EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Secure data transfer solutions for software developers

So you have one or more data transfer tasks and security of the information is a required or very important factor. Whether you need to upload or download files securely, send and receive secure e-mail, add security to your custom communication protocol, or even access remote file systems we have solutions for all these tasks. Let us check what we have for you:

Upload and download of files using standard Internet protocols, such as Secure FTP (SFTP, FTPS) or HTTPS

Secure upload and download of files using standard secure Internet protocols such as SFTP, FTPS and HTTPS is the most common data transfer task and should be implemented in minutes. We offer simple yet powerful client-side components that let you transfer files using HTTPS or one of secure file transfer protocols.

SFTP or FTPS. These two protocols are often confused. SFTP stands for SSH File Transfer Protocol and FTPS is FTP over SSL. If you do not know for sure which one to use or just want to know more about the difference between SFTP and FTPS, please read the article in our knowledgebase.

The main advantage of the offered components is that they let you control all aspects of the connection and data transfer procedure. Be it the method of authentication, used cryptographic algorithm or any other security aspect of the connection, you get all what the protocol can offer. We do not sacrifice security in favor of component size on the disk.

HTTPS and FTPS client components work in both secure and regular non-secure modes (HTTP and FTP respectively). SFTP protocol was designed as a secure protocol. It is not usually used in insecure mode.

HTTPS and FTPS client components are part of SSLBlackbox package of SecureBlackbox product. SFTP client component is offered in SFTPBlackbox package.

Secure transfer over unsecured channels

If you must use only unsecured protocol for data transfer, your task is to encrypt the data before transferring them to the remote site. Two encryption mechanisms are currently used in the industry. Both of them are available with SecureBlackbox.

These mechanisms are OpenPGP and PKI (Public Key Infrastructure). Both these schemes are based on industry standards and are free from proprietary restrictions. Data encrypted using one of these schemes can be read and decrypted using variety of software products.

The main difference between these two mechanisms is the way encryption keys are created and managed.

PKI encrypts data using X.509 certificates. You can create such certificates yourself, but proper use of PKI includes third-party organizations that issue certificates for users. OpenPGP lets you use either conventional passphrases or open PGP keys to encrypt data. Users generate OpenPGP keys themselves. OpenPGP is quite good for ad hoc security, when you need to send data to a limited number of people. PKI is used when your application becomes part of larger infrastructure in which people use certificates widely.

You can add PKI encryption, signing and certificate generation features to your application using PKIBlackbox package of SecureBlackbox product. For OpenPGP functions (encryption, signing, compression, key generation and management) you need OpenPGPBlackbox package.

Once you have prepared the data, you need to to transfer them. SecureBlackbox offers you not only secure versions of Internet standards, but also their regular variants. The data is most often sent over FTP on HTTP protocols and SecureBlackbox offers HTTP and FTP client components as part of SSLBlackbox package of SecureBlackbox product.

One more way to send secured files is old good (not very good but suitable:) e-mail. SecureBlackbox lets you send files in e-mail messages over SMTP protocol used for mail delivery everywhere. SMTP client component requires MIMEBlackbox and SSLBlackbox packages of SecureBlackbox. SMTP protocol can work in regular insecure mode as well as over SSL/TLS protocol which offers industry grade security. To prepare outgoing e-mail messages and parse incoming mail SecureBlackbox offers mail processing components in MIMEBlackbox package.

Create secure channel for custom protocols

If you have a client-server application, adding a secure way to communicate between client and server parts is a perfect way to add value to your solution. And again, industry-adopted protocols for secure data transfer are much more reliable and secure than creating your own protocol: they have been reviewed and approved by a number of security experts. Two most common protocols are SSL/TLS and SSH. You will find detailed description of these two protocols here. SSL components are available in SSLBlackbox client-server package, and SSH components are part of SSHBlackbox client-server and SFTPBlackbox client-server packages.

Unlike other components on the market, which assume that you will connect to existing servers and use only the client side of the protocol, SecureBlackbox offers you the components that let you create both sides of secure communications. Right, you are now able to create your own SSH/SFTP server or add server-side SSL/TLS functions to your application. And you can make your application talk to any other server and client software given that this software supports the used protocol.

If your communication is datagram-based (uses UDP instead of TCP), SecureBlackbox offers solution as well. SecureBlackbox is one of the few solutions on the market that lets you use Datagram TLS (DTLS) for securing information channels such as voice communications or media streaming or any other type of channel based on UDP. DTLS is a slight modification of SSL/TLS protocol crafted to be used over unreliable networks. DTLS components are part of SSLBlackbox package of SecureBlackbox.

Protect documents and data when sending them to other parties

Data security operations include two operations. They are technologically similar, but very different in purpose: encryption of data and digital signing of data. Encryption is used to prevent unauthorized individuals or hardware systems from accessing the data. Digital signing of data is used to authenticate and identify the author or sender. While these operations serve different purposes, they almost always come in pair so we will describe them together as "securing data".

The industry has created a number of approaches for securing data of different kind. OpenPGP and PKI technologies are used to secure any type of data. They are described above. PDF security is specific to documents in PDF format. XML Security was designed for use primarily with XML-formatted data but can be used to secure any type of data.

PDF security is based on PKI (certificates) for encryption and signing. You can also encrypt documents using symmetric keys such as passwords and passphrases. XML security can use certificates, OpenPGP keys and symmetric keys for encryption, and certificates or OpenPGP keys for digital signing of data.

You can add PKI encryption, signing and certificate generation features to your application using PKIBlackbox package of SecureBlackbox product. For OpenPGP functions (encryption, signing, compression, key generation and management) you need OpenPGPBlackbox package.

SecureBlackbox supports PDF security operations in in its PDFBlackbox package. You can use any PDF generator tool or component to create and manage your PDF documents and PDFBlackbox will encrypt or sign these documents.

For XML security operations SecureBlackbox offers complete set of components in XMLBlackbox package. These components will let you parse and assemble XML documents, perform transformations, use XPath to choose XML elements, and finally apply security operations, such as encryption, digital signing, decryption and validation of the digital signature. In addition to this, XMLBlackbox includes support for XAdES standard used for digital timestamping and archiving of XML documents.

Protect the files using PGP

PGP-compatible encryption, signing and compression of files using OpenPGP keys is a common task when you need to send data to a limited number of people. OpenPGP standard lets you use either conventional passphrases or open PGP keys to encrypt data. Users usually generate OpenPGP keys themselves and exchange them as needed.

SecureBlackbox offers full scope of OpenPGP operations, such as data encryption, signing, compression, key generation and management, within OpenPGPBlackbox package of SecureBlackbox product.

Send and receive secure e-mail messages

Secure e-mail is often overlooked as a secure date channel, and the reasons are unclear. E-mail is probably the most widespread way of communication between people over Internet, and it is equally well suited for communicating between automated systems.

As with other data security tasks, two technologies are used to sign and encrypt e-mails. They are S/MIME based or PKI and PGP/MIME based on OpenPGP.

S/MIME has bigger popularity as it is natively supported by most e-mail clients including those on mobile and portable devices and in web mail. Also, free e-mail certificates are offered by many Certificate Authorities (CA, companies that issue certificates for wide audience). On the other hand, PGP/MIME does not require sophisticated certificate management and OpenPGP keys can be generated in minutes on any computer.

E-mail operations include: on the sender side -- composing a message, securing it, sending it. On the client side operations include receiving e-mail and parsing (decomposition) of the received email, possibly with decryption and verification of e-mail signatures.

SecureBlackbox offers mail composition and decomposition operations within its MIMEBlackbox package. PGP/MIME support requires both MIMEBlackbox and OpenPGPBlackbox packages of SecureBlackbox.

Besides creation of MIME e-mail, it is necessary to send it. For mail delivery SecureBlackbox offers SMTP client, which can send e-mail using regular SMTP protocol and also via SMTP-over-SSL. SMTP client component requires MIMEBlackbox and SSLBlackbox packages of SecureBlackbox.

Access and manipulate files and directories on remote servers

Remote access to file repositories or just remote file systems remains an important part of many IT related activities. Historically, FTP (File Transfer Protocol) was used to transfer files. Recently SFTP (SSH File Transfer Protocol) gained popularity as the way to not only upload and download files, but perform full scope of file manipulations or the remote system. This includes directory creation and deletion, file renaming, attribute reading and writing and also reading and writing parts of the file data. SecureBlackbox in its SFTPBlackbox package offers the most comprehensive support on the market for the listed operations.

If your file manipulation needs to include execution of custom commands on a server, you will benefit from having access to the remote shell (console) over SSH protocol. SSH components let you quickly execute one or several commands, or start a shell for you for more sophisticated tasks.

SSH is offered in SFTPBlackbox and also in the individual package, SSHBlackbox.



Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!