Make SSL available via Secure Socket Extension
It would be nice to have SecureBlackbox register its SSL/TLS classes via Secure Socket Extension (JSSE) so that it is available to NIO classes and other classes which work with standard sockets only.
19
votes
Support for SASL/GSS-SPNEGO (NTLM / Kerberos) in TElLDAPSClient
Please add support for SASL/SPNEGO (NTLM & Kerberos) for authentication in TElLDAPSClient. These are widely used in MS Active Directory environments.
15
votes

Implement digital signing of PNG images
There exists specification for embedding a digital signature into the PNG image file.

Specification for such signing extension is available on ftp://ftp.simplesystems.org/pub/png/documents/signatures/index.html
10
votes
XML should support IDOMImplementation interface
Delphi XML Data Bindings use a flexible interface-based implementation for its generated units.

To make the generated units use the Eldos components for XML manipulation, the object need to support the IDOMImplementation interface to use with the RegisterDOMVendor procedure.

http://docwiki.embarcadero.com/Libraries/en/Xml.Xmldom.RegisterDOMVendor
18
votes

OfficeBlackbox - Password To Modify
MS Office offer the ability to make office files read-only unless the password to modify is entered (instead of a password to open).

This would remove the need for office automation for many developers and would be easy for your engineers to accomplish (since passwords, encryption, and binary doc editing are already handled).
19
votes
Support for iCloud in CloudBlackBox
20
votes
RTSP (Real-Time Streaming Protocol) client
RTSP client components
21
votes
RTSP (Real-Time Streaming Protocol) server
RTSP server component
17
votes
Add FXP (server-to-server transfer) support to FTPS
Add FXP support to FTPS client component.
6
votes
uPnp + DRM
A uPnp + DRM video protocol management component will be great ;)
11
votes

Extend Webdav to Support DeltaV
Implements DeltaV protocol to support Versioning on files when using Webdav
4
votes
SecureBlackbox binding for Ruby
Make it possible to call SecureBlackbox library from Ruby (on Linux, MacOS X, Windows).
6
votes
SecureBlackbox binding for Python
Make it possible to call SecureBlackbox library from Python (on Linux, MacOS X, Windows).
17
votes

SecureBlackbox for JavaScript (V8 and node.js?)
Due to limited nature of JavaScript it's not clear, what functions can be implemented this way. Please leave your comments in the forum if you like the idea and want to see some particular functionality available via JavaScript.

V8 script engine and Node.JS are more powerful and potentially can be used for security operations so use of SecureBlackbox in that environments probably makes more sense.
7
votes
PGP-based encryption for CloudBlackbox
Currently CloudBlackbox offers symmetric and certificate-based encryption of data, stored in the cloud storages. PGP-based encryption is suggested for addition.
22
votes
TSL Verification
Specification is available on http://www.etsi.org/deliver/etsi_ts/102200_102299/102231/03.01.02_60/ts_102231v030102p.pdf and
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:299:0018:0054:EN:PDF
10
votes

Request Body Compression For POST/PUT
Compression of responses is great, but in our environment we often need to POST or PUT large amounts of data to the server. Currently we're looking into compressing this data ourselves, because although it's unorthodox, we're only talking to our own server and we know we can handle it. It would be nice if SecureBlackBox could do this for us.
8
votes

Implementation of DSS Core 1.0 and DSS Timestamp profile
The market seems to be going for DSS Timestamp Profile TSA's (timestamp sent in XAdES form).

Idea: implement support for this new TSA's in CAdES, XAdES, PAdES (where possible)

Specification at:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss
20
votes

Add CAB compression and CAB signing support
CAB compression and CAB Authenticode signing
23
votes
The PKCS#15 interface
The PKCS#11 interface for the Smart Card contains enough functions if a smart card is used on one PC. Usually there are some problems with smart cards which are not used on one PC, because the user is not able to install the PKCS#11 drivers on another PC where the PC is in the user mode and the administrator mode is not permitted for basic PC users like officers or Internet cafe visitors.
The profile of PKCS#15 which is defined in EU Norm EN 14890 (CWA 14890) Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services is a perfect way in which the application is able to communicate uniquely with any smart card which has implemented APDU according to this PKCS#15 profile. It will be used in national eID cards and eHealth cards or corporate multipurpose cards.
http://www.cen.eu/cen/Sectors/Sectors/ISSS/CEN%20Workshop%20Agreements/Pages/Electronic%20Signatures.aspx
The PKCS#15 can also contains a secure store of trusted Root certificates what can be used in applications for simplification of PKI for basic users, because in verification process the holder of a smartcard is usually non IT expert and the application can decide automatically which root is trusted for the holder of a card without any problems.
Presently the users of systems where the secure store of root certificates in PKCS#15 is not implemented are puzzled with very strange question like: is this ... (root certificate) trusted?
15
votes
Implementation of PKCS #15 soft token
PKCS #15 'soft token' is not a part of ISO/IEC 7816-15 related to Smart Card.
9
votes
Implement sample to sign Mozilla plugins
Implement sample to be able to sign Mozilla plugins 'in one click', without need to install and compile all NSS libraries.
17
votes

XMPP (+ Jabber, GTalk etc.) client and server
Create client and server components for XMPP protocol, and also components (client-only, maybe?) for Jabber / GTalk .
8
votes
Support for OFTP2 protocol
Odette File Transfer Protocol Version 2.
8
votes
Implement EBICS client component
EBICS is a protocol for business communication, which includes security of the data and communication channel encryption
12
votes
RSync Client Component
like SFTPClient, but for RSync with block level copying
9
votes
Be able to use SecureBlackbox in SQL Server CLR
Currently SecureBlackbox assemblies can't be loaded to SQL Server CLR due to global static variables.
20
votes

Fill PDF forms
Let the user fill forms in PDF files using TElPDFDocument
|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!