EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Solutions for software developers

  1. Represent and manage remote data as local files and directories
  2. Securely transfer files and other data
  3. Secure documents for storage and transfer
  4. Document-oriented storage for valuable information
  5. Monitor and control disk and file operations
  6. Build cross-platform communication channel for client-server, peer-to-peer and grid applications

Solutions for software developers

Sometimes documents and files are stored out of the computer file system: in a database, local storage or over network, or can even be generated on-the-fly; and the storage must be represented as a local file system.

Using Callback File System you can represent your remotely stored documents and files as real files on a virtual disk acting as a regular local or network disk.

Until now to create a local virtual disk with your own file system you would have to spend months of work to develop a kernel-mode driver. Callback File System shortens this time to hours.

Our solution is more than a simple data mapper:

  • you have freedom to choose any method to access the remotely stored documents and data
  • you handle and have control over every file and directory operation
  • you decide, what applications or users may or may not read or write, create or delete files and directories
  • the created virtual disk can be hidden from the user or can be exposed to the user via disk drive letter.
  • the virtual disk can even be shared for access from other computers

Read about Callback File System

 

Solutions for software developers

So you have one or more data transfer tasks and security of the information is a required or very important factor. Whether you need to upload or download files securely, send and receive secure e-mail, add security to your custom communication protocol, or even access remote file systems we have solutions for all these tasks. Let us check what we have for you:

Upload and download of files using standard Internet protocols, such as Secure FTP (SFTP, FTPS) or HTTPS

Secure upload and download of files using standard secure Internet protocols such as SFTP, FTPS and HTTPS is the most common data transfer task and should be implemented in minutes. We offer simple yet powerful client-side components that let you transfer files using HTTPS or one of secure file transfer protocols.

SFTP or FTPS. These two protocols are often confused. SFTP stands for SSH File Transfer Protocol and FTPS is FTP over SSL. If you do not know for sure which one to use or just want to know more about the difference between SFTP and FTPS, please read the article in our knowledgebase.

The main advantage of the offered components is that they let you control all aspects of the connection and data transfer procedure. Be it the method of authentication, used cryptographic algorithm or any other security aspect of the connection, you get all what the protocol can offer. We do not sacrifice security in favor of component size on the disk.

HTTPS and FTPS client components work in both secure and regular non-secure modes (HTTP and FTP respectively). SFTP protocol was designed as a secure protocol. It is not usually used in insecure mode.

HTTPS and FTPS client components are part of SSLBlackbox package of SecureBlackbox product. SFTP client component is offered in SFTPBlackbox package.

Secure transfer over unsecured channels

If you must use only unsecured protocol for data transfer, your task is to encrypt the data before transferring them to the remote site. Two encryption mechanisms are currently used in the industry. Both of them are available with SecureBlackbox.

These mechanisms are OpenPGP and PKI (Public Key Infrastructure). Both these schemes are based on industry standards and are free from proprietary restrictions. Data encrypted using one of these schemes can be read and decrypted using variety of software products.

The main difference between these two mechanisms is the way encryption keys are created and managed.

PKI encrypts data using X.509 certificates. You can create such certificates yourself, but proper use of PKI includes third-party organizations that issue certificates for users. OpenPGP lets you use either conventional passphrases or open PGP keys to encrypt data. Users generate OpenPGP keys themselves. OpenPGP is quite good for ad hoc security, when you need to send data to a limited number of people. PKI is used when your application becomes part of larger infrastructure in which people use certificates widely.

You can add PKI encryption, signing and certificate generation features to your application using PKIBlackbox package of SecureBlackbox product. For OpenPGP functions (encryption, sighing, compression, key generation and management) you need OpenPGPBlackbox package.

Once you have prepared the data, you need to to transfer them. SecureBlackbox offers you not only secure versions of Internet standards, but also their regular variants. The data is most often sent over FTP on HTTP protocols and SecureBlackbox offers HTTP and FTP client components as part of SSLBlackbox package of SecureBlackbox product.

One more way to send secured files is old good (not very good but suitable:) e-mail. SecureBlackbox lets you send files in e-mail messages over SMTP protocol used for mail delivery everywhere. SMTP client component requires MIMEBlackbox and SSLBlackbox packages of SecureBlackbox. SMTP protocol can work in regular insecure mode as well as over SSL/TLS protocol which offers industry grade security. To prepare outgoing e-mail messages and parse incoming mail SecureBlackbox offers mail processing components in MIMEBlackbox package.

Create secure channel for custom protocols

If you have a client-server application, adding a secure way to communicate between client and server parts is a perfect way to add value to your solution. And again, industry-adopted protocols for secure data transfer are much more reliable and secure than creating your own protocol: they have been reviewed and approved by a number of security experts. Two most common protocols are SSL/TLS and SSH. You will find detailed description of these two protocols here. SSL components are available in SSLBlackbox client-server package, and SSH components are part of SSHBlackbox client-server and SFTPBlackbox client-server packages.

Unlike other components on the market, which assume that you will connect to existing servers and use only the client side of the protocol, SecureBlackbox offers you the components that let you create both sides of secure communications. Right, you are now able to create your own SSH/SFTP server or add server-side SSL/TLS functions to your application. And you can make your application talk to any other server and client software given that this software supports the used protocol.

If your communication is datagram-based (uses UDP instead of TCP), SecureBlackbox offers solution as well. SecureBlackbox is one of the few solutions on the market that lets you use Datagram TLS (DTLS) for securing information channels such as voice communications or media streaming or any other type of channel based on UDP. DTLS is a slight modification of SSL/TLS protocol crafted to be used over unreliable networks. DTLS components are part of SSLBlackbox package of SecureBlackbox.

Protect documents and data when sending them to other parties

Data security operations include two operations. They are technologically similar, but very different in purpose: encryption of data and digital signing of data. Encryption is used to prevent unauthorized individuals or hardware systems from accessing the data. Digital signing of data is used to authenticate and identify the author or sender. While these operations serve different purposes, they almost always come in pair so we will describe them together as “securing data”.

The industry has created a number of approaches for securing data of different kind. OpenPGP and PKI technologies are used to secure any type of data. They are described above. PDF security is specific to documents in PDF format. XML Security was designed for use primarily with XML-formatted data but can be used to secure any type of data.

PDF security is based on PKI (certificates) for encryption and signing. You can also encrypt documents using symmetric keys such as passwords and passphrases. XML security can use certificates, OpenPGP keys and symmetric keys for encryption, and certificates or OpenPGP keys for digital signing of data.

You can add PKI encryption, signing and certificate generation features to your application using PKIBlackbox package of SecureBlackbox product. For OpenPGP functions (encryption, sighing, compression, key generation and management) you need OpenPGPBlackbox package.

SecureBlackbox supports PDF security operations in in its PDFBlackbox package. You can use any PDF generator tool or component to create and manage your PDF documents and PDFBlackbox will encrypt or sign these documents.

For XML security operations SecureBlackbox offers complete set of components in XMLBlackbox package. These components will let you parse and assemble XML documents, perform transformations, use XPath to choose XML elements, and finally apply security operations, such as encryption, digital signing, decryption and validation of the digital signature. In addition to this, XMLBlackbox includes support for XAdES standard used for digital timestamping and archiving of XML documents.

Protect the files using PGP

PGP-compatible encryption, signing and compression of files using OpenPGP keys is a common task when you need to send data to a limited number of people. OpenPGP standard lets you use either conventional passphrases or open PGP keys to encrypt data. Users usually generate OpenPGP keys themselves and exchange them as needed.

SecureBlackbox offers full scope of OpenPGP operations, such as data encryption, sighing, compression, key generation and management, within OpenPGPBlackbox package of SecureBlackbox product.

Send and receive secure e-mail messages

Secure e-mail is often overlooked as a secure date channel, and the reasons are unclear. E-mail is probably the most widespread way of communication between people over Internet, and it is equally well suited for communicating between automated systems.

As with other data security tasks, two technologies are used to sign and encrypt e-mails. They are S/MIME based or PKI and PGP/MIME based on OpenPGP.

S/MIME has bigger popularity as it is natively supported by most e-mail clients including those on mobile and portable devices and in web mail. Also, free e-mail certificates are offered by many Certificate Authorities (CA, companies that issue certificates for wide audience). On the other hand, PGP/MIME does not require sophisticated certificate management and OpenPGP keys can be generated in minutes on any computer.

E-mail operations include: on the sender side -- composing a message, securing it, sending it. On the client side operations include receiving e-mail and parsing (decomposition) of the received email, possibly with decryption and verification of e-mail signatures.

SecureBlackbox offers mail composition and decomposition operations within its MIMEBlackbox package. PGP/MIME support requires both MIMEBlackbox and OpenPGPBlackbox packages of SecureBlackbox.

Besides creation of MIME e-mail, it is necessary to send it. For mail delivery SecureBlackbox offers SMTP client, which can send e-mail using regular SMTP protocol and also via SMTP-over-SSL. SMTP client component requires MIMEBlackbox and SSLBlackbox packages of SecureBlackbox.

Access and manipulate files and directories on remote servers

Remote access to file repositories or just remote file systems remains an important part of many IT related activities. Historically, FTP (File Transfer Protocol) was used to transfer files. Recently SFTP (SSH File Transfer Protocol) gained popularity as the way to not only upload and download files, but perform full scope of file manipulations or the remote system. This includes directory creation and deletion, file renaming, attribute reading and writing and also reading and writing parts of the file data. SecureBlackbox in its SFTPBlackbox package offers the most comprehensive support on the market for the listed operations.

If your file manipulation needs to include execution of custom commands on a server, you will benefit from having access to the remote shell (console) over SSH protocol. SSH components let you quickly execute one or several commands, or start a shell for you for more sophisticated tasks.

SSH is offered in SFTPBlackbox and also in the individual package, SSHBlackbox.

 

Solutions for software developers

Digital security of data is often needed in several cases:

  1. to prove authorship and integrity of document or data using digital signature in order to conform to governmental, industry or corporate requirements,
  2. to protect a document or data from unauthorized access by encrypting them for data transfer or for further storage

Let us review these tasks in detail:

Proving data authorship and integrity using digital signing and timestamping

Digital signing is used to identify creator or author of a document or data, as well as a person who authorized their distribution. It also protects data against modification during delivery to recipient or readers.

Digital signing requires use of public key technology such as PKI certificates or OpenPGP. Both are supported by SecureBlackbox. If you have binary data or a document in some custom format, PKI or OpenPGP can be used directly. If your document is in PDF or XML format -- IT industry offers specialized standards for signing them. SecureBlackbox has components for signing XML and PDF documents as well. PDF signing is based on digital certificates while XML lets you use certificates or OpenPGP keys.

Signing would not be enough without timestamping the signature. SecureBlackbox is the only digital signature component to include timestamping - a vital part of signing.

Protection of documents or data by encryption

Encryption ensures that data can be encrypted only by those who have the decryption key. This can be either a symmetric key used for encryption, or a private key of a keypair (in public key encryption). SecureBlackbox offers both symmetric encryption and public key encryption, but focuses on public key encryption, which, for certain reasons, became more popular and more widely used industry standard.

As with digital signing, SecureBlackbox offers PKI and OpenPGP encryption of any data, and also supports encryption schemas defined in the standards for PDF and XML documents.

PKI offers public key encryption only, while OpenPGP also supports encryption using symmetric keys (passwords or paraphrases). PDF lets you encrypt a document with certificate or with a password. XML encryption can use certificate, OpenPGP key or symmetric key (password or passphrase).

You can add PKI encryption, signing, timestamping and certificate generation features to your application using PKIBlackbox package of SecureBlackbox for Developers product.

For OpenPGP functions (encryption, sighing, compression, key generation and management) you need OpenPGPBlackbox package.

SecureBlackbox supports PDF security operations in its PDFBlackbox package. You can use any PDF generator tool or component to create and manage your PDF documents and PDFBlackbox will encrypt or sign these documents.

For XML security operations SecureBlackbox offers complete set of components in XMLBlackbox package. These components will let you parse and assemble XML documents, perform transformations, use XPath to choose XML elements, and finally apply security operations, such as encryption, digital signing, decryption and validation of the digital signature. In addition to this, XMLBlackbox supports XAdES standard for digital timestamping and archiving of XML documents.

 

Solutions for software developers

When your application needs to securely store documents or data files so that they can not be easily read, modified or deleted without your permission, there are many reasons to keep those files in one place and secure this place. EldoS Corporation offers several components that let you accomplish this task. This guide will help you choose the right component.

Storage for your application

If you need a container for your documents and data, which will be accessed only by your application running on Windows, Linux, Windows Mobile, Android, MacOS X or iOS system, take Solid File System Application Edition (SolFS). With SolFS you get high-performance file and document storage with built-in compression and encryption support. You will also be able to plug in your own encryption and compression mechanisms or extend the existing ones. You can place the container to a hard drive, flash card or other real media device. SolFS storage can also be located inside files on disks, in database records, application resources, raw memory, Internet servers or inside any other logical objects.

With SolFS you can associate tags (so-called metadata) with each file or directory in your storage and perform SQL-like search within those tags in order to locate and retrieve the data faster.

SolFS storages, created on one platform (for example, Windows), can be accessed on other platforms (for example, MacOS X or Windows Mobile) without limitations.

Read about Solid File System Application Edition

System-wide storage for Windows

In some scenarios you need to keep documents and files out of the computer file system, yet make those documents and files available to other applications, such as text processors, presentation managers or the OS itself. On Windows this task is solved by creation of a virtual disk, which exposes content of some container as if it were real hard disk or memory card. SolFS OS Edition combines functionality of SolFS storage system and possibility to make the container accessible for other applications via the virtual disk. The container becomes visible as a regular disk drive letter, and you can control what applications may get access to the storage. SolFS Driver Edition includes all SolFS features, such as encryption, compression and tags (metadata).

If you do not need a custom file system inside your container, CallbackDisk will let you create a container and format it to FAT or NTFS file system. This is a quick way to create a system-accessible container and store it where you like.

Read about Solid File System OS Edition | Read about CallbackDisk

Storage for your custom hardware platform

SolFS can be used not just on regular platforms like Windows or MacOS X, but also on many custom hardware platforms where the OS is hard-written to the chip. SolFS with its built-in encryption and compression (which can be applied to a file or a whole container) is great for various data-recording devices, consumer electronics (cameras, digital photo frames etc.) and even mobile devices (handheld PCs and smartphones). Embedded edition of SolFS includes complete source code of the storage engine and assistance with porting SolFS to your platform.

Read about Solid File System Embedded Edition

Virtual disk based on disk image

It is sometimes necessary to create a virtual disk in order to expose contents of some disk image (ISO files for CD-ROM images are the most common example). This is the kind of task which can be easily accomplished with the help of CallbackDisk that lets you expose content of image files for both reading and writing.

Read about CallbackDisk

 

Solutions for software developers

For disk and file-related operations EldoS corporation offers you several software components, which let you

  • Provide limited controlled access to files and data represented as files
  • Monitor and control disk and file operations in Windows
  • Get access to raw disk data and inaccessible files
Let us review what solutions better correspond to your tasks:

Provide limited controlled access to files and data

There are two ways to control what applications are permitted to access your data:

  1. you can store data in custom place where files are not part of a file system;
  2. by providing some access filtering mechanism that adds control access to existing file systems.
Our products give you both options.

When you store your files outside a regular file system, you have complete control who and how may access these files.

However, you need a way to make files accessible to the operating system and to applications capable of working only with files of a conventional file system. Callback File System and Solid File System Driver Edition will make your files and data stored anywhere accessible to OS or a third-party application.

With Callback File System you can store files anywhere you like: in a database, over network or even create files on-the-fly. Callback File System will represent them as real files and directories on a virtual disk acting as a regular local or network disk. You handle and have control over every single file and directory operation. You specify applications or users that may or may not read or write, create or delete files.

Solid File System OS Edition (SolFS) offers you a ready to use container for your files and exposes this container to an OS as a local or network disk. Files in the container can be automatically encrypted or compressed by SolFS. With SolFS you specify what applications have access to files in storage. To get more fine-tuned control over individual file access operations, such as reading or writing, consider using CallbackFilter, described below, in combination with SolFS.

Read about Callback File System | Read about Solid File System OS Edition

Provide limited controlled access to files and data

If you need controlled access to files on your existing disks and file systems, our CallbackFilter product will notify your application about an attempt of selected or of any application to access a file or directory of your choice. Your application will have possibility to block such operations completely or substitute data of the access operation with its own.

Read about CallbackFilter

Monitor and control disk and file operations

Getting access to raw disk data or files is an operation opposite to access control. Access to data may be restricted by an OS or an application. RawDisk gets around access limitations and gives you direct access to protected disk and file data.

Read about RawDisk

 

Solutions for software developers

Are you choosing a way to transfer information between parts of your client-server, peer-to-peer or grid application? Most transports are just a channel for generic date stream and you need to care about splitting this stream to messages, about encrypting and compressing messages and about proper handling them in your application. The task becomes especially challenging when your application needs to run on multiple platforms such as Windows, Linux, MacOS X or smartphones.

With MsgConnect you get a cross-platform message-oriented communication mechanism, equally suited for sending small messages between service and GUI programs on Windows and large data blocks between java servers and small devices like smartphones. MsgConnect includes built-in encryption and compression mechanisms which can be easily extended with your own implementations.

Read about MsgConnect

 

|

Back to top