Secure Bridge

SecureBridge Components
Devart
Table of Contents
Overview ..................................................................................................................................................1 Getting Started ..................................................................................................................................................3 Features ..................................................................................................................................................7 What's New ..................................................................................................................................................9 Demo Projects ..................................................................................................................................................10 Component List ..................................................................................................................................................12 Hierarchy chart ..................................................................................................................................................14 Requirements ..................................................................................................................................................16 Installation ..................................................................................................................................................17 Deployment ..................................................................................................................................................19 Compatibility ..................................................................................................................................................20 Licensing and Subscriptions ..................................................................................................................................................21 Getting Support ..................................................................................................................................................23 Using SecureBridge ..................................................................................................................................................24
Secure connections .................................................................................................................................... destination 24 SSH specific .................................................................................................................................... 26 26 28 30 31
SSH-tunnel ................................................................................................................................................. principles Attack ................................................................................................................................................. types and countermeasures Keys ................................................................................................................................................. transferring Step-by-step ................................................................................................................................................. tutorial
Conf .......................................................................................................................................................................................... iguring and starting the SSH server 31 SSH .......................................................................................................................................................................................... client setup 31 MySQL .......................................................................................................................................................................................... Data Access Components integration 33
SSL specific
.................................................................................................................................... 34
SSL................................................................................................................................................. principles 34 Step-by-step ................................................................................................................................................. tutorial 35

SSL .......................................................................................................................................................................................... client setup 35 MySQL .......................................................................................................................................................................................... Data Access Components integration 35
SecureBridge Alphabetical Object and Component Listing ..................................................................................................................................................37

EScError .................................................................................................................................... 37 Description ................................................................................................................................................. 37 EScSFTPError .................................................................................................................................... 38 Description ................................................................................................................................................. 38
SecureBridge Components, Copyright 2007-2009 Devart
Contents
II
Properties ................................................................................................................................................. 39
ErrorCode .......................................................................................................................................................................................... 39
TScCertBasicConstraintsExtension .................................................................................................................................... 40 Description ................................................................................................................................................. 40 Properties ................................................................................................................................................. 41

Certif .......................................................................................................................................................................................... icateAuthority 41 HasPathLengthConstraint .......................................................................................................................................................................................... 41 PathLengthConstraint .......................................................................................................................................................................................... 41
TScCertEnhancedKeyUsageExtension .................................................................................................................................... 42 Description ................................................................................................................................................. 42 Properties ................................................................................................................................................. 43

EnhancedKeyUsages .......................................................................................................................................................................................... 43
TScCertExtension .................................................................................................................................... 44 Description ................................................................................................................................................. 44 Properties ................................................................................................................................................. 45

Critical .......................................................................................................................................................................................... 45 Oid .......................................................................................................................................................................................... 45 RawData .......................................................................................................................................................................................... 45
TScCertificate .................................................................................................................................... 46 Description ................................................................................................................................................. 46 Properties ................................................................................................................................................. 47

Certif .......................................................................................................................................................................................... icateList 47 CertName .......................................................................................................................................................................................... 47 Extensions .......................................................................................................................................................................................... 47 Issuer .......................................................................................................................................................................................... 47 IssuerName .......................................................................................................................................................................................... 48 Key .......................................................................................................................................................................................... 48 NotAf .......................................................................................................................................................................................... ter 48 NotBef .......................................................................................................................................................................................... ore 48 Ready .......................................................................................................................................................................................... 49 SerialNumber .......................................................................................................................................................................................... 49 SignatureAlgorithm .......................................................................................................................................................................................... 49 Subject .......................................................................................................................................................................................... 49 SubjectName .......................................................................................................................................................................................... 49 Version .......................................................................................................................................................................................... 50
M ethods ................................................................................................................................................. 51
Decrypt .......................................................................................................................................................................................... 51 Encrypt .......................................................................................................................................................................................... 51 Equals .......................................................................................................................................................................................... 51 ExportTo .......................................................................................................................................................................................... 51 GetFingerprint .......................................................................................................................................................................................... 52 ImportFrom .......................................................................................................................................................................................... 52 Sign .......................................................................................................................................................................................... 52 Verif .......................................................................................................................................................................................... ySign 53
TScCertificateList .................................................................................................................................... 54 Description ................................................................................................................................................. 54 Properties ................................................................................................................................................. 55

Count .......................................................................................................................................................................................... 55 Certif .......................................................................................................................................................................................... icates 55 Storage .......................................................................................................................................................................................... 55
M ethods ................................................................................................................................................. 56
Add .......................................................................................................................................................................................... 56 SecureBridge Components, Copyright 2007-2009 Devart
II
III
Certif .......................................................................................................................................................................................... icateByName 56 CheckCertif .......................................................................................................................................................................................... icateName 56 Clear .......................................................................................................................................................................................... 56 FindCertif .......................................................................................................................................................................................... icate 57 GetCertif .......................................................................................................................................................................................... icateNames 57 IndexOf .......................................................................................................................................................................................... 57 Ref .......................................................................................................................................................................................... resh 58 Remove .......................................................................................................................................................................................... 58
TScCertKeyUsageExtension .................................................................................................................................... 59 Description ................................................................................................................................................. 59 Properties ................................................................................................................................................. 60

KeyUsages .......................................................................................................................................................................................... 60
TScCertSubjectKeyIdExtension .................................................................................................................................... 61 Description ................................................................................................................................................. 61 Properties ................................................................................................................................................. 62

SubjectKeyIdentif .......................................................................................................................................................................................... ier 62
TScCheckFileReplyExtension .................................................................................................................................... 63 Description ................................................................................................................................................. 63 Properties ................................................................................................................................................. 64

HashAlgorithm .......................................................................................................................................................................................... 64 Hashes .......................................................................................................................................................................................... 64 HashesCount .......................................................................................................................................................................................... 64
TScCryptoAPIStorage .................................................................................................................................... 65 Description ................................................................................................................................................. 65 Properties ................................................................................................................................................. 66

CertLocation .......................................................................................................................................................................................... 66 CertProviderType .......................................................................................................................................................................................... 66 CertStoreName .......................................................................................................................................................................................... 67 ProviderName .......................................................................................................................................................................................... 67
M ethods ................................................................................................................................................. 68
GetProviderNames .......................................................................................................................................................................................... 68
TScDistinguishedName .................................................................................................................................... 69 Description ................................................................................................................................................. 69 Properties ................................................................................................................................................. 70

Count .......................................................................................................................................................................................... 70 Name .......................................................................................................................................................................................... 70 Names .......................................................................................................................................................................................... 70 Values .......................................................................................................................................................................................... 70 ValueFromIndex .......................................................................................................................................................................................... 70
TScFilenameTranslationControlExtension .................................................................................................................................... 71 Description ................................................................................................................................................. 71 Properties ................................................................................................................................................. 72

DoTranslate .......................................................................................................................................................................................... 72
TScFileStorage .................................................................................................................................... 73 Description ................................................................................................................................................. 73 Properties ................................................................................................................................................. 74

Algorithm .......................................................................................................................................................................................... 74 Password .......................................................................................................................................................................................... 74 P .......................................................................................................................................................................................... ath 74
TScIdIOHandler.................................................................................................................................... 75 Description ................................................................................................................................................. 75

Contents
IV
Properties ................................................................................................................................................. 76
Client .......................................................................................................................................................................................... 76
TScKey
.................................................................................................................................... 77
Description ................................................................................................................................................. 77 Properties ................................................................................................................................................. 78

Algorithm .......................................................................................................................................................................................... 78 BitCount .......................................................................................................................................................................................... 78 IsPrivate .......................................................................................................................................................................................... 78 KeyList .......................................................................................................................................................................................... 78 KeyName .......................................................................................................................................................................................... 79 Ready .......................................................................................................................................................................................... 79
M ethods ................................................................................................................................................. 80
Decrypt .......................................................................................................................................................................................... 80 Encrypt .......................................................................................................................................................................................... 80 Equals .......................................................................................................................................................................................... 80 ExportTo .......................................................................................................................................................................................... 80 Generate .......................................................................................................................................................................................... 81 GetFingerprint .......................................................................................................................................................................................... 82 ImportFrom .......................................................................................................................................................................................... 82 Sign .......................................................................................................................................................................................... 83 Verif .......................................................................................................................................................................................... ySign 83
TScKeyList
.................................................................................................................................... 84

Count .......................................................................................................................................................................................... 85 Keys .......................................................................................................................................................................................... 85 Storage .......................................................................................................................................................................................... 85
M ethods ................................................................................................................................................. 86
Add .......................................................................................................................................................................................... 86 CheckKeyName .......................................................................................................................................................................................... 86 Clear .......................................................................................................................................................................................... 86 FindKey .......................................................................................................................................................................................... 86 KeyByName .......................................................................................................................................................................................... 86 GetKeyNames .......................................................................................................................................................................................... 87 IndexOf .......................................................................................................................................................................................... 87 Remove .......................................................................................................................................................................................... 87 Ref .......................................................................................................................................................................................... resh 87
TScObjList
.................................................................................................................................... 88

Count .......................................................................................................................................................................................... 89 Storage .......................................................................................................................................................................................... 89
M ethods ................................................................................................................................................. 90
Clear .......................................................................................................................................................................................... 90 Flush .......................................................................................................................................................................................... 90 Ref .......................................................................................................................................................................................... resh 90
TScOid
.................................................................................................................................... 91

FriendlyName .......................................................................................................................................................................................... 92 Value .......................................................................................................................................................................................... 92
TScRandom
.................................................................................................................................... 93
IV
Description ................................................................................................................................................. 93 M ethods ................................................................................................................................................. 94

Randomize .......................................................................................................................................................................................... 94 Random .......................................................................................................................................................................................... 94
TScRandom_LFSR .................................................................................................................................... 95 Description ................................................................................................................................................. 95 TScRegStorage .................................................................................................................................... 96 Description ................................................................................................................................................. 96 Properties ................................................................................................................................................. 97
Algorithm .......................................................................................................................................................................................... 97 Password .......................................................................................................................................................................................... 97 KeyPath .......................................................................................................................................................................................... 97 RootKey .......................................................................................................................................................................................... 97
TScSFTPACEItem .................................................................................................................................... 98 Description ................................................................................................................................................. 98 Properties ................................................................................................................................................. 99

AceFlags .......................................................................................................................................................................................... 99 AceMask .......................................................................................................................................................................................... 99 AceType .......................................................................................................................................................................................... 99 Who .......................................................................................................................................................................................... 99
TScSFTPClient .................................................................................................................................... 101 Description ................................................................................................................................................. 101 Properties ................................................................................................................................................. 102

.......................................................................................................................................................................................... Active 102 .......................................................................................................................................................................................... SSHClient 102 .......................................................................................................................................................................................... EOF 102 .......................................................................................................................................................................................... NonBlocking 102 .......................................................................................................................................................................................... ReadBlockSize 103 .......................................................................................................................................................................................... ServerProperties 103 .......................................................................................................................................................................................... ServerVersion 103 .......................................................................................................................................................................................... Timeout 103 .......................................................................................................................................................................................... Version 104 .......................................................................................................................................................................................... WriteBlockSize 104
M ethods ................................................................................................................................................. 105

.......................................................................................................................................................................................... Block 105 .......................................................................................................................................................................................... CheckFile 106 .......................................................................................................................................................................................... CheckFileByHandle 106 .......................................................................................................................................................................................... CloseHandle 107 .......................................................................................................................................................................................... CopyRemoteFile 107 .......................................................................................................................................................................................... CreateLink 107 .......................................................................................................................................................................................... Disconnect 108 .......................................................................................................................................................................................... DownloadFile 108 .......................................................................................................................................................................................... Initialize 108 .......................................................................................................................................................................................... MakeDirectory 109 .......................................................................................................................................................................................... OpenDirectory 109 .......................................................................................................................................................................................... OpenFile 109 .......................................................................................................................................................................................... QueryAvailableSpace 112 .......................................................................................................................................................................................... QueryUserHomeDirectory 113 .......................................................................................................................................................................................... ReadDirectory 113 .......................................................................................................................................................................................... ReadFile 113 .......................................................................................................................................................................................... ReadSymbolicLink 114 .......................................................................................................................................................................................... RemoveDirectory 114 .......................................................................................................................................................................................... RemoveFile 114 SecureBridge Components, Copyright 2007-2009 Devart
Contents
VI
.......................................................................................................................................................................................... RenameFile 115 .......................................................................................................................................................................................... RequestExtension 115 .......................................................................................................................................................................................... RetrieveAbsolutePath 116 .......................................................................................................................................................................................... RetrieveAttributes 116 .......................................................................................................................................................................................... RetrieveAttributesByHandle 117 .......................................................................................................................................................................................... SetAttributes 117 .......................................................................................................................................................................................... SetAttributesByHandle 118 .......................................................................................................................................................................................... TextSeek 118 .......................................................................................................................................................................................... UnBlock 118 .......................................................................................................................................................................................... UploadFile 119 .......................................................................................................................................................................................... WriteFile 119
E vents ................................................................................................................................................. 120

.......................................................................................................................................................................................... OnConnect 120 .......................................................................................................................................................................................... OnCreateLocalFile 120 .......................................................................................................................................................................................... OnData 120 .......................................................................................................................................................................................... OnDirectoryList 121 .......................................................................................................................................................................................... OnDisconnect 121 .......................................................................................................................................................................................... OnError 121 .......................................................................................................................................................................................... OnFileAttributes 122 .......................................................................................................................................................................................... OnFileName 122 .......................................................................................................................................................................................... OnOpenFile 123 .......................................................................................................................................................................................... OnReplyCheckFile 123 .......................................................................................................................................................................................... OnReplyExtension 123 .......................................................................................................................................................................................... OnReplySpaceAvailable 124 .......................................................................................................................................................................................... OnSetRemoteFileAttributes 124 .......................................................................................................................................................................................... OnSuccess 125 .......................................................................................................................................................................................... OnVersionSelect 125
TScSFTPCustomExtension .................................................................................................................................... 127 Description ................................................................................................................................................. 127 Properties ................................................................................................................................................. 128

.......................................................................................................................................................................................... Name 128
TScSFTPExtension .................................................................................................................................... 129 Description ................................................................................................................................................. 129 Properties ................................................................................................................................................. 130

.......................................................................................................................................................................................... Data 130
TScSFTPFileAttributes .................................................................................................................................... 131 Description ................................................................................................................................................. 131 Properties ................................................................................................................................................. 132

.......................................................................................................................................................................................... AccessTime 132 .......................................................................................................................................................................................... ACEs 132 .......................................................................................................................................................................................... AclFlags 132 .......................................................................................................................................................................................... AllocationSize 133 .......................................................................................................................................................................................... Attrs 133 .......................................................................................................................................................................................... ChangeAttrTime 134 .......................................................................................................................................................................................... CreateTime 135 .......................................................................................................................................................................................... ExtendedAttributes 135 .......................................................................................................................................................................................... FileType 135 .......................................................................................................................................................................................... GID 136 .......................................................................................................................................................................................... Group 136 .......................................................................................................................................................................................... LinkCount 136 .......................................................................................................................................................................................... MimeType 136 .......................................................................................................................................................................................... Modif yTime 137 .......................................................................................................................................................................................... Owner 137 SecureBridge Components, Copyright 2007-2009 Devart
VI
VII
.......................................................................................................................................................................................... Permissions 137 .......................................................................................................................................................................................... Size 138 .......................................................................................................................................................................................... TextHint 138 .......................................................................................................................................................................................... UID 138 .......................................................................................................................................................................................... UntranslatedName 139 .......................................................................................................................................................................................... ValidAttributes 139
TScSFTPFileInfo .................................................................................................................................... 141 Description ................................................................................................................................................. 141 Properties ................................................................................................................................................. 142

.......................................................................................................................................................................................... Attributes 142 .......................................................................................................................................................................................... Filename 142 .......................................................................................................................................................................................... Longname 142
TScSFTPServerProperties .................................................................................................................................... 143 Description ................................................................................................................................................. 143 Properties ................................................................................................................................................. 144

.......................................................................................................................................................................................... FilenameCharset 144 .......................................................................................................................................................................................... FilenameCharsetAvailable 144 .......................................................................................................................................................................................... Newline 144 .......................................................................................................................................................................................... NewlineAvailable 144 .......................................................................................................................................................................................... SupportedAcls 145 .......................................................................................................................................................................................... SupportedAclsAvailable 145 .......................................................................................................................................................................................... SupportedExtension 145 .......................................................................................................................................................................................... SupportedExtensionAvailable 145 .......................................................................................................................................................................................... Vendor 146 .......................................................................................................................................................................................... VendorAvailable 146 .......................................................................................................................................................................................... Versions 146 .......................................................................................................................................................................................... VersionsAvailable 146
TScSFTPSupportedAclExtension .................................................................................................................................... 147 Description ................................................................................................................................................. 147 Properties ................................................................................................................................................. 148

.......................................................................................................................................................................................... SupportedAcls 148
TScSFTPSupportedExtension .................................................................................................................................... 149 Description ................................................................................................................................................. 149 Properties ................................................................................................................................................. 150

.......................................................................................................................................................................................... MaxReadSize 150 .......................................................................................................................................................................................... RaiseError 150 .......................................................................................................................................................................................... SupportedAccessMask 150 .......................................................................................................................................................................................... SupportedAttribExtensionNames 150 .......................................................................................................................................................................................... SupportedAttributeBits 150 .......................................................................................................................................................................................... SupportedAttributes 150 .......................................................................................................................................................................................... SupportedBlockModes 151 .......................................................................................................................................................................................... SupportedExtensionNames 151 .......................................................................................................................................................................................... SupportedOpenFlags 151
M ethods ................................................................................................................................................. 152

.......................................................................................................................................................................................... IsSupportedBlockSet 152 .......................................................................................................................................................................................... IsSupportedOpenBlockSet 152
TScSFTPVendorExtension .................................................................................................................................... 153 Description ................................................................................................................................................. 153 Properties ................................................................................................................................................. 154

.......................................................................................................................................................................................... ProductBuildNumber 154 .......................................................................................................................................................................................... ProductName 154 .......................................................................................................................................................................................... ProductVersion 154 SecureBridge Components, Copyright 2007-2009 Devart
Contents
VIII
.......................................................................................................................................................................................... VendorName 154
TScSFTPVersionsExtension .................................................................................................................................... 155 Description ................................................................................................................................................. 155 Properties ................................................................................................................................................. 156

.......................................................................................................................................................................................... AsString 156 .......................................................................................................................................................................................... Versions 156
TScSpaceAvailableReplyExtension .................................................................................................................................... 157 Description ................................................................................................................................................. 157 Properties ................................................................................................................................................. 158

.......................................................................................................................................................................................... BytesAvailableToUser 158 .......................................................................................................................................................................................... BytesOnDevice 158 .......................................................................................................................................................................................... BytesPerAllocationUnit 158 .......................................................................................................................................................................................... UnusedBytesAvailableToUser 158 .......................................................................................................................................................................................... UnusedBytesOnDevice 158
TScSSHChannel .................................................................................................................................... 159 Description ................................................................................................................................................. 159 Properties ................................................................................................................................................. 160

.......................................................................................................................................................................................... Connected 160 .......................................................................................................................................................................................... DestHost 160 .......................................................................................................................................................................................... DestPort 160 .......................................................................................................................................................................................... Direct 160 .......................................................................................................................................................................................... GatewayPorts 161 .......................................................................................................................................................................................... InCount 161 .......................................................................................................................................................................................... NonBlocking 161 .......................................................................................................................................................................................... OutCount 161 .......................................................................................................................................................................................... Remote 162 .......................................................................................................................................................................................... SourcePort 162 .......................................................................................................................................................................................... SSHStream 162
M ethods ................................................................................................................................................. 163

.......................................................................................................................................................................................... ReadBuf f er 163 .......................................................................................................................................................................................... WriteBuf f er 163 .......................................................................................................................................................................................... WriteString 163
E vents ................................................................................................................................................. 165

.......................................................................................................................................................................................... OnError 165 .......................................................................................................................................................................................... OnSocketConnect 165 .......................................................................................................................................................................................... OnSocketDisconnect 165
TScSSHClient .................................................................................................................................... 166 Description ................................................................................................................................................. 166 Properties ................................................................................................................................................. 167

.......................................................................................................................................................................................... Authentication 167 .......................................................................................................................................................................................... CiphersClient 167 .......................................................................................................................................................................................... CiphersServer 167 .......................................................................................................................................................................................... ClientInf o 168 .......................................................................................................................................................................................... Connected 168 .......................................................................................................................................................................................... HostKeyAlgorithms 168 .......................................................................................................................................................................................... HostKeyName 168 .......................................................................................................................................................................................... HostName 169 .......................................................................................................................................................................................... KeyStorage 169 .......................................................................................................................................................................................... Options 169 .......................................................................................................................................................................................... Password 170 .......................................................................................................................................................................................... Port 170 .......................................................................................................................................................................................... PrivateKeyName 171 .......................................................................................................................................................................................... Timeout 171 SecureBridge Components, Copyright 2007-2009 Devart
VIII
IX
.......................................................................................................................................................................................... User 171
M ethods ................................................................................................................................................. 172

.......................................................................................................................................................................................... Connect 172 .......................................................................................................................................................................................... Disconnect 172
E vents ................................................................................................................................................. 173

.......................................................................................................................................................................................... Af terConnect 173 .......................................................................................................................................................................................... Af terDisconnect 173 .......................................................................................................................................................................................... Bef oreConnect 173 .......................................................................................................................................................................................... Bef oreDisconnect 173 .......................................................................................................................................................................................... OnBanner 174 .......................................................................................................................................................................................... OnServerKeyValidate 174
TScSSHCustomChannel .................................................................................................................................... 175 Description ................................................................................................................................................. 175 Properties ................................................................................................................................................. 176

.......................................................................................................................................................................................... Client 176 .......................................................................................................................................................................................... Connected 176 .......................................................................................................................................................................................... InCount 176 .......................................................................................................................................................................................... NonBlocking 176 .......................................................................................................................................................................................... OutCount 177 .......................................................................................................................................................................................... Timeout 177
M ethods ................................................................................................................................................. 178

.......................................................................................................................................................................................... Connect 178 .......................................................................................................................................................................................... Disconnect 178 .......................................................................................................................................................................................... ReadBuf f er 178 .......................................................................................................................................................................................... ReadString 178 .......................................................................................................................................................................................... WriteBuf f er 179
E vents ................................................................................................................................................. 180

.......................................................................................................................................................................................... OnAsyncError 180 .......................................................................................................................................................................................... OnAsyncReceive 180 .......................................................................................................................................................................................... OnConnect 180 .......................................................................................................................................................................................... OnDisconnect 180
TScSSHServer.................................................................................................................................... 182 Description ................................................................................................................................................. 182 Properties ................................................................................................................................................. 183

.......................................................................................................................................................................................... Active 183 .......................................................................................................................................................................................... Authentications 183 .......................................................................................................................................................................................... Ciphers 183 .......................................................................................................................................................................................... HostKeyAlgorithms 183 .......................................................................................................................................................................................... KeyNameDSA 184 .......................................................................................................................................................................................... KeyNameRSA 184 .......................................................................................................................................................................................... Options 184 .......................................................................................................................................................................................... Port 185 .......................................................................................................................................................................................... ServerVersion 186 .......................................................................................................................................................................................... Storage 186 .......................................................................................................................................................................................... Timeout 186
M ethods ................................................................................................................................................. 187

.......................................................................................................................................................................................... SendToClient 187
E vents ................................................................................................................................................. 188

.......................................................................................................................................................................................... Af terChannelDisconnect 188 .......................................................................................................................................................................................... Af terShellDisconnect 188 .......................................................................................................................................................................................... Af terClientConnect 188 .......................................................................................................................................................................................... Af terClientDisconnect 189 .......................................................................................................................................................................................... Bef oreChannelConnect 189 .......................................................................................................................................................................................... Bef oreShellConnect 189 SecureBridge Components, Copyright 2007-2009 Devart
Contents
.......................................................................................................................................................................................... OnChannelError 190 .......................................................................................................................................................................................... OnClientError 190 .......................................................................................................................................................................................... OnDataFromClient 190 .......................................................................................................................................................................................... OnDataToClient 191 .......................................................................................................................................................................................... OnError 191
TScSSHShell .................................................................................................................................... 192 Description ................................................................................................................................................. 192 Properties ................................................................................................................................................. 193

.......................................................................................................................................................................................... Environment 193
M ethods ................................................................................................................................................. 194

.......................................................................................................................................................................................... ExecuteCommand 194 .......................................................................................................................................................................................... ReadString 194 .......................................................................................................................................................................................... WriteString 194
TScSSLClient .................................................................................................................................... 195 Description ................................................................................................................................................. 195 Properties ................................................................................................................................................. 196

.......................................................................................................................................................................................... CACertName 196 .......................................................................................................................................................................................... CertName 196 .......................................................................................................................................................................................... CipherSuites 196 .......................................................................................................................................................................................... Connected 197 .......................................................................................................................................................................................... ConnectionInf o 197 .......................................................................................................................................................................................... HostName 197 .......................................................................................................................................................................................... InCount 197 .......................................................................................................................................................................................... IsSecure 197 .......................................................................................................................................................................................... NonBlocking 198 .......................................................................................................................................................................................... OutCount 198 .......................................................................................................................................................................................... Port 198 .......................................................................................................................................................................................... Protocols 198 .......................................................................................................................................................................................... Storage 199 .......................................................................................................................................................................................... Timeout 199
M ethods ................................................................................................................................................. 200

.......................................................................................................................................................................................... Connect 200 .......................................................................................................................................................................................... Disconnect 200 .......................................................................................................................................................................................... ReadBuf f er 200 .......................................................................................................................................................................................... WriteBuf f er 201
E vents ................................................................................................................................................. 202

.......................................................................................................................................................................................... Af terConnect 202 .......................................................................................................................................................................................... Af terDisconnect 202 .......................................................................................................................................................................................... Bef oreConnect 202 .......................................................................................................................................................................................... Bef oreDisconnect 202 .......................................................................................................................................................................................... OnAsyncError 203 .......................................................................................................................................................................................... OnAsyncReceive 203 .......................................................................................................................................................................................... OnServerCertValidate 203
TScStorage
.................................................................................................................................... 205

.......................................................................................................................................................................................... Certif icates 206 .......................................................................................................................................................................................... Keys 206 .......................................................................................................................................................................................... Users 206 .......................................................................................................................................................................................... ReadOnly 206
M ethods ................................................................................................................................................. 207

.......................................................................................................................................................................................... DeleteStorage 207
E vents ................................................................................................................................................. 208

XI
.......................................................................................................................................................................................... OnCheckUserPass 208 .......................................................................................................................................................................................... OnCheckUserKey 208
TScUser
.................................................................................................................................... 209

.......................................................................................................................................................................................... Authentications 210 .......................................................................................................................................................................................... Key 210 .......................................................................................................................................................................................... Password 210 .......................................................................................................................................................................................... UserList 211 .......................................................................................................................................................................................... UserName 211
M ethods ................................................................................................................................................. 212

.......................................................................................................................................................................................... BeginUpdate 212 .......................................................................................................................................................................................... EndUpdate 212
TScUserList
.................................................................................................................................... 213

.......................................................................................................................................................................................... Count 214 .......................................................................................................................................................................................... Users 214 .......................................................................................................................................................................................... Storage 214
M ethods ................................................................................................................................................. 215

.......................................................................................................................................................................................... Add 215 .......................................................................................................................................................................................... CheckUserName 215 .......................................................................................................................................................................................... Clear 215 .......................................................................................................................................................................................... FindUser 215 .......................................................................................................................................................................................... UserByName 216 .......................................................................................................................................................................................... GetUserNames 216 .......................................................................................................................................................................................... IndexOf 216 .......................................................................................................................................................................................... Remove 216 .......................................................................................................................................................................................... Ref resh 217
SecureBridge Object and Component Listing by Unit ..................................................................................................................................................218

ScBridge .................................................................................................................................... 218 Classes ................................................................................................................................................. 218 ScCryptoAPIStorage .................................................................................................................................... 219 Classes ................................................................................................................................................. 219 ScIndy .................................................................................................................................... 220 Classes ................................................................................................................................................. 220 ScRNG .................................................................................................................................... 221 Classes ................................................................................................................................................. 221 ScSFTPClient .................................................................................................................................... 222 Classes ................................................................................................................................................. 222 ScSFTPUtils .................................................................................................................................... 223 Classes ................................................................................................................................................. 223 ScSSHChannel .................................................................................................................................... 224 Classes ................................................................................................................................................. 224 ScSSHClient .................................................................................................................................... 225 Classes ................................................................................................................................................. 225 ScSSLClient .................................................................................................................................... 226 Classes ................................................................................................................................................. 226
Contents
XII
ScSSHServer .................................................................................................................................... 227 Classes ................................................................................................................................................. 227 ScSSHUtil .................................................................................................................................... 228 Classes ................................................................................................................................................. 228
XII
1 Overview
SecureBridge is a library of non visual components for Delphi, Delphi for .NE T, and C++Builder designed to protect netw ork connections from unauthorized access. SecureBridge can protect any TCP traffic using SSH or SSL protocol. These secure transport layer protocols provide authentication, strong encryption, and data integrity verification. SecureBridge can be used in conjunction w ith data access components to prevent data interception or modification in an untrusted netw ork. The SecureBridge library is actively developed and supported by the Devart Team. If you have a questions about SecureBridge, email the developers at sbridge@devart.com or visit SecureBridge online at http://w w w .devart.com/sbridge/.
Advantages of SecureBridge Library SecureBridge is very convenient in setup and usage. It is enough to place several components on the form and specify the server address and the user login information to establish a secure connection. Applications that have to w ork w ith secure information are easy to deploy, as they do not require any external files. Wide Support for Secure Protocols SecureBridge supports SSH2 protocol w hich is one of the most reliable protocols for data encryption. SSH2 is an acknow ledged industry standard in the area of secure data transfer through unprotected connections. SSH Client SecureBridge SSH Client, that is implemented in the TScSSHClient component, can w ork w ith different SSH servers like OpenSSH, WinSSHD. It allow s you achieve high performance due to connection parameters management. SSH client unites several unprotected channels from client to server in one protected connection. Logical channels can exist in different threads. SSH Server High-performance SSH server w ith w ide abilities for connection setup and users management. SSH Server w orks w ith different types of SSH clients such as OpenSSH, PuTTY etc. Number of the clients connected simultaneously is limited only by system resources. SFTP Client SecureBridge SFTP Client, that is implemented in the TScSFTPClient component, serves for secure file transfer (and more generally - file system access). SSL Client
SecureBridge SSL Client, that is implemented in the TScSSLClient component, can w ork w ith other applications using SSL 3.0 and TLS 1.0 protocols. It allow s you achieve high performance due to connection parameters management. SecureBridge does not require external units. Protection Against Diverse Attacks SecureBridge protects transferred data against different kinds of attacks. SecureBridge uses the DiffieHellman key exchange algorithm for connection establishing. A reliable random number generator is used for keys generating. To protect data against illegal access, information is encrypted by symmetric algorithms that provide high speed and reliability. For data integrity verification hash algorithms like SHA1 are used. Support for Third Party Components SecureBridge supports Internet Direct components (Indy) and M ySQL Data Access Components (M yDAC). This allow s you to implement all the advantages of the encrypted connection w ithin a single application w ithout any external files. Key features The follow ing list describes the main features of SecureBridge Components: Full support for SSH2, SSL 3.0, and TLS 1.0 protocols Support for all versions of the SFTP protocol Fast and customizable SSH server, SSH client, SFTP client, and SSL client Support for most SSH2-compatible clients and servers including OpenSSH Compatible w ith any application that w orks through TCP w ith protocols like SM TP, POP, IM AP, etc. Ability to w ork w ith system and external certificate storages through CryptoAPI Protection against diverse crypto attacks Support for symmetric (Blow fish, AE S128, Cast128, TripleDE S) and asymmetric (RSA, DSA) algorithms Support for SHA1 and M D5 hashing algorithms Authentication by passw ord or by public key Tight integration w ith Indy, Data Access Components for M ySQL, and PostgreSQL Data Access Components High performance Reliable and convenient maintenance of asymmetric keys Facility for storing users, passw ords, and public keys for an SSH server
2 Getting Started
This page contains a quick introduction to setting up and using the SecureBridge library. It gives a w alkthrough for each part of the SecureBridge usage process and points out the most relevant related topics in the documentation. What is SecureBridge? How does SecureBridge w ork? Installing SecureBridge. Working w ith the SecureBridge demo projects. Compiling and deploying your SecureBridge project. Using the SecureBridge documentation. How to get help w ith SecureBridge. What is SecureBridge? SecureBridge is a component library w hich is designed for ensuring safe data transferring through insecure netw ork areas. It helps you to improve security of transferred information in your applications. How ever it practically does not affect performance of the application and does not complicate its architecture. M any SecureBridge classes are based on VCL and VCL for .NE T classes and interfaces. An introduction to SecureBridge is provided in the Ov erv iew section. A list of the SecureBridge features you may find useful is listed in the Features section. An overview of the SecureBridge component classes is provided in the Components List section. How does SecureBridge work? In order to ensure data safety in insecure netw orks, it is essential to take care of data protection and integrity, as w ell as of the data receiver identification. So before putting the data into the insecure area, it should be encrypted. To maintain data integrity, it is required to send a data hash along w ith the data itself. On the other side the data should be decrypted, and received hash should be verified. SSH tunnel can ensure data transferring from several clients of one secure area to clients in another secure area through one protected TCP connection, at that authentication of the remote side is ensured. The general chart of computer ties w hen connecting through the SSH tunnel is presented below :
SSH tunnel diagram
SecureBridge can act as both SSH client (TScSSHClient) and SSH server (TScSSHServer ). SSL connection w orks in similar w ay. The difference is that SSL client and SSL server are embedded into the corresponding applications. To put some data into netw ork, an application calls methods of the embedded SSL client, data is encrypted and sent. To get data from netw ork, the application also calls methods of the embedded SSL client. So, SSL client/server exchange data w ith the application w ithin the application's address space. The general chart of computer ties w hen connecting through SSL is presented below :
SSL connection diagram
Installing SecureBridge To install SecureBridge, complete the follow ing steps. 1. Choose and dow nload the version of the SecureBridge installation program that is compatible w ith your IDE . For instance, if you are installing SecureBridge 2.00, you should use the follow ing files:
For BDS 2006 and Turbo - sbridge200d10std.exe For Delphi 7 - sbridge200d7std.exe For more information, visit the SecureBridge dow nload page. 2. Close all running IDE s. 3. Launch the SecureBridge installation program you dow nloaded in the first step and follow the instructions to install SecureBridge.
By default, the SecureBridge installation program should install compiled SecureBridge libraries automatically on all ID E s. To check SecureBridge has been installed properly, launch your ID E and make sure that the SecureBridge page has been added to the C omponent Palette.
If you have bought SecureBridge Standard E dition w ith Source Code, you w ill be able to dow nload both the compiled version of SecureBridge and the SecureBridge source code. The installation process for the compiled version is standard, as described above. The SecureBridge source code must be compiled and installed manually. Consult the supplied ReadmeSrc.txt file for more details. To find out w hat gets installed w ith SecureBridge or to troubleshoot your SecureBridge installation, visit the Installation topic. Working with the SecureBridge demo projects The SecureBridge installation package includes demo projects that demonstrate SecureBridge capabilities and use patterns. The SecureBridge demo projects are automatically installed in the SecureBridge installation folder. To quickly get started w orking w ith SecureBridge, choose a fit SecureBridge demo project, and launch it. A description of all the SecureBridge demos is located in the Demo Projects topic. Compiling and deploying your SecureBridge project Compiling SecureBridge-based projects By default, to compile a project that uses SecureBridge classes, your IDE compiler needs to have access to the SecureBridge dcu (obj) files. If you are compiling a project w ith runtime packages, the compiler w ill also need to have access to the SecureBridge bpl files. All the appropriate settings for both of these scenarios should take place automatically during installation of SecureBridge. You should only need to modify your environment manually if you are using SecureBridge edition that comes w ith source code. You can check that your environment is properly configured by trying to compile one of the SecureBridge demo projects. If you have no problem compiling and launching the SecureBridge demos, your environment has been properly configured. For more information about w hich library files and environment changes are needed for compiling SecureBridge-based projects, consult the Installation topic. Deploying SecureBridge-based projects To deploy an application that uses SecureBridge, you w ill need to make sure the target w orkstation has
access to the follow ing files. ith runtime packages. The SecureBridge bpl files, if compiling w The SecureBridge assembly files, if are using VCL for .NE T components. If you are evaluating deploying projects w ith SecureBridge Trial E dition, you w ill also need to deploy some additional bpl files w ith your application even if you are compiling w ithout runtime packages. As another trial limitation for C++Builder, applications w ritten SecureBridge Trial E dition for C++Builder w ill only w ork if the C++Builder IDE is launched. M ore information about SecureBridge Trial E dition limitations is provided here. Files w hich may need to be deployed w ith SecureBridge-based applications is included in the Deployment topic. Using the SecureBridge documentation The SecureBridge documentation describes how to install and configure SecureBridge, how to use SecureBridge Demo Projects, and how to use the SecureBridge library. The SecureBridge documentation includes a detailed reference of all the SecureBridge components and classes. M any of the SecureBridge components and classes inherit or implement members from other VCL, VCL for .NE T classes and interfaces. The product documentation also includes a summary of all members w ithin each of these classes. To view a detailed description of a particular component, look it up in the Components List section. To find out more about a specific standard VCL class an SecureBridge component is inherited from, see the corresponding topic in your IDE documentation. At install time, the SecureBridge documentation is integrated into your IDE . It can be invoked by pressing F1 in an object inspector or on a selected code segment. How to get help with SecureBridge There are a number of resources for finding help on using SecureBridge classes in your project. If you have a question about SecureBridge installation or licensing, consult the Licensing section. You can get community assistance and SecureBridge technical support on the SecureBridge Support Forum. To get help through the SecureBridge Priority Support program, send an email to the SecureBridge development team at securebridge@devart.com . If you have a question about ordering SecureBridge or any other Devart product, contact sales@devart.com. For more information, consult the Getting Support topic.
3 Features
Compatibility: Compatible w ith Delphi 5, C++Builder 5, and higher IDE versions VCL and VCL.NE T versions of the library available Support for Indy, an open source socket library for Internet communications Support for Data Access Components for M ySQL (M yDAC)
Common features: Ability to w ork w ith system and external certificate storages through CryptoAPI Protection from different kinds of crypto attacks High performance High quality random number generator Working in synchronous and asynchronous mode Support for TStream and ISequentialStream interfaces Access to extended information about the connection and the channel
Algorithms support: Support for Blow fish, AE S128, Cast128, and TripleDE S symmetric algorithms Support for RSA and DSA asymmetric algorithms Support for SHA1 and M D5 hashing algorithms Reliable and convenient storage, transfer, and verification of asymmetric keys
SSH: Full support for the SSH2 protocol SSH client w ith extended setting abilities Fast and customizable SSH server Support for most SSH2-compatible clients and servers including OpenSSH Compatible w ith any applications that w ork through TCP w ith protocols like SM TP, POP, IM AP, etc. Facility for storing users, passw ords, and public keys for an SSH server Authentication by passw ord or by public key Transferring data from several logical connections through a single SSH tunnel Remote commands execution w ith SSH server
SFTP: Full support for the SFTP protocols versions from 1 to 6 ith extended setting abilities SFTP client w SSL: ith no external units Full support for SSL 3.0 and TLS 1.0 protocols w ith extended setting abilities SSL client w orking w ith X.509 certificates Support for w
Licensing and support: One year free support for registered users Licensed royalty-free per developer, per team, or per site
4 What's New
09-Jun-09 New features in SecureBridge 2.50: Added the full support for SFTP protocols versions from 1 to 6 ith extended setting abilities Added the SFTP client w Added support of keyboard-interactive authentication method 10-Oct-08 New features in SecureBridge 2.20: Support for Delphi 2009 for Win 32 and C++Builder 2009 added Improved stability of the TScSSHServer component ork of the SSH Server demo Improved w ith hanging of the TScSSLClient component Fixed bug w 14-Nov-07 New features in SecureBridge 2.00: ith no external units Added the full support for SSL 3.0 and TLS 1.0 protocols w ith extended setting abilities Added the SSL client w ork w ith [X.509] certificates Added ability to w Added ability to access system and external certificate storages through CryptoAPI ith SSH server supported Remote commands execution w 23-Jul-07 New features in SecureBridge 1.10: C++Builder 2007 supported 22-May-07 New features in SecureBridge 1.00: SecureBridge released
10
5 Demo Projects
SecureBridge includes demo projects that show off the main SecureBridge functionality and development patterns. Where are the SecureBridge demo projects located? In most cases all the SecureBridge demo projects are located in "%SecureBridge%\Demos\". In Delphi 2007 for Win32 under Window s Vista all the SecureBridge demo projects are located in "M y Documents\Devart\SecureBridge for Delphi 2007\Demos", for example: "C:\Documents and Settings\All Users\Documents\Devart\SecureBridge for Delphi 2007\Demos\". The structure of the demo project directory depends on the IDE version you are using. Instructions for using the SecureBridge demo projects To explore an SecureBridge demo project, 1. Launch your IDE . 2. In your IDE , choose File | Open Project from the menu bar. 3. Find the Demos folder of SecureBridge. 4. Brow se through the demo project folders located here and open the project file of the demo you w ould like to use. 5. Compile and launch the demo. If it exists, consult the Readme.html file for more details. Demo project descriptions Name Indy10 Description This demo project represents a the TScIdIOHandler component for providing integration w ith Indy components version 10. SecureBridge installation w izard installs it for Delphi 8 and higher IDE versions if the "Indy Components" item is checked on the "Select Components" step of the installation. If your IDE has Indy9 installed, and Indy integration is needed, just uncheck "Indy Components" w hen installing and install TScIdIOHandler from the Indy9 directory. This demo is an equivalent to the Indy10 demo, except it supports Indy components version 9, and is automatically installed for Delphi 7. Uses the TScSFTPClient component for secure file transfer w ith
Indy9
SFTPClient
11
remote machine. This demo allow s to execute basic operations w ith files such as dow nloading, uploading files, creating and deleting directories, view ing the directory tree. SSHClient Uses the TScSSHClient component for establishing connection to an SSH server. Demonstrates organizing port forw arding w ith the TScSSHChannel component (see. SSH-tunnel principles). Use the TScSSHServer component for building a full-blow n SSH server . Demonstrates w orking w ith a user list, generating new keys that are used for authenticating w hen client connects to server. This is one more full-blow n SSH sever, but it does not have graphic interface and does not provide key and user management tools like SSHServer demo does. This demo is intended to w ork as a Window s service. Take a look at the Readme file in the demo directory for some additional information. This demo demonstrates abilities of the TScSSHShell component to execute commands remotely through an SSH server. The demo also lets obtaining results in both standard and NonBlocking modes.
SSHServer
SSHServerService
SSHShell
Note , there is the Base directory among the demo directories. This directory does not contain a demo, it contains a common engine for some of demos. You should not remove this directory or files in it. If you do that, some of demos w ill not compile and w ork.
12
6 Component List
This topic presents a brief description of the components included in the SecureBridge Components library. Click on the name of each component for more information. These components are added to the SecureBridge page of the Component palette.
TScSSHClient
SSH client, unites several logical unprotected connections to the server into one protected connection. Logical connections can exist in different threads.
TScSSHChannel
Logical connection to TScSSHClient w ithin the client secure area. Receives/sends data from/to SSH server or forw ards from the TCP port of one computer to another computer through a secure channel.
TScSSHShell
Serves for remote commands execution using abilities of an SSH server.
TScSFTPClient
Serves for implementing the functionality of SFTP protocol that provides secure file transfer.
TScSSHServer
Implements SSH server functionality.
TScSSLClient
SSL-client, supports SSL 3.0 and TLS 1.0 protocols. It validates server certificate, encrypts/decrypts data transferred through a netw ork.
TScFileStorage
Stores list of certificates, keys, and users in files.
TScRegStorage
Stores list of certificates, keys, and users in the system registry.
TScCryptoAPIStorage
Stores list of certificates and keys in system and external storages using CryptoAPI functionality.
TScIdIOHandler
Provides easy integration w ith Indy components to protect data transferred through netw ork by Indy.
13
TM ySSHIOHandler
Lets M yDAC connecting to M ySQL server through SSH protocol (this component is included into M yDAC as a demo project).
TM ySSLIOHandler
Lets M yDAC connecting to M ySQL server through SSL connection (this component is included into M yDAC as a demo project).
See Also Hierarchy chart
14
7 Hierarchy chart
M any SecureBridge classes are inherited from standard VCL/CLX classes. The inheritance hierarchy chart for SecureBridge is show n below . The SecureBridge classes are represented by hyperlinks that point to their description in this documentation. A description of the standard classes can be found in the documentation of your IDE . TObject |-TPersistent | |-TCollectionItem | | |TScSFTPACEItem | |-TComponent | | |TScSSHCustomChannel | | | |TScSSHChannel | | | |TScSSHShell | | |TScSSHClient | | |TScSSHServer | | |-TScSFTPClient | | |TScSSLClient | | |TScStorage | | | |TScFileStorage | | | |TScRegStorage | | | |TScCryptoAPIStorage | | |TIdIOHandler | | | |TScIdIOHandler | | |TMyIOHandler | | |TMySSHIOHandler | | |TMySSLIOHandler | |TScCertificate | |TScKey | |TScUser | |TScSFTPFileAttributes | |TScSFTPFileInfo | |-TScSFTPCustomExtension | |TScSFTPExtension | | |TScFilenameTranslationControlExtension | |TScCheckFileReplyExtension | |TScSpaceAvailableReplyExtension | |TScSFTPSupportedExtension | |TScSFTPSupportedAclExtension | |TScSFTPVendorExtension | |TScSFTPVersionsExtension |TScSFTPServerProperties |TScObjList | |TScCertificateList | |TScKeyList | |TScUserList |-TInterfacedObject
15
|-TProtection |TScRandom |TScRandom_LFSR
16
8 Requirements
SecureBridge is an all-sufficient library and it does not require any external files on the target computer.
17
9 Installation
This topic contains the environment changes made by the SecureBridge installer. If you are having problems w ith using SecureBridge or compiling SecureBridge-based products, check this list to make sure your system is properly configured. Compiled versions of SecureBridge are installed automatically by the SecureBridge Installer for all supported IDE s. Versions of SecureBridge w ith Source Code must be installed manually. Installed packages The SecureBridge package libraries are divided into Win32 project files and .NE T project files. Note: %SecureBridge% denotes the path to your SecureBridge installation directory. Delphi/C++Builder Win32 project packages Name sbridgeXX.bpl dclsbridgeXX.bpl indy10sbridgeXX.bpl* indy9sbridgeXX.bpl* Delphi for .NE T project packages Name Description SecureBridge Delphi for .NE T run-time Devart.SecureBridge.dll package Devart.SecureBridge.Design.dll SecureBridge design-time package Devart.SecureBridge.Indy10.dll TScIdIOHandler compatible w ith Indy10 Location Global Assembly Cache
%SecureBridge%\Bin %SecureBridge%\Bin
Description SecureBridge run-time package SecureBridge design-time package TScIdIOHandler compatible w ith Indy10 TScIdIOHandler compatible w ith Indy9
Location W indow s\System32 Delphi\Bin Delphi\Bin Delphi\Bin
Environment Changes To compile SecureBridge-based applications, your environment must be configured to have access to the SecureBridge libraries. E nvironment changes are IDE -dependent. For all instructions, replace %SecureBridge% w ith the path to your SecureBridge installation directory Delphi Lib should be included in the Library Path accessible from Tools | %SecureBridge%\ E nvironment options | Library. The SecureBridge Installer performs Delphi environment changes automatically for compiled versions of SecureBridge.
18
Delphi for .NE T Devart.SecureBridge should be included in the Namespace prefixes. %SecureBridge%\Lib should be included in the Library Path accessible from Tools | Options | Library - NE T. %SecureBridge%\Bin should be included in the Library Path accessible from Tools | Options | Library - NE T. %SecureBridge%\Bin should be included in the Component | Installed .NE T components | Assembly Search Path. The SecureBridge Installer performs Delphi for .NE T environment changes automatically for compiled versions of SecureBridge. C++Builder C++Builder 5, 6: $(BCB)\SecureBridge\Lib should be included in the Library Path of the Default Project Options accessible from Project | Options | Directories/Conditionals. $(BCB)\SecureBridge\Include should be included in the Include Path of the D efault Project
Options accessible from Project | Options | D irectories/C onditionals.
C++Builder 2006, 2007: $(BCB)\SecureBridge\Lib should be included in the Library search path of the Default Project Options accessible from Project | Default Options | C++Builder | Linker | Paths and Defines. $(BCB)\SecureBridge\Include should be included in the Include search path of the Default Project Options accessible from Project | Default Options | C++Builder | C++ Compiler | Paths and Defines. The SecureBridge Installer performs C++Builder environment changes automatically for compiled versions of SecureBridge.
19
10 Deployment
SecureBridge applications can be built and deployed w ith or w ithout run-time libraries. Using run-time libraries is managed w ith the "Build w ith runtime packages" check box in the Project Options dialog box. Deploying Win32 applications built without run-time packages You do not need to deploy any files w ith SecureBridge-based applications built w ithout run-time packages, provided you are using a registered version of SecureBridge. You can check your application does not require run-time packages by making sure the "Build w ith runtime packages" check box is not selected in the Project Options dialog box. Trial Limitation Warning If you are evaluating deploying Win32 applications w ith SecureBridge Trial E dition, you w ill need to deploy the sbridgeXX.bpl package and their dependencies (required IDE BPL files) w ith your application, even if it is built w ithout run-time packages. Deploying Win32 applications built with run-time packages You can set your application to be built w ith run-time packages by selecting the "Build w ith runtime packages" check box in the Project Options dialog box before compiling your application. In this case, you w ill also need to deploy the sbridgeXX.bpl package w ith your Win32 application. Deploying .NET applications By default you should deploy the Devart.SecureBridge.dll assembly w ith your SecureBridge .NE T application. If you remove the name of this assembly from the References list of your project, this file w ill not be required on the target computer.
20
11 Compatibility
SSH servers compatibility SecureBridge is tested w ith OpenSHH 3.8 and PuTTY. SSL compatibility SecureBridge is compatible w ith SSL 3.0 and TLS 1.0. IDE compatibility SecureBridge can be used w ith the follow ing integrated development environments: CodeGear Delphi 2009 for Win32 CodeGear C++Builder 2009 CodeGear RAD Studio 2007 CodeGear C++Builder 2007 CodeGear Delphi 2007 for Win 32 Turbo Delphi Turbo Delphi for .NE T, Turbo C++, Borland Developer Studio 2006 including support of Delphi for Win32, Delphi for .NE T and C++Builder Personality, Borland Delphi 2005, Borland Delphi 8 (for .NE T), Borland Delphi 7, Borland Delphi 6, Borland Delphi 5, C++Builder 6, C++Builder 5.
Only Architect, E nterprise, and Professional editions are supported.
21
12 Licensing and Subscriptions

SecureBridge Components are licensed, not sold. Please carefully read the end-user license agreement (E ULA) before using the product. You can find the E ULA in the License.rtf file in the SecureBridge installation folder. Licensing There are three types of full licenses for SecureBridge: Single Licenses, Team Licenses, and Site Licenses. Single Licenses must be purchased for each developer w orking on a project that uses SecureBridge. Purchasing a Team License automatically gives four developers a Single License. Purchasing a Site License automatically gives all developers in a company a Single License. For evaluation purposes only, you may also use SecureBridge Trial E dition under a temporary Evaluation License , w hich allow s you to use SecureBridge Trial E dition for a period of 60 days, after w hich you must either remove all files associated w ith SecureBridge or purchase a full license. Licenses can be purchased for the follow ing editions of SecureBridge: SecureBridge Standard E dition and SecureBridge Standard E dition w ith Source Code. To purchase a license for SecureBridge, please visit w w w .devart.com/sbridge/ordering.html . If you have any questions regarding licensing, please contact sales@devart.com. Editions Full licenses can be purchased for the follow ing editions of SecureBridge: SecureBridge Standard E dition and SecureBridge Standard E dition w ith Source Code. Users can evaluate SecureBridge w ith SecureBridge Trial E dition under the E valuation License. Subscriptions The SecureBridge Subscription program is an annual maintenance and support service for SecureBridge users. Users w ith a valid SecureBridge Subscription get the follow ing benefits: hen they are released Access to new versions of SecureBridge w Access to all SecureBridge updates and bug fixes Product support through the SecureBridge Priority Support program Notification of new product versions If you have any questions regarding licensing or subscriptions, please see the contact sales@devart.com.
22
Trial Limitations The SecureBridge E valuation License lets you try SecureBridge Trial E dition for a period of 60 days. There are no functionality limitations in SecureBridge Trial E dition during the trial period for most supported IDE s, except the follow ing: ritten in C++Builder require the corresponding IDE to be .NE T applications and applications w launched on the client w orkstation if they use SecureBridge Trial E dition ith SecureBridge Trial E dition, you w ill need to include the If you are deploying a project built w SecureBridge library files in your application deployment package. For more information, consult the Deployment topic.
23
13 Getting Support
This page lists several w ays you can find help w ith using SecureBridge and describes the SecureBridge Priority Support program. Support Options There are a number of resources for finding help on installing and using SecureBridge. You can find out more about SecureBridge installation or licensing by consulting the Licensing section. You can get community assistance and technical support on the SecureBridge Community Forum. You can get advanced technical assistance by SecureBridge developers through the SecureBridge Priority Support program. If you have a question about ordering SecureBridge or any other Devart product, please contact sales@devart.com. SecureBridge Priority Support SecureBridge Priority Support is an advanced product support service for getting expedited individual assistance w ith SecureBridge-related questions from the SecureBridge developers themselves. Priority Support is carried out over email and has a tw o business day response policy. Priority Support is available for users with an active SecureBridge Subscription. To get help through the SecureBridge Priority Support program, please send an email to sbridge@devart. com describing the problem you are having. M ake sure to include the follow ing information in your message: The version of Delphi or C++Builder you are using. Your SecureBridge Registration number. Full SecureBridge edition name and version number. A detailed problem description. If possible, a small test project that reproduces the problem. Please include definitions for all objects of other schemas and avoid using third-party components.
24
14 Using SecureBridge
14.1 Secure connections destination
SSH (Secure Shell) and SSL (Secure Sockets Layer) are protocols for secure access to remote computers over insecure communication channels. Secure communication over non-secure netw orks generally involves three major areas of concern: privacy, authentication, and integrity. Privacy There is a possibility of an unauthorized access w hen transferring confidential information. To prevent the unauthorized access, data encryption is used. It is practically impossible to transform encrypted data to the initial view w ithout the secret key if a good encryption algorithm is used. It w as designed a quantity of algorithms for data encryption that differ in reliability and encryption speed. The SSH and SSL protocols support several algorithms of symmetric encryption and let using different algorithms for passed and received data. When using these algorithms, it is necessary to have a secret session key, that is used for data encryption and decryption. Both SSH and SSL generate keys before beginning of data exchange. Also they allow regenerating this key w hen w orking to avoid cracking the key. Authentication Secure communications require that the individuals communicating know the identity of those w ith w hom they communicate. When the client tries to establish the connection to the server, it is necessary to be sure that the server is authentic (not supposititious). Also the server should verify w hether the client is allow ed co connect to it. To implement such requirements, asymmetric encrypting algorithms are used. In these algorithms a pair of keys is used. The first key, named private key, serves for encrypting or signing data blocks. The second key, named public key, serves for decryption data and signature verification. When pretty long keys are used, it is not possible to determine the private key for a reasonable time interval if the public key is know n. E ach secure server must have a pair of keys. In order to authenticate the sever, the client must have a public key/certificate of the server. When creating the secure connection to authenticate the server, the client verifies the key/certificate and signature received from the server using by the public key that the client has. If the verification passes, the server is considered valid. There are several w ays to authenticate the client. The first w ay is w hen the server verifies user name passw ord. The second w ay is w hen the client has a pair of his ow n keys or a certificate, and the public key has to be passed to the server. At that the client authentication is analogous to the server authentication described above. Integrity It is necessary to be sure that the data transferred through an insecure channel is not changed or lost. For that data integrity checking is required. Integrity check of the received data is often done by sending not only the original data but also a verification message about that data. This message is called digital signature. Both the data and the
25
verification message can be sent w ith a digital signature that proves the origin of both.
26
14.2 SSH specific
14.2.1 SSH-tunnel principles

SSH (Secure Shell) is the protocol for secure access to remote computers over insecure communication channels. The general chart of computer ties w hen connecting through the SSH tunnel is presented below :
C1, C2, ..., Cn - computers from the client side of the SSH tunnel. S1, S2, ..., Sn - computers from the server side of the SSH tunnel. This can be a database server, http server, or just other client computers. This connection method provides the secure connection betw een SSH client and SSH server that can go through insecure communication channels, like Internet. Connections betw een Si and SSH server, and betw een SSH client and Ci are insecure, therefore they should go through secure communication channels. In the confluent case, Si and SSH server can be located on the same computer. The same is related to the SSH client and Ci. The principle of w orking of the SSH connections is described below . The SSH server listens to the specified TCP/IP port. When SSH client tries to connect to this port, the SSH server authenticates the client. If the authentication passes, the connection is established. Then the client should create connections to Si objects. The SSH client sends an inquiry to establish necessary connection to SSH server, and the server establishes it. Also you can w ork in port forw arding mode. Port forw arding, or tunneling, is a w ay to forw ard otherw ise insecure TCP traffic through SSH Secure Shell. There are tw o kinds of port forw arding: Local port forw arding and Remote port-forw arding. Local port-forwarding
27
In this mode the SSH client listens the specified port. If a Ci computer from the client side of the tunnel needs to connect to the server S, Ci should connect to SSH client and the SSH client creates the secure channel to S via the SSH server. Remote port-forwarding
In this mode SSH client sends a request to SSH to listen a specific port. If a Si computer from the server side w ants to connect to the client C, Si should connect to the SSH server through the specified port, and the SSH server w ill create a secure channel to C through the SSH client.
28
14.2.2 Attack types and countermeas ures

This article includes the general description of possible attack types on data transferred through insecure are, and recommendations for increasing data protection level. 1. Fitting seed for random number generator This kind of attack allow s attacker to decrypt data transferred through netw ork and read it. The encrypted data can be intercepted and saved locally for future decryption. SSH protocol binds each session key to the session by including random, session specific data in the hash used to produce session keys. It it necessary to ensure that all of the random numbers are of good quality, so the pseudo-random number generator should be cryptographically secure (i.e., its next output not easily guessed even w hen know ing all previous outputs). SecureBridge uses a pseudo random number generator having high cryptographic security and high enough entropy. Also there is a possibility for user to assign the initial random sequence that w ill be used for generating random numbers. This sequence can be formed by using processor steps counter, system timer information, or information of random mouse movements or pressure of keyboard keys. Recommendation: To ensure high protection level, you should use a reliable initial sequence for random number generator. The sequence can be based, for example, on information about random mouse movements. 2. Symmetric encryption algorithms cracking SecureBridge uses different encryption algorithms, such as 3DE S, Blow fish, Tw ofish, Cast128, AE S, and others. They have no vulnerabilities found till now . SecureBridge supports session key changing provided by SSH protocol. As a rule changing the session key after transferring of certain data amount is enough to prevent an attacker from cracking the key. CBC encryption mode (contains previous block encrypting output) of some ciphers is theoretically vulnerable to cipher-text attacks because of the high predictability of the start of packet sequence. How ever, this attack is deemed difficult and not considered fully practicable, especially if relatively long block sizes are used. In addition, CBC mode vulnerability can be reduced w ith insertion of packets, containing random data. Recommendation: Use the RekeyLimit property (Client.Options, Server.Options) for determining what data size should be transferred before session key is regenerated. 3. Data substitution This kind of attacks consists in the follow ing: attacker gets access to the data packet transferred through insecure netw ork area, changes it and, and transmits further. To determine w hether the data w as changed w hen transferring through the insecure area, data integrity checking methods are used. SecureBridge, w ithin the bounds of the SSH protocol, inserts the M AC field into every sending packet. This field is calculated on basis of session key, packet sequence number and packet contents. SHA1 hashing algorithm, w hich is secure enough, is basically used for M AC field calculation. Because M ACs use a 32-bit sequence number, they might start to leak information after 2**32 packets have been sent. Changing the session key after transfer of certain data amount increases degree of data protection. 4. Man-in-the-middle There are some cases of man-in-the-middle attacks to consider. If the attacker tries to connect betw een the client and the server before the client initiates the connection. When the client initiates session, attacker, that mimics SSH server, offers its server public key. If the client already has the server public key, it can verify the key sent by attacker, and w arn the user about this spurious server public key. If the user does not accept this unverified key, attacker w ill not be able to make this attack w ork since the attacker w ill not be able to correctly sign packets containing this session-specific data from the server, since he does not have the private key of that
29
server. If the server public key w as not securely delivered to the client and then verified, the client risk to accept the key substituted by the attacker, and the client cannot be sure that it is connected to the authentic server. This lets attacker to intercept and change the data transferred betw een the server and the client. Server administrators must make host key fingerprints available for checking by some means w hose security does not rely on the integrity of the actual host keys. Possible mechanisms may include certification by a trusted certification authority (CA), secured Web pages, physical pieces of paper, etc. In summary, the use of this protocol w ithout a reliable association of the binding betw een a host and its host keys is inherently insecure and is not recommended. Recommendation: It is necessary to care of safe server public keys transferring (see the Keys transferring topic). 5. Denial of Service (DoS) attack One of few w eaknesses of the SSH protocol is vulnerability to Denial of Service attacks. Attacker can heap server w ith authentication requests that takes all server computational resources, and the server becomes unable to handle inquiries. One of the w ays to resolve this problem is to allow connecting only from a subset of clients know n to have valid users. Recommendation: Setup the MaxStartups server option of TScSSHServer, that specifies the maximum number of concurrent unauthenticated connections. 6. Server substitution when password authentication The passw ord authentication mechanism assumes that the server has not been compromised. So, a violator can mimic an SSH server for the client that initiates the authentication procedure and recognize the passw ord, that is fraught w ith serious consequences. This vulnerability can be mitigated by using an alternative form of authentication, like public key authentication. 7. Client substitution when public key authentication Public key authentication assumes that client public key passed to the server is not compromised. To ensure that the client public key accepted by the server is not substituted, it is recommended to use pass phrases on private keys, smart cards, or other technology. Recommendation: Keep the private client key in an encrypted form specifying the Password and Algorithm properties of a Storage object. The public key should be transferred to the server with maximum caution to prevent key substitution. (see the Keys transferring topic).
30
14.2.3 Keys trans ferring

When creating a connection betw een an SSH client and an SSH server, often asymmetric encryption algorithms and keys are used for authentication (see the TScKey description). One of sides generates a pair of keys - private key and public key. The private key is used for signing data. Public key is used for signature verification. It should be passed to another side. It is important to take care about safe keys transferring. Note: The private key should be protected and it should be know n only to another side. The is a possibility to intercept and substitute the public key w hen transferring. ill not be Key interception does not have any consequences. If a violator obtains a public key, he w able to read or change any data transferred through an SSH channel. ill have a possibility to replace the SSH server w ith When the public key is substituted, the violator w his ow n computer. This lets the violator to intercept and to change data that is transferred betw een the client and the server. ill have a possibility to replace the user's If the public key of the client is substituted, the violator w computer w ith his ow n computer and have an access to the SSH server. There are several w ays for safe keys transferring. 1. Key can be transferred though secure communication links. How ever, in most cases this method is unacceptable by technical reasons. Therefore other w ays are used. 2. When obtaining a key form the other side, you should create a print from the key and verify it in any reliable w ay, for example by a phone. How ever, you should trust the person you are talking to. To get a finger print, you can use the GetFingerprint method of the TScKey class. 3. You can pass the signature of the key along w ith the key itself. The receiver verifies the key and the signature. If the signature is correct, the key is considered valid. In this case it is required both sides to have a certificate that w ill be used for signing the transferred key. This certificate can be obtained from one of tw o sources: A certificate authority (CA) such as VeriSign or GTE can provide certificates, or a privately controlled certificate server can issue certificates as w ell. To create a certificate, you should create a paid of keys. The private key remains on your computer, w hereas the public key should be passed to CA for certification. After that the each side w ill be able to verify received certificate contacting w ith the corresponding CA. 4. One more w ay is to transfer the key along w ith its signature encrypted by asymmetric algorithms using certificates. For information on how to get certificates, see above.
31
14.2.4 Step-by-s tep tutorial

14.2.4.1 SSH specif ic.Conf iguring and starting the SSH server
When setting up the SSH server, first of all the storage should be set. It is used to store keys and user list that can connect to the server. Storage setup Place the TScFileStorage or TScRegStorage component onto the form. Specify the path to store information about keys and users in the Path or KeyPath property. First of all you should create a pair of keys that w ill be used for authentication server by the client. Keys generating Open the editor of the storage object (double click on the component) and go to the Keys page. Press the New button to add a new key. Select an algorithm and a key length. Press the Generate button to generate a new key. A pair of keys must be created for the each used asymmetric algorithm. Pass the created public key to the server (see the Keys transferring topic). It is required to add to the storage the information about the each user that w ill be connected to the SSH server. Users creation Open the Users page of the storage editor. Press the New button to create a new user. Specify the user name. Select available authentication methods. If the authentication by a passw ord is used, specify a passw ord for the user. This passw ord should by pretty complicated to be hard to crack it. If the authentication by a public key is used, specify the key for the user. This key is generated by the client and should be passed to the server carefully (see the Keys transferring topic). Press the "Import from..." button to import the key from a file. SSH server setup Place the TScSSHServer component onto the form. Select required storage in the Storage property. Specify names of the generated server keys for the RSA or DSA algorithm in the KeyNameRSA or KeyNameDSA property correspondingly. Start the SSH server by setting the Active property to True.
14.2.4.2 SSH specif ic.SSH client setup
Use storage to store public server key, and private key w hen setting the SSH client. Private key is used in case of using the authentication method by key. Storage setup Place the TScFileStorage or TScRegStorage component onto the form.
32
Specify the path to be used to store information about keys in the Path / KeyPath property ow ays to It is required to obtain server public key in order to authenticate the server. There are tw obtain this key: 1. The key can be previously obtained from the server as described in the Keys transferring topic. 2. Upon the first connect to the server you receive its public key that has to be stored in the storage for the future use to authenticate the server. How ever, in this case the key is passed through the unprotected channel and can be substituted by a malefactor. Add obtained key to the storage: 1. Open the component editor of the storage component by double click on the component and select the Keys tab. 2. Add a new key by pressing the New button. 3. Type the key name. 4. Import information from the obtained file by using the "Import from..." button. If the authentication by a key is used, it is required to create the user key: 1. Open the component editor of the storage component by double click on the component and select the Keys tab. 2. Pressing the New button and type the key name. 3. Choose the algorithm to use and the needed key length. 4. Push the Generate button to generate a new key. 5. E xport the public key and pass it to the server in order to the server be able to authenticate the client. SSH client setup Place the TScSSHClient component onto the form. Select a storage object in the KeyStorage property. hich the SSH server is located in the HostName property. Specify the host name on w Specify the server public key in the HostKeyName property. Specify the user name in the User property. Choose authentication algorithm in the Authentication property. ord is used, specify passw ord in the Passw ord property. If authentication by passw If authentication by key is used, specify the private key name in the PrivateKeyName property. The HostName value is used as a default key name. You can find steps to create a new key above in this topic. E stablish connection to the server setting the Connected property to True. You should create an SSH channel in order to exchange data w ith a remote host. SSH channel setup Place the TScSSHChannel component onto the form. Select an SSH client in the Client property. hich the connection Specify the host name in DestHost and the TCP/IP port number in DestPort to w should be established. hich w ill be forw arded to the remote host to Specify the port number in SourcePort, data from w w hich the connection is established. Open the SSH channel setting the Connected property to True. Random numbers generating When establishing a connection to the SSH server, random numbers for creating session keys are generated. These keys w ill be used in the data encryption algorithms. For getting random numbers, pseudo random number generators are used. Before using the pseudo random number generator, you should initialize it, by setting a start seed value. This seed value can be obtained in different w ays: using
33
processor step counter, sound card noise, information of random mouse movements, or pressure of keyboard keys. How ever, the first tw ow ays is not reliable. One of such w ays is implemented in the SSHClient demo. When using the SecureBridge component library, you should pass a sequence of the random values to the Randomize method of the global Random object.
14.2.4.3 SSH specif ic.MySQL Data Access Components integration
In order to create a secure connection via SSH tunnel betw een M ySQL Data Access Components ( M yDAC) and M ySQL, you should use the TM ySSHIOHandler component. This component is an adapter betw een a database client and an SSH client. The secure connection can be used to transfer data through unprotected communication channels, like Internet. The communication chart betw een database client and database server w ith use of TM ySSHIOHandler is presented in the follow ing diagram:
Data exchange betw een TM yConnection and TScSSHClient w hich plays as an SSH client is safe because it is carried out by calling methods of TM ySSHIOHandler w ithin the single application. Connection betw een SSH server and M ySQL server is not secure, therefore you should take care that it goes through secure communication channels. Step-by-step setup of MySSHIOHandler Place the TScSSHClient component onto the form and setup it to connect to the SSH server as described in the Client setup topic. Place the TM ySSHIOHandler component onto the form. Select the TScSSHClient object in the Client property. Place the TM yConnection component onto the form and setup it to connect to the M ySQL server. Assign the TM ySSHIOHandler object to the IOHandler property of TM yConnection. Connection to M ySQL server by setting TM yConnection.Connected to True.
34
14.3 SSL specific
14.3.1 SSL principles

SSL (Secure Sockets Layer) is the protocol for secure access to remote computers over insecure communication channels. The SSL protocol runs above TCP/IP and below higher-level protocols such as HTTP or IM AP. It uses TCP/IP on behalf of the higher-level protocols, and in the process allow s an SSL-enabled server to authenticate itself to an SSL-enabled client, allow s the client to authenticate itself to the server, and allow s both machines to establish an encrypted connection. These capabilities address fundamental concerns about communication over the Internet and other TCP/IP netw orks: s a user to confirm a server's identity. SSL-enabled client softw are SSL server authentication allow can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted CAs. This confirmation might be important if the user, for example, is sending a credit card number over the netw ork and w ants to check the receiving server's identity. s a server to confirm a user's identity. Using the same techniques as SSL client authentication allow those used for server authentication, SSL-enabled server softw are can check that a client's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the server's list of trusted CAs. This confirmation might be important if the server, for example, is a bank sending confidential financial information to a customer and w ants to check the recipient's identity. een a client and a server to be An encrypted SSL connection requires all information sent betw encrypted by the sending softw are and decrypted by the receiving softw are, thus providing a high degree of confidentiality. Confidentiality is important for both parties to any private transaction. In addition, all data sent over an encrypted SSL connection is protected w ith a mechanism for detecting tampering--that is, for automatically determining w hether the data has been altered in transit.
35
14.3.2 Step-by-s tep tutorial

14.3.2.1 SSL specif ic.SSL client setup
Use storage to store server and client certificates w hen setting the SSL client. Server certificate is used for the authentication of a SSL server. Client certificates can be used for the client authentication. In this case the certificate must contain the private key. Storage setup Place one of the storage components onto the form: TScCryptoAPIStorage, TScFileStorage, or TScRegStorage. Specify the path to be used to store information about certificates in the CertStoreName / Path / KeyPath property (depending on the the storage component type). Add server and client certificates to the storage: 1. Open the editor of the storage component by double click on it, and select the Certificates tab. 2. Add a new certificate by pressing the New button. 3. Type the certificate name. 4. Import information from a file that contains a certificate by using the "Import from..." button. SSL client setup Place the TScSSLClient component onto the form. hich the SSL server is located. In the HostName property specify the name of the host on w ith the SSL server. In the Port property specify the port number for TCP/IP connection w Select already created storage object in the Storage property. Specify the server certificate in the CACertName property. If necessary, specify the client certificate in the CertName property. E stablish connection to the server setting the Connected property to True. To make the connection secure, turn the IsSecure property to True. Random numbers generating When establishing connection to an SSL server, random numbers for creating session keys are generated. These keys w ill be used in the data encryption algorithms. For getting random numbers, pseudo random number generators are used. Before using the pseudo random number generator, you should initialize it, by setting a start seed value. This seed value can be obtained in different w ays: using processor step counter, sound card noise, information of random mouse movements, or pressure of keyboard keys. How ever, the first tw ow ays is not reliable. One of such w ays is implemented in the SSHClient demo. When using the SecureBridge component library, you should pass a sequence of the random values to the Randomize method of the global Random object.
14.3.2.2 SSL specif ic.MySQL Data Access Components integration
In order to create a secure connection via SSL betw een M ySQL Data Access Components (M yDAC) and M ySQL server, you should use the TM ySSLIOHandler component. This component is an adapter betw een a database client and an SSL client. The secure connection can be used to transfer data through unprotected communication channels, like Internet. The communication chart betw een database client and database server w ith use of TM ySSLIOHandler is presented in the follow ing diagram:
36
Data exchange betw een TM yConnection and TScSSLClient w hich plays as an SSL client is safe because it is carried out by calling methods of TM ySSLIOHandler w ithin the single application. Step-by-step setup of MySSLIOHandler Place the TM ySSLIOHandler component onto the form. ill find in Select a storage object in the Storage property. M ore information about storage setup you w the SSL client setup topic. Specify the server certificate in the CACertName property. Specify the client certificate in the CertName property. Place the TM yConnection component onto the form and setup it to connect to the M ySQL server. Assign the TM ySSLIOHandler object to the IOHandler property of TM yConnection. Connect to M ySQL server by setting TM yConnection.Connected to True.
37
15 SecureBridge Alphabetical Object and Component Listing

15.1 EScError
15.1.1 Description
Unit ScSSHUtil Description E ScE rror arise, w hen an error occurs in SecureBridge classes, for example w hen interaction betw een SSH client and SSH server, or w hen w orking w ith keys . Use E ScE rror in exception-handling blocks.
38
15.2 EScSFTPError
15.2.1 Description
Unit ScSFTPUtils Description E ScSFTPE rror arises, w hen the SFTP server returns an error and client is in the NonBlocking = False mode. The E rrorCode property contains the code of the error returned by the server. Use E ScSFTPE rror in exception-handling blocks.
39
15.2.2 Properties
15.2.2.1 EScSFTPError.ErrorCode
property ErrorCode: integer; Description The E rrorCode property holds the code of the error returned by the server. Here is a list of the constants of possible error codes: SSH_FX_OK SSH_FX_EOF SSH_FX_NO_SUCH_FILE SSH_FX_PERMISSION_DENIED SSH_FX_FAILURE SSH_FX_BAD_MESSAGE SSH_FX_NO_CONNECTION SSH_FX_CONNECTION_LOST SSH_FX_OP_UNSUPPORTED SSH_FX_INVALID_HANDLE SSH_FX_NO_SUCH_PATH SSH_FX_FILE_ALREADY_EXISTS SSH_FX_WRITE_PROTECT SSH_FX_NO_MEDIA SSH_FX_NO_SPACE_ON_FILESYSTEM SSH_FX_QUOTA_EXCEEDED SSH_FX_UNKNOWN_PRINCIPAL SSH_FX_LOCK_CONFLICT SSH_FX_DIR_NOT_EMPTY SSH_FX_NOT_A_DIRECTORY SSH_FX_INVALID_FILENAME SSH_FX_LINK_LOOP SSH_FX_CANNOT_DELETE SSH_FX_INVALID_PARAMETER SSH_FX_FILE_IS_A_DIRECTORY SSH_FX_BYTE_RANGE_LOCK_CONFLICT SSH_FX_BYTE_RANGE_LOCK_REFUSED SSH_FX_DELETE_PENDING SSH_FX_FILE_CORRUPT SSH_FX_OWNER_INVALID SSH_FX_GROUP_INVALID = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; 17; 18; 19; 20; 21; 22; 23; 24; 25; 26; 27; 28; 29; 30;
40
15.3 TScCertBasicConstraintsExtension
15.3.1 Description
Unit ScBridge Description The TScCertBasicConstraintsE xtension class provides read-only properties that describe the basic constraint set on a certificate. These constraints are used during the certificate chain verification process. The CertificateAuthority property identifies w hether the certificate is a Certification Authority (CA) certificate. It is set to True for all CA certificates. The PathLengthConstraint determines w ether the chain path length constraint must be applied to the certificate. If this constraint is present, the PathLengthConstraint property value must be greater than the number of already processed CA certificates, starting w ith the end-entity certificate and moving up the chain. This constraint can be omitted if all of the higher level CA certificates in the chain does not include this constraint w hen the extension is present. The Public-Key Infrastructure (X.509) w orking group (PKIX) recommends that this extension should not appear in end-entity certificates. See Also TScCertE xtension
41
15.3.2 Properties
15.3.2.1 TScCertBasicConstraintsExtension.Certif icateAuthority
property CertificateAuthority: Boolean; Description Use this property to determine if the certificate is a certification authority (CA) certificate. This property is read-only.
15.3.2.2 TScCertBasicConstraintsExtension.HasPathLengthConstraint
property HasPathLengthConstraint: Boolean; Description A certificate issuer can restrict the number of levels in a certificate path. This property indicates w hether the certificate has this restriction. If this value is True, you can use the PathLengthConstraint property to determine the number of levels allow ed. This property is read-only. See Also PathLengthConstraint
15.3.2.3 TScCertBasicConstraintsExtension.PathLengthConstraint
property PathLengthConstraint: Integer; Description If a certificate has a constraint on the number of levels in the certificate path, this property indicates how many levels are allow ed. This property is read-only. See Also HasPathLengthConstraint
42
15.4 TScCertEnhancedKeyUsageExtension
15.4.1 Description
Unit ScBridge Description A TScCertE nhancedKeyUsageE xtension is a collection of object identifiers (OIDs) that indicate the applications that use the key. The enhanced key usage extension indicates the purposes for w hich the certified public key may be used. These purposes may be in addition to or in place of the basic purposes indicated in TScCertKeyUsageE xtension. The enhanced key usage must include Online Certificate Status Protocol (OCSP) signing in an OCSP responder's certificate. The exception is that the CA signing key that signed the certificates validated by the responder is also the OCSP signing key. The OCSP responder's certificate must be issued directly by the CA that signs certificates the responder w ill validate. The TScCertKeyUsage, TScCertE nhancedKeyUsage, and TScCertBasicConstraints extensions act together to define the purposes for w hich the certificate is intended to be used. Applications can use these extensions to disallow the use of a certificate in inappropriate contexts. See Also TScCertE xtension
43
15.4.2 Properties
15.4.2.1 TScCertEnhancedKeyUsageExtension.EnhancedKeyUsages
type TScOIdsList = class(TObjectList) public property OIds[Index: Integer]: TScOid; default; end; property EnhancedKeyUsages: TScOIdsList; Description Gets the collection of object identifiers (OIDs) that indicate the applications that use the key. Use TScOIdsList.OIds[Index] to obtain a pointer to a specific TScOid. The Index parameter indicates the index of the object identifier. 0 is the index of the first object identifier. This property is read-only. See Also TScOid
44
15.5 TScCertExtension
15.5.1 Description
Unit ScBridge Description The TScCertE xtension class is used for certificate extensions support. Certificate extensions represent information fields that contain an additional certificate information. Certificate extensions let extending abilities of the basic data standard of the X.509 certificate. Several fields of the extension contain an additional information about certificate identification. Other fields contain an additional information about certificate encryption abilities. In its most basic form, an X.509 extension has an object identifier (Oid), a Boolean value describing w hether the extension is considered critical or not (Critical), and ASN-encoded data (Raw Data). See Also TScCertificate.E xtensions TScCertBasicConstraintsE xtension TScCertKeyUsageE xtension TScCertE nhancedKeyUsageE xtension TScCertSubjectKeyIdE xtension
45
15.5.2 Properties
15.5.2.1 TScCertExtension.Critical
property Critical: Boolean; Description Use this property to determine w hether an extension is critical. This property is read-only.
15.5.2.2 TScCertExtension.Oid
property Oid: TScOid; Description This property can be used to provide information about the Abstract Syntax Notation One (ASN.1) encoded data, such as the algorithm used to encrypt the data. This property is read-only. See Also Raw Data TScOid
15.5.2.3 TScCertExtension.RawData
property RawData: TBytes; Description A byte array that represents the Abstract Syntax Notation One (ASN.1) encoded data. This property is read-only. See Also Raw Data
46
15.6 TScCertificate
15.6.1 Description
Unit ScBridge Description The TScCertificate class is used for w orking w ith X.509 certificates. The X.509 structure originated in the International Organization for Standardization (ISO) w orking groups. This structure can be used to represent various types of information including identity, entitlement, and holder attributes. The certificate contains a public key, and some additional information (e. g. information about the certification center produced the certificate, information about certificate user, the service period of the certificate, etc.). Certificates can be used for organizations authentication, for authenticity verification of transferred information, and for data encryption. Certificates can be stored in different formats. To load/save a certificate in one of formats, you should use the ImportFrom or E xportTo methods correspondingly. To store a set of certificates in storage, the CertificateList property is used. The TScCertificate lets you to sign data w ith the private key, w hich associated w ith the certificate, and verify signature w ith the certificate public key by using the Sign and VerifySign methods. The data signing is used for checking data integrity. Also TScCertificate lets encrypting and decrypting information using E ncrypt and Decrypt methods. See Also TScStorage
47
15.6.2 Properties
15.6.2.1 TScCertif icate.Certif icateList
property CertificateList: TScCertificateList ; Description This property is used for automatic loading and storing certificates in Storage. If the certificate w as not loaded or imported, and you are trying to invoke functions that use data of the certificate, it is automatically loaded from underlying Storage using CertName. See Also Ready CertificateList.Storage
15.6.2.2 TScCertif icate.CertName
property CertName: string; Description The certificate name is used for automatic loading and saving the certificate in CertificateList. See Also TScStorage
15.6.2.3 TScCertif icate.Extensions
type TScExtensionsList = class(TObjectList) public property Extensions[Index: Integer]: TScCertExtension ; default; end; property Extensions: TScExtensionsList; Description Gets a collection of TScCertE xtension objects. The extensions defined in the X.509 certificate format allow additional data to be included in the certificate. It is set automatically w hen loading or importing certificates. Use TScE xtensionsList.E xtensions[Index] to obtain a pointer to a specific extension. The Index parameter indicates the index of the extension. 0 is the index of the first extension. This property is read-only. See Also TScCertE xtension
15.6.2.4 TScCertif icate.Issuer
property Issuer: string; Description
48
The name of the certificate authority that issued the X.509 certificate. It is set automatically w hen loading or importing the certificate. This property is read-only. See Also IssuerName Subject
15.6.2.5 TScCertif icate.IssuerName
property IssuerName: TScDistinguishedName ; Description Gets the distinguished name of the certification authority that issued the certificate. It is set automatically w hen loading or importing the certificate. This property is read-only. See Also Issuer SubjectName
15.6.2.6 TScCertif icate.Key
property Key: TScKey; Description The asymmetric key of RSA or DSA types associated w ith a certificate. The key is automatically loaded on certificate load. You can use the Key.IsPrivate property to determine w hether the key is private or public. In order to associate a private key w ith this certificate, use Key.ImportFrom. At the same time the public key and the key to be imported must be equivalent, otherw ise an exception w ill be raised. It is not allow ed to import a public key. This property is read-only.
15.6.2.7 TScCertif icate.NotAf ter
property NotAfter: TDateTime; Description Gets the date in local time after w hich a certificate is no longer valid. It is set automatically w hen loading or importing the certificate. This property is read-only. See Also NotBefore
15.6.2.8 TScCertif icate.NotBef ore
property NotBefore: TDateTime; Description Gets the date in local time on w hich a certificate becomes valid. It is set automatically w hen loading or importing the certificate. This property is read-only.
49
See Also NotAfter

15.6.2.9 TScCertif icate.Ready
property Ready: Boolean; Description This property determines w hether the certificate is ready to use. Set Ready to True, to load data from CertificateList automatically. If the CertificateList is not assigned, an exception w ill be raised. Note: If the certificate w as not loaded or imported, and you are trying to invoke functions that use data of the certificate, it is automatically loaded from the underlying Storage using CertName. See Also CertName CertificateList
15.6.2.10 TScCertif icate.SerialNumber
property SerialNumber: string; Description The serial number of the certificate. It is a unique number issued by the certificate issuer, w hich is also called the Certification Authority. It is set automatically w hen loading or importing the certificate. This property is read-only.
15.6.2.11 TScCertif icate.SignatureAlgorithm
property SignatureAlgorithm: TScOid; Description SignatureAlgorithm identifies the type of signature algorithm used by the certificate. It is set automatically w hen loading or importing the certificate. This property is read-only.
15.6.2.12 TScCertif icate.Subject
property Subject: string; Description The subject name from the certificate. It is set automatically w hen loading or importing the certificate. This property is read-only. See Also SubjectName Issuer
15.6.2.13 TScCertif icate.SubjectName
property SubjectName: TScDistinguishedName ;
50
Description Gets the distinguished name of the certificate user. It is set automatically w hen loading or importing the certificate. This property is read-only. See Also Subject IssuerName
15.6.2.14 TScCertif icate.Version
property Version: Integer; Description Gets the X.509 format version of a certificate. It property is set automatically w hen loading or importing a certificate. This property is read-only.
51
15.6.3 Methods
15.6.3.1 TScCertif icate.Decrypt
function Decrypt(const buf: TBytes): TBytes; Description Use the Decrypt method to decrypt data using the private key associated w ith the certificate. The function returns the source data passed to the E ncrypt method. If the certificate key is not private (Key. IsPrivate = False), an exception w ill be raised. Note: If the Ready property is False, the certificate w ill be automatically loaded. See also E ncrypt
15.6.3.2 TScCertif icate.Encrypt
function Encrypt(const buf: TBytes): TBytes; Description Use the E ncrypt method, to encrypting information using the certificate key. The method returns encrypted information. To decrypt the information, use the Decrypt method. Note: If the Ready property is False, the certificate w ill be automatically loaded. See also Decrypt
15.6.3.3 TScCertif icate.Equals
function Equals(Certificate: TScCertificate ): Boolean; Description Use the E quals function to compare content of tw o certificates. If parameters of both certificates coincide , the method returns True. Note: If the Ready property of either of certificates is False, the certificate w ill be loaded automatically.
15.6.3.4 TScCertif icate.ExportTo
procedure ExportTo(const FileName: string; const CertFormat: TScCertificateFormat ); ov procedure ExportTo(Stream: TStream; const CertFormat: TScCertificateFormat ); overload; Description Use this method to export the certificate to file or to stream. The certificate can be stored in different formats. Parameters:
52
hich the certificate w ill be exported. If the file w ith the FileName - specifies the file name in w specified name does not exist, in w ill be created. The existent file w ill be overw ritten. hich the certificate w ill be exported. Data w ill be appended to Stream - pointer to the stream in w the stream. hich w ill be used for storing the certificate. CertFormat - the data format w See also ImportFrom
15.6.3.5 TScCertif icate.GetFingerprint
type TScHashAlgorithm = (haSHA1, haMD5); procedure GetFingerprint( const HashAlg: TScHashAlgorithm; out Fingerprint: TBytes); overload; procedure GetFingerprint( const HashAlg: TScHashAlgorithm; out Fingerprint: string); overload; Description Returns the certificate thumbprint into the Fingerprint parameter. The print is formed by using the specified hash algorithm in the HashAlg parameter. See also Ready
15.6.3.6 TScCertif icate.ImportFrom
procedure ImportFrom(const FileName: string); overload; procedure ImportFrom(Stream: TStream); overload; Description Imports the certificate from the specified file or stream. The certificate can be stored in different formats. Format is determined automatically w hen loading the certificate. Parameters: hich the certificate w ill be imported. If the file does not FileName - determined the file name from w exists, an exception w ill be raised. Stream - a pointer to the stream that holds data for importing the certificate. Note: If the certificate is loaded successfully, all properties becomes assigned, and the Ready property is set to True . See also E xportTo
15.6.3.7 TScCertif icate.Sign
type TScSignAlgorithm = (saSHA1, saMD5, saHMAC, saSSL3_SHAMD5);
53
function Sign(const Data: TBytes; AlgId: TScSignAlgorithm = saSHA1): TBytes ; Description Use the Sign function, to sign necessary data by using the private key, w hich is associated w ith the certificate. The function returns the signature of the specified data. If the certificate key is not private ( Key.IsPrivate = False), the exception w ill be raised. Use this signature to verify the data integrity. If the data substitution is possible w hen the data is transferred, it is required to transfer the data signature along w ith the data itself. In this case the receiver must have the public constituent of the key, that is used to verify the signature. To verify the signature, use the VerifySign function. Note: If the Ready property is False, the certificate w ill be automatically loaded. See also VerifySign
15.6.3.8 TScCertif icate.Verif ySign
type TScSignAlgorithm = (saSHA1, saMD5, saHMAC, saSSL3_SHAMD5); function VerifySign(const Data: TBytes; const Sign: TBytes; AlgId: TScSignAlgorithm = saSHA1): boolean; Description The VerifySign method verifies w hether the signature is correct for specified Data using the certificate key. If the signature is correct, the function returns True. To get the data signature, the Sign function should be used. Note: If the Ready property is False, the certificate w ill be automatically loaded. See also Sign
54
15.7 TScCertificateList
15.7.1 Description
Unit ScBridge Description TScCertificateList is used by a storage to manage the certificate objects that correspond to certificates in the storage. Use the properties and methods of TScCertificateList to: access a specific certificate; add a new certificate object or delete persistent certificate objects from the list; find out how many certificates there are. See also TScCertificate
55
15.7.2 Properties
15.7.2.1 TScCertif icateList.Count
property Count: Integer; Description Use Count to determine the number of certificates referenced by the TScCertificateList object. See Also Certificates
15.7.2.2 TScCertif icateList.Certif icates
property Certificates[Index: Integer]: TScCertificate ; default; Description Use Certificates to obtain a TScCertificate object from the list. The Index parameter indicates the index of the certificate, w here 0 is the index of the first certificate, 1 is the index of the second certificate, and so on. Use Certificates w ith the Count property to iterate through all of the certificates in the list. See Also Count
15.7.2.3 TScCertif icateList.Storage
property Storage: TScStorage; Description Check the value of the Storage property to determine the storage that is associated w ith the TScCertificateList object. Applications should not directly assign this property. It is assigned automatically w hen the CertificateList is created. See Also TScStorage
56
15.7.3 Methods
15.7.3.1 TScCertif icateList.Add
procedure Add(Cert: TScCertificate ); Description Inserts a new certificate Cert to the end of the Certificates array. At that the CertificateList property of Cert is replaced to the current TScCertificateList object, and the information about the Cert is saved to the Storage. See Also TScCertificate
15.7.3.2 TScCertif icateList.Certif icateByName
function CertificateByName(const CertName: string): TScCertificate ; Description Call CertificateByName to determine if a specified certificate is referenced in the TScCertificateList object. CertName is the name of the certificate for w hich to search. If CertificateByName finds a certificate w ith a matching name, it returns the TScCertificate object for the specified certificate. Otherw ise it raises an exception. If there is several certificates w ith the same name in the list, this method w ill alw ays return the TScCertificate object for the first certificate in the list. Note: CertificateByName differs from the FindCertificate method only w hen the named certificate is not in the list. When the certificate is not found, FindCertificate returns nil, w hile CertificateByName raises an exception. See also FindCertificate
15.7.3.3 TScCertif icateList.CheckCertif icateName
procedure CheckCertificateName( const CertName: string); Description Checks for the certificate specified by CertName in the Certificates property array. If the certificate w ith the specified name is already listed, CheckCertificateName raises the E ScE rror exception. See Also TScCertificate E ScE rror
15.7.3.4 TScCertif icateList.Clear
procedure Clear; Description Deletes all certificates. Clear empties the Certificates array property, frees the memory used to store the
57
array and deletes the certificates from the Storage. See Also TScCertificate
15.7.3.5 TScCertif icateList.FindCertif icate
function FindCertificate(const CertName: string): TScCertificate ; Description Call FindCertificate to determine if a specified certificate appears in the list. CertName is the name of the certificate for w hich to search. If FindCertificate finds a certificate w ith a matching name, it returns the TScCertificate object for the specified certificate. Otherw ise it returns nil. If there is several certificates w ith the same name in the list, this method w ill alw ays return the TScCertificate object for the first certificate in the list. Note: FindCertificate differs from the CertificateByName method only w hen the named certificate is not in the list. When the certificate is not found, FindCertificate returns nil, w hile CertificateByName raises an exception. See also CertificateByName
15.7.3.6 TScCertif icateList.GetCertif icateNames
procedure GetCertificateNames(List: TStrings); Description Call GetCertificateNames to fill the List w ith the certificate names for all certificates in the Certificates array. List is a TStrings descendant created and maintained by the application. See also TScCertificate
15.7.3.7 TScCertif icateList.IndexOf
function IndexOf(Cert: TScCertificate ): Integer; Description Call IndexOf to get the index for a certificate in the Certificates array. Specify the certificate as the Cert parameter. The first certificate in the array has index 0, the second certificate has index 1, and so on. If a certificate is not in the Certificates array, IndexOf returns -1. See also TScCertificate
58
15.7.3.8 TScCertif icateList.Ref resh
procedure Refresh; Description Reloads certificate list in the Certificates array from Storage. See also Storage.Certificates
15.7.3.9 TScCertif icateList.Remove
procedure Remove(Cert: TScCertificate ); Description Deletes the reference to the Cert parameter from the Certificates array and delete the certificate from Storage. After a certificate is removed, all of the items that follow it are moved up in index position and Count is reduced by one. See also TScCertificate
59
15.8 TScCertKeyUsageExtension
15.8.1 Description
Unit ScBridge Description The TScCertKeyUsageE xtension class uses the flags in the TScKeyUsageFlags enumeration to define key usage. A certificate lets a subject to perform certain tasks. In order to control usage of a certificate out of designated scopes, the corresponding restrictions are automatically included in the certificate. KeyUsageE xtension is a restriction method that determines, for w hat purposes the certificate can be used. This lets to produce certificates that can be used both for tasks restricted by certain scopes, and for different tasks. See Also TScCertE xtension
60
15.8.2 Properties
15.8.2.1 TScCertKeyUsageExtension.KeyUsages
type TScKeyUsageFlag = (kfCrlSign, kfDataEncipherment, kfDecipherOnly, kfDigitalSignature, kfEncipherOnly,kfKeyAgreement, kfKeyCertSign, kfKeyEncipherment, kfNonRepudiation, kfNone); TScKeyUsageFlags = set of TScKeyUsageFlag; property KeyUsages: TScKeyUsageFlags; Description This property returns a value from the TScKeyUsageFlags enumeration that indicates how the certificate key can be used. This property is read-only. Value kfCrlSign kfDataEncipherment kfDecipherOnly kfDigitalSignature kfEncipherOnly kfKeyAgreement kfKeyCertSign kfKeyEncipherment kfNonRepudiation kfNone Meaning The key can be used to sign a Certificate Revocation List (CRL). The key can be used for data encryption. The key can be used for decryption only. The key can be used as a digital signature. The key can be used for encryption only. The key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm. The key can be used to sign certificates. The key can be used for key encryption. The key can be used for authentication. No key usage parameters.
61
15.9 TScCertSubjectKeyIdExtension
15.9.1 Description
Unit ScBridge Description The TScCertKeyUsageE xtension class defines a string that identifies a certificate's subject key identifier (SKI). The SKI provides a unique identification for the subject of the certificate. The SKI is often used w hen w orking w ith XM L digital signing. The SKI extension identifies the public key certified by this certificate. This extension provides a w ay of distinguishing public keys if more than one is available for a given subject name. See Also TScCertE xtension
62
15.9.2 Properties
15.9.2.1 TScCertSubjectKeyIdExtension.SubjectKeyIdentif ier
property SubjectKeyIdentifier: string; Description SubjectKeyIdentifier is a string, encoded in hexadecimal format, that represents the subject key identifier (SKI). The SKI provides a unique identification for the subject of the certificate. The SKI is often used w hen w orking w ith XM L digital signing. This property is read-only.
63
15.10 TScCheckFileReplyExtension
15.10.1 Description
Unit ScSFTPUtils Description The TScCheckFileReplyE xtension class holds the server answ er for the CheckFile extension query. See Also CheckFile CheckFileByHandle
64
15.10.2 Properties
15.10.2.1 TScCheckFileReplyExtension.HashAlgorithm
property HashAlgorithm: string; Description The HashAlgorithm property defines the hash algorithm that w as actually used.
15.10.2.2 TScCheckFileReplyExtension.Hashes
property Hashes[Index: Integer]: TBytes; Description The Hashes property holds the computed hashes.
15.10.2.3 TScCheckFileReplyExtension.HashesCount
property HashesCount: Integer; Description The HashesCount property holds the number of the computed hashes.
65
15.11 TScCryptoAPIStorage
15.11.1 Description
Unit ScCryptoAPIStorage Description TScCryptoAPIStorage is used for storing information about keys and certificates in system and external certificate storages. It w orks through CryptoAPI. CryptoAPI is an application programming interface that can add authentication, encoding, and encryption to Window s-based applications. Use the CertProviderType property to specify the provided type w hich determines w here the certificates w ill be stored. Keys are stored in system key containers. E ach container has an unique system name for each ProviderName . Objects are loaded automatically w hen the Certificates and Keys properties are accessed. TScCryptoAPIStorage does not let storing information about users, therefore an exception w ill be raised w hen accessing to the Users property. See Also TScCertificate TScKey TScUser
66
15.11.2 Properties
15.11.2.1 TScCryptoAPIStorage.CertLocation
type TScCertLocation = (clCurrentUser, clCurrentUserGroupPolicy, clLocalMachine, clLocalMachineEnterprise, clLocalMachineGroupPolicy, clCurrentService, clServices, clUsers); property CertLocation: TScCertLocation; Description Use this property to specify a system store location. Usage of this property is related on the value of the CertProviderType property. Default value is clCurrentUser.
15.11.2.2 TScCryptoAPIStorage.CertProviderType
type TScCertProviderType = (ptMemory, ptFile, ptRegistry, ptSystem, ptSystemRegistry, ptPhysical); property CertProviderType: TScCertProviderType; Description Specifies the provider type. It determines w here certificates w ill be stored. Usage of CertLocation and CertStoreName properties is related to the value of CertProviderType. Default value of this property is ptSystem. Value ptMemory Meaning Creates a certificate store in cached memory. Typically used to create a temporary store. The CertLocation and CertStoreName properties are not used for this provider type. Initializes the store w ith certificates from a file. The CertStoreName specifies the patch to the file w ith data. If the file w ith specified name does not exists w hen accessing the storage, the provider w ill try to create it. If the file exists, the storage w ill load certificates list from the file into the Certificates property. The CertLocation property is not used. When the storage refers to the underlying file, it opens it and blocks so that other application cannot open it. Initializes the store w ith certificates from a registry subkey. A registry key should be specified in the CertStoreName property, w here the certificate list is stored. If the specified key does not exist, the provider w ill try to create it. The CertLocation property indicates the root key for the storage. Initializes the store w ith certificates from the specified system store. The system store is a logical collection store that consists of one or
ptFile
ptRegistry
ptSystem
67
more physical sibling stores. After the system store is opened, all of the physical stores that are associated w ith it are also opened and are added to the system store collection. The CertLocation indicates the system store location. The CertStoreName specifies the system store name. For each system store location, the predefined systems stores are: 'M Y', 'Root', 'Trust', 'CA'. ptSystemRegistry E nters into storages set determined by ptSystem. Initializes the store w ith certificates from a physical registry store. The CertLocation indicates the system store location. The CertStoreName specifies a system store name. For each system store location, the predefined systems stores are: 'M Y', 'Root', 'Trust', 'CA'. E nters into storages set determined by ptSystem. Initializes the store w ith certificates from a specified physical store. The CertLocation indicates the system store location. The CertStoreName consists of tw o parts separated w ith an intervening backslash (\), for example Root\.LocalM achine. Where Root is the name of the system store, and .LocalM achine is the name of the physical store.
ptPhysical
See Also CertLocation CertStoreName

15.11.2.3 TScCryptoAPIStorage.CertStoreName
property CertStoreName: string; Description Use this property to specify a store name. Usage of this property depends on the CertProviderType property value. Default value of this property is 'M Y'. See Also CertProviderType
15.11.2.4 TScCryptoAPIStorage.ProviderName
property ProviderName: string; Description The name of a cryptographic provider. Cryptographic provider - an independent softw are module that actually performs cryptography algorithms for authentication, encoding, and encryption. The default provider w ill be used if the value of this property equals to an empty string. It is recommended to use the default provider. See also GetProviderNames
68
15.11.3 Methods
15.11.3.1 TScCryptoAPIStorage.GetProviderNames
procedure GetProviderNames(List: TStrings); Description Call GetProviderNames to fill the List w ith the cryptographic service providers available on a computer. List is a TStrings descendant created and maintained by the application. Cryptographic service provider is an independent softw are module that actually performs cryptography algorithms for authentication, encoding, and encryption. See also ProviderName
69
15.12 TScDistinguishedName
15.12.1 Description
Unit ScBridge Description This class is like an extension to the SubjectName or IssuerName property, w hich is the name of the person or entity that the certificate is being issued to. This class contains a data set in the follow ing form: Object Identifier (OID) = Value. To access OIDs use the Names property. To get a value of an OID, use the Values property. Count determines data set count. See Also TScCertificate.IssuerName TScCertificate.SubjectName
70
15.12.2 Properties
15.12.2.1 TScDistinguishedName.Count
property Count: integer; Description This property specifies the number of pairs "Object Identifier (OID) -> Value" in the list. This property is read-only.
15.12.2.2 TScDistinguishedName.Name
property Name: string; Description Gets the comma-delimited distinguished name from an X.509 certificate. This property is read-only.
15.12.2.3 TScDistinguishedName.Names
property Names[Index: integer]: string; Description Use Names to obtain the Object Identifier (OID). The Index parameter indicates the index of the OID , w here 0 is the index of the first OID , 1 is the index of the second OID , and so on. This property is read-only. Use Names w ith the Count property to iterate through all of the OIDs in the list.
15.12.2.4 TScDistinguishedName.Values
property Values[const Name: string]: string; Description You can use Values for getting the value for specified Name. This property is read-only. To iterate through all of the values in the list, use the ValueFromIndex and Count properties.
15.12.2.5 TScDistinguishedName.ValueFromIndex
property ValueFromIndex[Index: integer]: string; Description Use ValueFromIndex to get the corresponding Object Identifier (OID). The Index parameter indicates the index of the Value, w here 0 is the index of the first Value, 1 is the index of the second Value, and so on. This property is read-only. Use ValueFromIndex w ith the Count property to iterate through all of the values in the list.
71
15.13 TScFilenameTranslationControlExtension
15.13.1 Description
Unit ScSFTPUtils Description If the server included the 'filename-charset' extension initialization extensions, a client M AY send this extension to turn off server translation to UTF-8. See Also FilenameCharset FilenameCharsetAvailable RequestE xtension
72
15.13.2 Properties
15.13.2.1 TScFilenameTranslationControlExtension.DoTranslate
property DoTranslate: Boolean; Description Set the DoTranslate property to true for server to enable filename translation to UTF-8. If this property is set to false, server disables filename translation.
73
15.14 TScFileStorage
15.14.1 Description
Unit ScBridge Description TScFileStorage is used for storing information about keys, users and certificates in files. Use the Path property to specify the path to store files. The information about keys and users can be stored in encrypted form. Use the Algorithm and Passw ord properties to specify encryption algorithm and passw ord for storing objects in encrypted form. Objects are loaded automatically w hen the Certificates, Keys and Users properties are accessed. See Also TScCertificate TScKey TScUser
74
15.14.2 Properties
15.14.2.1 TScFileStorage.Algorithm
property Algorithm: TScSymmetricAlgorithm ; Description Information about keys and users can be stored in encrypted form. Use Algorithm to specify encrypting algorithm w hich w ill be used for encoding and decoding files w hen saving and loading. Note: If the Passw ord property is not assigned, files w ill not be encrypted w hen saving.
15.14.2.2 TScFileStorage.Password
property Password: string; Description Information about keys and users can be stored in encrypted form. Use this property to specify the passw ord w hich w ill be used for encoding and decoding files w hen saving and loading. If the Passw ord property is not assigned, files w ill not be encrypted w hen saving.
15.14.2.3 TScFileStorage.Path
property Path: string; Description Use this property to specify w hat directory w ill be used to store files that hold the information about certificates, keys and users. This information is loaded automatically w hen the Certificates, Keys and Users properties are accessed. Default value of this property is '.'. It means that the files w ill be stored in your application directory.
75
15.15 TScIdIOHandler
15.15.1 Description
Unit ScIndy Description The TScIdIOHandler component is a w rapper for TScSSHChannel w ith an Indy-compatible interface. See Also TScSSHChannel TScSSHClient
76
15.15.2 Properties
15.15.2.1 TScIdIOHandler.Client
property Client: TScSSHClient; Description Determines secure physical connection betw een the client and the SSH server that w ill be used for data transferring.
77
15.16 TScKey
15.16.1 Description
Unit ScBridge Description The TScKey class is used for w orking w ith asymmetric keys of RSA and DSA types. The algorithm of the key is determined by the Algorithm property. In asymmetric encryption tw o key are used. The first key is used for data decryption and signing (private key), the second key is used for data encrypting (public key). TScKey lets you w orking both w ith private and public keys. The private key contains both parts - private part and public part. You can use the IsPrivate property to determine w hether the key is private or public. The key length is determined by the BitCount property. The more key length, the higher its firmness to breaking. The TScKey class lets you generating new keys by using the Generate method. To store keys, different formats are used. To load or save a key in one of formats, you should use the ImportFrom or E xportTo methods correspondingly. To store a set of keys in storage, the KeyList property is used. The TScKey lets you to sign data w ith the private key and verify signature w ith the public key by using the Sign and VerifySign methods. The data signing is used for checking data integrity. Also TScKey can encrypt and decrypt data w ith E ncrypt and Decrypt methods. See Also TScStorage
78
15.16.2 Properties
15.16.2.1 TScKey.Algorithm
property Algorithm: TScAsymmetricAlgorithm ; Description The Algorithm property stores the name of asymmetric algorithm. It is set automatically w hen loading, importing, or generating the key. This property is read-only. See Also Generate
15.16.2.2 TScKey.BitCount
property BitCount: integer; Description The BitCount property stores the length of the key. It is set automatically w hen loading, importing, or generating the key. This property is read-only. See Also Generate
15.16.2.3 TScKey.IsPrivate
property IsPrivate: Boolean; Description Determines w hether the key is private or public. It is set automatically w hen loading, importing, or generating the key. The private key alw ays contains the public key. This property is read-only. See Also ImportFrom E xportTo
15.16.2.4 TScKey.KeyList
property KeyList: TScKeyList; Description This property is used for automatic loading and storing keys in Storage. If the key w as not loaded or generated, and you are trying to invoke functions that use data of the key, it is automatically loaded from underlying Storage using KeyName. See Also Ready KeyList.Storage
79
15.16.2.5 TScKey.KeyName
property KeyName: string; Description The key name is used for automatic loading and saving the key in KeyList. See Also TScStorage
15.16.2.6 TScKey.Ready
property Ready: Boolean; Description This property determines w hether the key is ready to use. Set Ready to True, to load data from KeyList automatically. If the KeyList is not assigned, an exception w ill be raised. This property is set automatically w hen the key is generated. Note: If the key w as not loaded or generated, and you are trying to invoke functions that use data of the key, it is automatically loaded from underlying Storage using KeyName. See Also KeyName KeyList Generate
80
15.16.3 Methods
15.16.3.1 TScKey.Decrypt
function Decrypt(const buf: TBytes): TBytes; Description Use the Decrypt method to decrypt data using the private key. This method returns the source data that w as encrypted by the E ncrypt method. If the Ready property is False, the key w ill be automatically loaded. Note: If the key is not private (IsPrivate = False), the exception w ill be raised. See also E ncrypt
15.16.3.2 TScKey.Encrypt
function Encrypt(const buf: TBytes): TBytes; Description Use the E ncrypt method, to encrypt data using the public key. This function returns an encrypted data. To decrypt data, use the Decrypt method. Note: If the Ready property is False, the key w ill be automatically loaded. See also Decrypt
15.16.3.3 TScKey.Equals
function Equals(Key: TScKey): Boolean; Description Use the E quals function to compare content of tw o keys. If data of both keys coincide, the function returns True. If either of keys is a public key, only public constituents of keys are compared. If both keys are private, both public and private constituents of keys are compared. If the Ready property of either of the keys is False, the key w ill be loaded automatically.
15.16.3.4 TScKey.ExportTo
type TScKeyFormat = (kfDefault, kfDER, kfPKCS8, kfPKCS8enc, kfIETF); procedure ExportTo(const FileName: string; const PublicKeyOnly: Boolean; const Password: string; const Cipher: TScSymmetricAlgorithm = saTripleDES; const KeyFormat: TScKeyFormat = kfDefault; const Comment: string = ''); overload; procedure ExportTo(Stream: TStream; const PublicKeyOnly: Boolean; const Password: string; const Cipher: TScSymmetricAlgorithm = saTripleDES; const KeyFormat: TScKeyFormat = kfDefault; const Comment: string = '');
81
overload; Description Use this method to export the key to file or to stream. The key can be exported in different formats. Some formats let store only private keys, other - both private and public. It is possible to store the key in encrypted form to protect it from illegal access. In this case you should specify encryption algorithm and passw ord. Some formats also let you store additional information about the key except key data. Parameters: hich the key w ill be exported. If the file w ith specified name FileName - specifies file name in w does not exist, in w ill be created. The existent file w ill be overw ritten. hich the key w ill be exported. Data w ill be appended to the Stream - pointer to the stream in w stream. hether only the public key or both public and private keys w ill be PublicKeyOnly - determines, w exported. If the current key contains only public constituent, an attempt to save the private key w ill lead to raising the exception. ord that is used by encryption algorithm for storing the key in Password - determines passw encrypted form. If the Passw ord is not specified, the key w ill be stored in open form. Cipher - encryption algorithm name that is used for storing the key in encrypted form. hich w ill be used for storing the key. KeyFormat - the data format w Comment - an additional information defined by user. Note: You can only store the public keys in open form. Therefore, w hen you try to save a public key w ith the Passw ord parameter assigned, an exception w ill be raised. Value kfDefault Meaning The format, that is used by OpenSSH. Lets you store both private and public keys. You can add a comment w hen saving the public key. Data can be stored in both open and encrypted form. Stores only private keys in open form. Data is stored as a sequence of bytes w ith no transformation. Lets you store only private keys in open form. Lets you store only private keys in encrypted form. This format lets you store both private and public keys. Data can be stored in open or encrypted form. You can add a comment w hen storing the key.
kfDER
kfPKCS8 kfPKCS8enc kfIETF
See also ImportFrom Generate

15.16.3.5 TScKey.Generate
procedure Generate(const Algorithm: TScAsymmetricAlgorithm ; const BitCount: integer; Random: TScRandom = nil);
82
Description Generates a new key, and if the KeyName and KeyList parameters are specified, automatically saves it. If the key is created successfully, the Ready property is set to True. Random data, that is generated by the specified random number generator, is used for generating keys. If Random is nil, the default random number generator is used. Parameters: Algorithm - asymmetric algorithm that determines type of the key to be generated. BitCount - key length in bits. Random - pointer to the random number generator that is used for getting random data. Note: The key length determines the firmness to breaking. Now for usual tasks the recommended key length is 1024 bits, for crucial tasks - 2048 bits. See also E xportTo ImportFrom
15.16.3.6 TScKey.GetFingerprint
type TScHashAlgorithm = (haSHA1, haMD5); procedure GetFingerprint( const HashAlg: TScHashAlgorithm; out Fingerprint: TBytes); overload; procedure GetFingerprint( const HashAlg: TScHashAlgorithm; out Fingerprint: string); overload; Description Returns the key print into the Fingerprint parameter. The print is formed by using the specified hash algorithm HashAlg. See also Ready
15.16.3.7 TScKey.ImportFrom
procedure ImportFrom(const FileName: string; const Password: string; out Comment: string); overload; procedure ImportFrom(const FileName: string; const Password: string = ''); overload; procedure ImportFrom(Stream: TStream; const Password: string; out Comment: string); overload; procedure ImportFrom(Stream: TStream; const Password: string = ''); overload; Description Imports the key from the specified file or stream. The key can be stored in different formats. Format is determined automatically w hen loading the key. Some formats lets store the key in the encrypted form. If the key w as encrypted, it is required to specify the passw ord for decryption.
83
Parameters: hich the key w ill be imported. If the file does not FileName - determined the file name from w exists, the exception w ill be raised. Stream - a pointer to the stream that holds data for importing the key. ord that is used for data decryption. Password - the passw hen saving the key is returned by this Comment - additional information specified by the user w parameter. Note: If the key is loaded successfully, the Algorithm, BitCount, IsPrivate becomes assigned, and the Ready property is set to True . See also E xportTo Generate
15.16.3.8 TScKey.Sign
function Sign(const Data: TBytes): TBytes; Description Use the Sign function, to sign necessary data by using the private key. The function returns the signature of the specified data. Use this signature to verify the data integrity. If the data substitution is possible w hen the data is transferred, it is required to transfer the data signature along w ith the data itself. In this case the receiver must have the public constituent of the key, that is used to verify the signature. To verify the signature use the VerifySign function. Note: If the Ready property is False, the key w ill be automatically loaded. Note: If the key is not private (IsPrivate = False), the exception w ill be raised. See also VerifySign
15.16.3.9 TScKey.Verif ySign
function VerifySign(const Data: TBytes; const Sign: TBytes): Boolean; Description The VerifySign function verifies w hether the signature is correct for specified Data using the public key. If the signature is correct, the function returns True. To get data signature the Sign function should be used. Note: If the Ready property is False, the key w ill be automatically loaded. See also Sign
84
15.17 TScKeyList
15.17.1 Description
Unit ScBridge Description TScKeyList is used by a storage to manage the key objects that correspond to keys in the storage. Use the properties and methods of TScKeyList to: Access a specific key. Add or delete persistent key objects from the list. Find out how many keys there are. See also TScKey
85
15.17.2 Properties
15.17.2.1 TScKeyList.Count
property Count: Integer; Description Use Count to determine the number of keys referenced by the TScKeyList object.
15.17.2.2 TScKeyList.Keys
property Keys[Index: Integer]: TScKey; default; Description Use Keys to obtain a pointer to a specific key. The Index parameter indicates the index of the key, w here 0 is the index of the first key, 1 is the index of the second key, and so on. Set Keys to assign the properties of another key object to one of the keys in the list. Use Keys w ith the Count property to iterate through all of the keys in the list.
15.17.2.3 TScKeyList.Storage
property Storage: TScStorage; Description Check the value of the Storage property to determine the storage that is associated w ith the TScKeyList object. Applications should not directly assign the Storage property of a KeyList. It is assigned automatically w hen the KeyList is created.
86
15.17.3 Methods
15.17.3.1 TScKeyList.Add
procedure Add(Key: TScKey); Description Inserts a new key to the end of the Keys array. At that the KeyList property of the key is replaced to the current TScKeyList object and the key becomes stored in Storage. Note: When adding a key, the Ready property of the key must be set to True.
15.17.3.2 TScKeyList.CheckKeyName
procedure CheckKeyName(const KeyName: string); Description Checks if a key name already exists in the TScKeyList object. CheckKeyName checks for the key specified by KeyName in the Keys property array. If the key w ith the specified name is already listed, CheckKeyName raises an E ScE rror exception w ith the duplicate key name error message.
15.17.3.3 TScKeyList.Clear
procedure Clear; Description Deletes all keys from the TScKeyList object. Clear empties the Keys property array, frees the memory used to store the array and delete the keys from the Storage.
15.17.3.4 TScKeyList.FindKey
function FindKey(const KeyName: string): TScKey; Description Call FindKey to determine if a specified key is referenced in the TScKeyList object. KeyName is the name of the key for w hich to search. If FindKey finds a key w ith a matching name, it returns the TScKey object for the specified key. Otherw ise it returns nil. Note: FindKey differs from the KeyByName method only w hen the named key is not in the list. When the key is not found, FindKey returns nil, w hile KeyByName raises an exception. See also KeyByName
15.17.3.5 TScKeyList.KeyByName
function KeyByName(const KeyName: string): TScKey; Description Returns a key by specified key name. Call the KeyByName method to retrieve key information for a key w hen only the key's name is know n.
87
KeyByName returns the TScKey object for the specified key. If the key can not be found, an exception is raised. Note: KeyByName differs from the FindKey method only w hen the named key is not in the list. When the key is not found, FindKey returns nil, w hile KeyByName raises an exception. See also FindKey
15.17.3.6 TScKeyList.GetKeyNames
procedure GetKeyNames(List: TStrings); Description Call GetKeyNames to fill a list w ith the key names for all keys in the keys object. List is a TStrings descendant created and maintained by the application. See also TScKey
15.17.3.7 TScKeyList.IndexOf
function IndexOf(Key: TScKey): Integer; Description Call IndexOf to get the index for a key in the Keys array. Specify the key as the Key parameter. The first key in the array has index 0, the second key has index 1, and so on. If a key is not in the Keys array, IndexOf returns -1.
15.17.3.8 TScKeyList.Remove
procedure Remove(Key: TScKey); Description Deletes the reference to the Key parameter from the Keys array and delete the key from the Storage. After the key is removed, all of the items that follow it are moved up in index position and the Count is reduced by one.
15.17.3.9 TScKeyList.Ref resh
procedure Refresh; Description Reloads key list in the Keys array from the Storage. See also Storage.Keys
88
15.18 TScObjList
15.18.1 Description
Unit ScBridge Description TScObjList is an abstract class, w hich determines an interface to access lists of different object types (e. g. keys, users, certificates) stored in a storage. Use the properties and methods of TScObjList to: Find out how many objects there are. Reload the list from the storage. Save modified data in the storage. See also TScKeyList TScUserList TScCertificateList
89
15.18.2 Properties
15.18.2.1 TScObjList.Count
property Count: Integer; Description Use Count to determine the number of objects referenced by the TScObjList object.
15.18.2.2 TScObjList.Storage
property Storage: TScStorage; Description Check the value of the Storage property to determine the storage that is associated w ith the TScObjList object. Applications should not directly assign the Storage property of ObjList. It is assigned automatically w hen the ObjList is created.
90
15.18.3 Methods
15.18.3.1 TScObjList.Clear
procedure Clear; Description Deletes all objects from the TScObjList object. The Clear method empties the objects array, frees the memory used to store the array and delete the objects from the Storage.
15.18.3.2 TScObjList.Flush
procedure Flush; virtual; Description Use this method to force data saving in the physical storage.
15.18.3.3 TScObjList.Ref resh
procedure Refresh; Description Reloads object list in the array from the Storage.
91
15.19 TScOid
15.19.1 Description
Unit ScBridge Description The TScOid class represents a cryptographic object identifier. Cryptographic object identifiers consist of a value/name pair. If one property in a pair is set to a know n value, the other property is updated automatically to a corresponding value.
92
15.19.2 Properties
15.19.2.1 TScOid.FriendlyName
property FriendlyName: string; Description Gets or sets the friendly name of the identifier. If the Value property is set to a know n value, the FriendlyName is updated automatically to a corresponding value.
15.19.2.2 TScOid.Value
property Value: string; Description Gets or sets the dotted number of the identifier. If the FriendlyName property is set to a know n value, the Value is updated automatically to a corresponding value.
93
15.20 TScRandom
15.20.1 Description
Unit ScRng Description The TScRandom class implements functionality of a pseudo-random number generator. It produces a sequence of numbers that meet certain statistical requirements for randomness. The random number generation starts from a seed value. To set the start value, use the Randomize method. If the same seed is used repeatedly, the same series of numbers is generated. Seed can be generated by using processor step counter, system timer information, information of random mouse movements or pressure of keyboard keys. Note: Generation of a reliable starting sequence for the random-number generator is required to ensure high security level. To improve performance, create only one TScRandom object to generate many random numbers, instead of creating a new TScRandom object to generate one random number. See also TScRandom_LFSR Possible attack types and countermeasures
94
15.20.2 Methods
15.20.2.1 TScRandom.Randomize
{$IFNDEF CLR} procedure Randomize(Seed: Pointer; Count: integer); overload; {$ENDIF} procedure Randomize(const Seed: TBytes; const Offset, Count: Integer); overload; virtual; procedure Randomize(const Seed: TBytes); overload; procedure Randomize(const Seed: string); overload; procedure Randomize(Seed: TStream); overload; procedure Randomize; overload; Description Use the Randomize method to set a sequence of numbers, that w ill be used to generate a randomnumber sequence. If Randomize w ithout parameters is called, Seed based on the system timer readout is used. Parameters: Seed - the number sequence that is used for calculation of the starting value for a pseudo-random number sequence; Offset - zero-based byte offset in Seed, that points to the beginning of the data location; Count - data length.
15.20.2.2 TScRandom.Random
procedure Random(var buf: TBytes; const Offset, Count: integer); virtual; Description Fills the elements of a specified array of bytes w ith random numbers. To initialize the random number generator, add a call to Randomize before making any calls to Random. Parameters: Buffer - an array of bytes to keep random numbers; Offset - zero-based byte offset in Buffer, that points to the beginning of the data location to fill; Count - data length.
95
15.21 TScRandom_LFSR
15.21.1 Description
Unit ScRng Description This class is a descendant of the TScRandom class. It implements Linear Feedback Shift Register w ith variable Period from 2^32 -1 to 2^2032 -1 method for generating random numbers. Note: Generation of a reliable starting sequence for the random-number generator is required to ensure high security level. See also TScRandom Possible attack types and countermeasures
96
15.22 TScRegStorage
15.22.1 Description
Unit ScBridge Description TScRegStorage is used for storing information about keys, users and certificates in the system registry. Use the KeyPath property to specify the registry key to store the information. Information about keys and users can be stored in an encrypted form. Use the Algorithm and Passw ord properties to specify encryption algorithm and passw ord for storing objects in the encrypted form. Objects are loaded automatically w hen the Certificates, Keys and Users properties are accessed. See Also TScCertificate TScKey TScUser
97
15.22.2 Properties
15.22.2.1 TScRegStorage.Algorithm
property Algorithm: TScSymmetricAlgorithm ; Description Information about keys and users can be stored in an encrypted form. Use Algorithm to specify an encrypting algorithm w hich w ill be used for encoding and decoding files w hen saving and loading. Note: If the Passw ord property is not assigned, files w ill not be encrypted w hen saving.
15.22.2.2 TScRegStorage.Password
property Password: string; Description Information about keys and users can be stored in an encrypted form. Use this property to specify the passw ord w hich w ill be used for encoding and decoding files w hen saving and loading. If the Passw ord property is not assigned, files w ill not be encrypted w hen saving.
15.22.2.3 TScRegStorage.KeyPath
property KeyPath: string; Description Use this property to specify w hat registry key w ill be used to store registry values that hold the information about certificates, keys and users. This information is loaded automatically w hen the Certificates, Keys and Users properties are accessed. Default value of this property is '\SOFTWARE \SecureBridge\'.
15.22.2.4 TScRegStorage.RootKey
property RootKey: HKEY; Description Use RootKey to determine the hierarchy of subkeys that a Storage can access, or to specify the root key for the Storage. By default, RootKey is set to HKE Y_CURRE NT_USE R. To change the root key, specify a valid integer value for the RootKey property.
98
15.23 TScSFTPACEItem
15.23.1 Description
Unit ScSFTPUtils Description The TScSFTPACE Item class holds the parameters of the ACL (Access Control List) attribute (taken from NFS Version 4 Protocol [RFC3010]).
99
15.23.2 Properties
15.23.2.1 TScSFTPACEItem.AceFlags
type TScSFTPAceFlag = (afFileInherit, afDirectoryInherit, afNo_propagateInherit, afInheritOnly, afSuccessfulAccess, afFailedAccess, afIdentifierGroup); TScSFTPAceFlags = set of TScSFTPAceFlag; property AceFlags: TScSFTPAceFlags ; Description The AceFlags property holds a set of the Ace flags (taken from NFS Version 4 Protocol [RFC3010]).
15.23.2.2 TScSFTPACEItem.AceMask
type TScSFTPAceMaskItem = (amReadData, amListDirectory, amWriteData, amAddFile, amAppendData, amAddSubdirectory, amReadNamedAttrs, amWriteNamedAttrs, amExecute, amDeleteChild, amReadAttributes, amWriteAttributes, amDelete, amReadAcl, amWriteAcl, amWriteOwner, amSynchronize); TScSFTPAceMask = set of TScSFTPAceMaskItem; property AceMask: TScSFTPAceMask ; Description The AceM ask property holds a set of the ACE flags (taken from NFS Version 4 Protocol [RFC3010]).
15.23.2.3 TScSFTPACEItem.AceType
type TScSFTPAceType = (atAccessAllowed, atAccessDenied, atSystemAudit, atSystemAlarm); property AceType: TScSFTPAceType ; Description The AceType property holds the ACE type (taken from NFS Version 4 Protocol [RFC3010]).
15.23.2.4 TScSFTPACEItem.Who
property Who: string; Description The Who property holds a string of the form described in the Ow ner and Group properties. Also, there are several identifiers that need to be understood universally. Some of these identifiers cannot be understood w hen a client accesses the server, but have meaning w hen a local process accesses the file. The ability to display and modify these permissions is permitted over SFTP. OWNE R GROUP E VE RYONE The ow ner of the file. The group associated w ith the file. The w orld.
100
INTE RACTIVE NE TWORK DIALUP BATCH ANONYM OUS AUTHE NTICATE D SE RVICE
Accessed from an interactive terminal. Accessed via the netw ork. Accessed as a dialup user to the server. Accessed from a batch job. Accessed w ithout any authentication. Any authenticated user (opposite of ANONYM OUS). Access from a system service.
101
15.24 TScSFTPClient
15.24.1 Description
Unit ScSFTPClient Description The TScSFTPClient component serves for implementing the functionality of SFTP protocol that provides secure file transfer (and more generally - file system access). It is used to implement secure remote file system service as w ell as secure file transfer service. SFTP client runs over a secure channel using the SSH protocol. At this the SFTP client authentication is performed on the SSH protocol level. The secure connection is provided by an SSH client that can be assigned to the SSHClient property.
The TScSFTPClient component implements functionality of SFTP client. SFTP protocol provides secure file transfer (and more generally file system access). It is used to implement secure remote file system service, as w ell as secure file transfer service. SFTP client runs over secure channel using the SSH protocol. On that the SFTP client authentication is performed on the SSH protocol level. The secure connection is provided by an SSH client that can be assigned to the Client property. Use the ReadBlockSize and W riteBlockSize properties to increase the performance.
102
15.24.2 Properties
15.24.2.1 TScSFTPClient.Active
property Active: boolean; Description Use the Active property to determine w hether the connection to SFTP server is established.
15.24.2.2 TScSFTPClient.SSHClient
property SSHClient: TScSSHClient; Description Use the SSHClient property to determine the secure connection betw een an SSH client and the SSH server. This connection is used to exchange data. To create an SFTP connection, the SSHClient property should be set. This property can be set at design time by selecting a TScSSHClient object from the provided list. At runtime, set the SSHClient property to reference an existing TScSSHClient object.
15.24.2.3 TScSFTPClient.EOF
property EOF: boolean; Description Use the E OF property to determine that an attempt to read past the end-of-file w as made or that there are no more directory entries to return. This property has sense only w hen NonBlocking = False. See Also NonBlocking ReadDirectory ReadFile TextSeek
15.24.2.4 TScSFTPClient.NonBlocking
property NonBlocking: boolean; Description Use the NonBlocking property to determine the data transferring mode to use: synchronous or asynchronous. If NonBlocking is True, then all commands to the SFTP server w ill not block execution of other code in the application. Data is transferred in the asynchronous mode. The result of the command execution can be received only by processing corresponding event (for example, OnSuccess and OnE rror). If NonBlocking is False, then the result of command execution is returned by the method w hen returning control. The default value is False.
103
15.24.2.5 TScSFTPClient.ReadBlockSize
property ReadBlockSize: integer; Description Use the ReadBlockSize property to determine the maximum size of the data block that w ill be sent as one query to the SFTP server w hen reading a file. Use this property to increase the application performance. The default value is 32768. See Also ReadFile
15.24.2.6 TScSFTPClient.ServerProperties
property ServerProperties: TScSFTPServerProperties ; Description The ServerProperties property holds the detailed information about the current SFTP server that the server may send w hen establishing a connection. See Also TScSFTPServerProperties
15.24.2.7 TScSFTPClient.ServerVersion
type TScSFTPVersion = (vSFTP0, vSFTP1, vSFTP2, vSFTP3, vSFTP4, vSFTP5, vSFTP6); property ServerVersion: TScSFTPVersion; Description The ServerVersion property holds the version of the SFTP protocol that is used in the current connection. It is set w hen establishing a connection to the SFTP server (on the Initialize method call). This property is read-only. See Also Initialize
15.24.2.8 TScSFTPClient.Timeout
property Timeout: integer; Description Use the Timeout property to determine the amount of time during w hich the client makes attempts to obtain data from the server. It is measured in seconds. The default value is 15.
104
15.24.2.9 TScSFTPClient.Version
type TScSFTPVersion = (vSFTP0, vSFTP1, vSFTP2, vSFTP3, vSFTP4, vSFTP5, vSFTP6); property Version: TScSFTPVersion;
Description The Version property holds the version of the SFTP protocol the client is going to use. If the client w ants to interoperate w ith servers that support discontinued versions of the SFTP protocol, it should set this property to vSFTP3, and then use the OnVersionSelect event handler. The default value is vSFTP3. See Also Initialize OnVersionSelect
15.24.2.10 TScSFTPClient.WriteBlockSize
property WriteBlockSize: boolean; Description Use the WriteBlockSize property to determine the maximum size of the data block that w ill be sent to the SFTP server as one query w hen w riting to file. Use this property to increase the application performance. The default value is 32768. See Also W riteFile
105
15.24.3 Methods
15.24.3.1 TScSFTPClient.Block
type TScSFTPBlockMode = (bmRead, bmWrite, bmDelete, bmAdvisory); TScSFTPBlockModes = set of TScSFTPBlockMode; procedure Block(const Handle: TScSFTPFileHandle ; Offset, Count: Int64; BlockMode: TScSFTPBlockModes); Description Call the Block method to create a byte-range lock on the file specified by the handle. The lock can be either mandatory (the server enforces that no other process or client can perform operations violating the lock) or advisory (no other processes can obtain a conflicting lock, but the server does not enforce that no operation violates the lock). If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events. Note: This operation is supported starting w ith the version 6 of the SFTP protocol. Parameters: Handle - is a handle returned by OpenFile or OpenDirectory methods. Note that some servers may return the SSH_FX_OP_UNSUPPORTE D error if the handle is a directory handle. Offset - beginning of the byte-range to lock. Count - the number of bytes in the range to lock. The special value 0 means lock from Offset to the end of the file. BlockM ode - the blocking mode. Value Meaning bmRead the server guarantees that no other handle has been opened w ith TScSFTPDesiredAccessItem.amReadData access, and that no other handle w ill be opened w ith amReadData access until the client closes the handle. This applies both to other clients and to other processes on the server. bmWrite the server guarantees that no other handle has been opened w ith TScSFTPDesiredAccessItem.amReadData or TScSFTPDesiredAccessItem. amWriteData access, and that no other handle w ill be opened w ith amReadData or amWriteData access until the client closes the handle. This applies both to other clients and to other processes on the server. bmDelete the server guarantees that no other handle has been opened w ith TScSFTPDesiredAccessItem.amDelete access opened w ith the ofDeleteOnClose flag set, and that no other handle w ill be opened w ith the amDelete access or w ith the ofDeleteOnClose flag set, and that the file itself is not deleted in any other w ay until the client closes the handle. bmAdvisory if this flag is set, the above block modes are advisory. In the advisory mode, only other kinds of access that specify a block mode need to be considered w hen determining w hether the BLOCK can be granted, and the server does not prevent I/O operations that violate the block mode.
106
15.24.3.2 TScSFTPClient.CheckFile
procedure CheckFile(const FileName: string; StartOffset, Length: Int64; BlockSize: Integer; ReplyExtension: TScCheckFileReplyExtension = nil); Description Call the CheckFile method to check if a file (or its part) that client already has matches the one that is on the server. If the NonBlocking property is False, the method returns control after receiving an answ er from the server and w riting the results to the ReplyE xtension object. Otherw ise the result is w ritten to the ReplyE xtension object on executing the OnReplyCheckFile event. If the server returns an error, the OnE rror event is generated. Note: this request is not supported by all SFTP servers. Parameters: ill be returned. If FileName - the path to the file to check. If FileName is a directory, an error w FileName refers to a symbolic link, the target w ill be opened. StartOffset - the starting offset of the data to include to the hash. Length - the length of data to include to the hash. If the length is zero, all data from StartOffset to the end-of-file should be included. ill be computed over every block in the file. The size of BlockSize - an independent hash that w blocks is specified by BlockSize. The BlockSize must not be smaller than 256 bytes. If the block-size is 0, then only one hash over the entire range w ill be made. ReplyE xtension an object to w hich the computed hashes w ill be w ritten. If this parameter is set to nil or is not set at all, then the OnReplyCheckFile event should be processed. If the object is specified, it w ill be returned in the OnReplyCheckFile event handler.
15.24.3.3 TScSFTPClient.CheckFileByHandle
procedure CheckFileByHandle(const Handle: TScSFTPFileHandle ; StartOffset, Length: Int64; BlockSize: Integer; ReplyExtension: TScCheckFileReplyExtension = nil); Description Call the CheckFile method to check if a file (or its part) that client already has matches the one that is on the server. If the NonBlocking property is False, the method returns control after receiving an answ er from the server and w riting the results to the ReplyE xtension object. Otherw ise the result is w ritten to the ReplyE xtension object on executing the OnReplyCheckFile event. If the server returns an error, the OnE rror event is generated. Note: this request is not supported by all SFTP servers. Parameters: Handle - an open file handle returned by the OpenFile method. StartOffset - the starting offset of the data to include to the hash. Length - the length of data to include to the hash. If the length is zero, all data from StartOffset to the end-of-file should be included. ill be computed over every block in the file. The size of BlockSize - an independent hash that w blocks is specified by BlockSize. The BlockSize must not be smaller than 256 bytes. If the block-size is 0, then only one hash over the entire range w ill be made. hich the computed hashes w ill be w ritten. If this parameter is set ReplyE xtension - an object to w
107
to nil or is not set at all, then the OnReplyCheckFile event should be processed. If the object is specified, it w ill be returned in the OnReplyCheckFile event handler.
15.24.3.4 TScSFTPClient.CloseHandle
procedure CloseHandle(const Handle: TScSFTPFileHandle ); Description Call the CloseHandle method to close an opened file handle. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by processing the OnSuccess and OnE rror events. Parameters: Handle - is a handle previously returned in the response to OpenFile or OpenDirectory. The handle becomes invalid immediately after this command w as sent. See Also NonBlocking OnSuccess OnE rror OpenFile OpenDirectory
15.24.3.5 TScSFTPClient.CopyRemoteFile
procedure CopyRemoteFile(const Source, Destination: string; Overwrite: Boolean); Description Call the CopyRemoteFile method to copy a file from one location to another on the server. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events. Parameters: Source - holds the initial path to the file that is being copied. Destination - holds the destination path to copy the file to. rite - specifies w hether to overw rite the file w ith the same name if it exists. Overw See Also Active OnSuccess OnE rror
15.24.3.6 TScSFTPClient.CreateLink
procedure CreateLink(const LinkPath, TargetPath: string; Symbolic: boolean = True); Description Call the CreateLink method to create either hard or symbolic link on the server. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events.
108
Parameters: LinkPath - specifies the path name of the new link to create. hich the new -link-path w ill TargetPath - specifies the path of an existing file system object to w refer. Symbolic - the link should be a symbolic link, or a special file that redirects file system parsing to the resulting path. If Symbolic is false, the link should be a hard link, or a second directory entry referring to the same file or directory object. This parameter is supported starting w ith the version 4 of the SFTP protocol.
15.24.3.7 TScSFTPClient.Disconnect
procedure Disconnect; Description Call the Disconnect procedure to close an existing connection to the SFTP server. Disconnect sets the Active property to False. See Also Active
15.24.3.8 TScSFTPClient.DownloadFile
procedure DownloadFile(const Source, Destination: string; Overwrite: Boolean); Description Call the Dow nloadFile method to copy a file from remote machine to the local. To create local resulting file w ith the required attributes (for example, w ith the attributes corresponding to the ones that the file on the server has) process the OnCreateLocalFile event. By default file w ith default attributes is created. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events. Parameters: Source - holds the initial path to the file that is being copied. Destination - holds the destination path to copy the file to. rite - specifies w hether to overw rite the file w ith the same name if it exists. Overw See Also NonBlocking OnCreateLocalFile OnE rror OnSuccess
15.24.3.9 TScSFTPClient.Initialize
procedure Initialize; Description Call the Initialize procedure to establish a connection to the SFTP server. Initialize sets the Active property to True. If the Version property w as set to the version 3 of the SFTP server before establishing a connection, and the server supports higher versions of the SFTP protocol, then the OnVersionSelect event may be raised. At that user can choose the required version of the SFTP protocol. After the connection w as
109
established the method sets the ServerVersion and ServerProperties properties. See Also Active OnVersionSelect ServerProperties ServerVersion
15.24.3.10 TScSFTPClient.MakeDirectory
procedure MakeDirectory(const Path: string; Attributes: TScSFTPFileAttributes = nil); Description Call the M akeDirectory method to create new directory. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events. Parameters: Path - specifies the directory to be created. Attributes - specifies the attributes that should be applied to it upon creation (refer to TScSFTPFileAttributes) See Also TScSFTPFileAttributes
15.24.3.11 TScSFTPClient.OpenDirectory
function OpenDirectory(const Path: string): TScSFTPFileHandle ; Description Call the OpenDirectory method to open an existing directory on the server for enumeration. If NonBlocking is False, the method returns the directory handle. Otherw ise it returns nil, and to obtain the directory handle the OnOpenFile event should be processed. If the server returns an error, the OnE rror event is generated. The obtained directory handle may be used in other operations? for example, in ReadDirectory. When enumeration is complete, the handle must be closed using the CloseHandle method. Parameters: ithout any trailing slash). If Path does not Path - is the path name of the directory to be listed (w refer to a directory, the server returns an error. See Also CloseHandle OnE rror OnOpenFile OpenFile
15.24.3.12 TScSFTPClient.OpenFile
type TScSFTPFileOpenModeItem = (foRead, foWrite, foAppend, foCreate, foTrunc,
110
foExcl, foText); TScSFTPFileOpenModes = set of TScSFTPFileOpenModeItem; TScSFTPFileOpenMode = (fmCreateNew, fmCreateOrTruncate, fmOpenExisting, fmOpenOrCreate, fmTruncateExisting); TScSFTPFileOpenFlag = (ofAppendData, ofAppendDataAtomic, ofTextMode, ofNoFollow, ofDeleteOnClose, ofAccessAudit, ofAccessBackup, ofBackupStream, ofOverrideOwner); TScSFTPFileOpenFlags = set of TScSFTPFileOpenFlag; TScSFTPAceMaskItem = (amReadData, amListDirectory, amWriteData, amAddFile, amAppendData, amAddSubdirectory, amReadNamedAttrs, amWriteNamedAttrs, amExecute, amDeleteChild, amReadAttributes, amWriteAttributes, amDelete, amReadAcl, amWriteAcl, amWriteOwner, amSynchronize); TScSFTPDesiredAccessItem = TScSFTPAceMaskItem; TScSFTPDesiredAccess = set of TScSFTPDesiredAccessItem; function OpenFile(const FileName: string; Modes: TScSFTPFileOpenModes; Attributes: TScSFTPFileAttributes = nil): TScSFTPFileHandle ; overload; function OpenFile(const FileName: string; Mode: TScSFTPFileOpenMode; Flags: TScSFTPFileOpenFlags = []; BlockMode: TScSFTPBlockModes = []; Access: TScSFTPDesiredAccess = []; Attributes: TScSFTPFileAttributes = nil): TScSFTPFileHandle ; overload;
Description Call the OpenFile method to open or create a remote file. If the NonBlocking property is set to False, the method returns file handle. Otherw ise it returns nil, and to receive the file handle the OnOpenFile event should be processed. If the server returns an error, the OnE rror event is generated. The file handle that w as received may be used in other operations like ReadFile, W riteFile etc. After the w ork w ith the file handle w as finished, you should close it by calling the CloseHandle method. It is preferable to use the first overload method w ith the version 4 of the SFTP protocol or low er, and the second - w ith the version 5 or higher (that's w hy it has more parameters, and, as a result, has enhanced functionality). Parameters: FileName - the name of the file that is being opened. If FileName is the name of a directory, an error w ill be raised. M odes - flags for the file opening. Value foRead foWrite foAppend foCreate Meaning open the file for reading. open the file for w riting. If foRead is also specified, the file is opened for reading and w riting. force all w rites to append data to the end of the file. a new file w ill be created if one does not already exist (if foTrunc is specified, the new file w ill be truncated to zero length if it existed).
111
foTrunc
foText
forces an existing file w ith the same name to be truncated to zero length w hen creating a file by specifying foCreate. Causes the request to fail if the named file already exists. foCreate should also be specified if this flag is used. indicates that the server should treat the file as text and convert it to the canonical new line convention in use (refer to TScSFTPServerProperties.New line ). When a file is opened w ith the FXF_TE XT flag, the offset field in both read and w rite functions is ignored.
M ode - the mode of the file opening. Value fmCreateNew fmCreateOrTruncate fmOpenExisting Meaning a new file is created; if the file already exists, the server returns the SSH_FX_FILE _ALRE ADY_E XISTS error. a new file is created; if the file already exists, it is opened and truncated. an existing file is opened. If the file does not exist, the server returns the SSH_FX_NO_SUCH_FILE error. If a directory in the path does not exist, the server returns the SSH_FX_NO_SUCH_PATH or SSH_FX_NO_SUCH_FILE error. If the file exists, it is opened. If the file does not exist, it is created. an existing file is opened and truncated. If the file does not exist, the server returns the same error codes as defined for fmOpenE xisting.
fmOpenOrCreate fmTruncateExisting
Flags - a set of flags for file opening. Value ofAppendData ofAppendDataAtomic Meaning data is alw ays w ritten at the end of the file. The offset parameter of the WriteFile method is ignored. data is alw ays w ritten at the end of the file. The offset parameter of the WriteFile method is ignored. Data w ill be w ritten atomically so that there is no chance that multiple appenders can collide and result in data being lost. Indicates that the server should treat the file as text and convert it to the canonical new line convention in use (refer to TScSFTPServerProperties.New line ). When a file is opened w ith this flag, the offset field in the read and w rite functions is ignored. To support seeks on text files you can use the TextSeek method. if the final component of the path is a symlink, then the opening w ill fail, and the error SSH_FX_LINK_LOOP w ill be returned. the file should be deleted w hen the last handle to it is closed. (The last handle may not be an sftp-handle.) This M AY be emulated by the server if the OS doesn't support it by deleting the file w hen this handle is closed.
ofTextMode
ofNoFollow
ofDeleteOnClose
112
The client w ants the server to enable any privileges or extra capabilities that the user may have to allow the reading and w riting of AUDIT or ALARM access control entries. ofAccessBackup The client w ants the server to enable any privileges or extra capabilities that the user may have in order to bypass normal access checks for the purpose of backing up or restoring files. ofBackupStream This flag indicates that the client w ishes to read or w rite a backup stream. A backup stream is a system dependent structured data stream that encodes all information that must be preserved in order to restore the file from backup medium. ofOverrideOwner This flag indicates that the client w ishes the server to enable any privileges or extra capabilities that the user may have in order to gain access to the file w ith the WRITE _OWNE R permission. This bit must alw ays be specified in combination w ith TScSFTPDesiredAccessItem.amWriteOw ner. BlockM ode - the blocking mode of the file that is being opened ( refer to the Block method) Access - the rights for the file access that are a combination of values of the ace-mask flags. If the server cannot grant the access desired, it returns the SSH_FX_PE RM ISSION_DE NIE D error. The meaning of these flags is given in [RFC3010]. Attributes - specifies the initial attributes for the file. Parameter is ignored if an existing file is opened. ofAccessAudit See Also Block CloseHandle NonBlocking OnOpenFile OnE rror ReadFile OpenDirectory TScSFTPServerProperties.New line W riteFile
15.24.3.13 TScSFTPClient.QueryAvailableSpace
procedure QueryAvailableSpace(const Path: string; ReplyExtension: TScSpaceAvailableReplyExtension = nil); Description Call the QueryAvailableSpace method to learn the amount of available space for an arbitrary path. If the NonBlocking property is False, the method returns control after erceiving an answ er from the server and w riting the result to the ReplyE xtension object. Otherw ise the result is w ritten to ReplyE xtension on executing the OnReplySpaceAvailable event. If the server returns an error, the OnE rror event is generated. Note: this request is not supported by all SFTP servers. Parameters:
113
hich the available space should be reported. Path - the path for w hich the data about available space w ill be w ritten. If this ReplyE xtension - an object to w parameter is set to nil or not set at all, the OnReplySpaceAvailable event should be processed in order to get the result. If the object is specified, it w ill be returned in the OnReplySpaceAvailable event handler.
15.24.3.14 TScSFTPClient.QueryUserHomeDirectory
function QueryUserHomeDirectory( const Username: string): string; Description Call the QueryUserHomeDirectory method to request user home directory for the specified Username. An empty string implies the current user. M any users are used typing '~' as an alias for their home directory, or ~username as an alias for another user's home directory. To support this feature use this method. If the NonBlocking property is False, the method returns user home directory. Otherw ise it returns an empty string, and in order to get the directory the OnFileName event should be processed. If the server returns an error, the OnE rror event is generated. Note: this request is not supported by all SFTP servers.
15.24.3.15 TScSFTPClient.ReadDirectory
procedure ReadDirectory(const Handle: TScSFTPFileHandle ); Description Call the ReadDirectory method to retrieve a directory listing. In order to obtain a complete directory listing, the client must call this method until the E OF property is set to True. For every received file or directory name the OnDirectoryList event is generated. If the server returns an error, the OnE rror event is generated. Parameters: Handle - a handle previously returned in the response to OpenDirectory. If Handle is an ordinary file handle returned by OpenFile, the server returns error. See Also E OF OnDirectoryList OnE rror OpenDirectory OpenFile
15.24.3.16 TScSFTPClient.ReadFile
{$IFNDEF CLR} function ReadFile(const Handle: TScSFTPFileHandle ; FileOffset: Int64; var Buffer; Count: Longint): Longint; overload; {$ENDIF} function ReadFile(const Handle: TScSFTPFileHandle ; FileOffset: Int64; var Buffer: TBytes; Offset, Count: Longint): Longint; {$IFNDEF CLR}
114
overload; {$ENDIF} Description Call the ReadFile method to read remote file data. If the NonBlocking property is set to False it returns the amount of data read. Otherw ise it returns 0 and the data can be read from the buffer on processing the OnData event. The OnData event may occur several times for a single call of ReadFile, if the amount of requested data exceeds the possible amount of data the server can return during one request (refer to the ReadBlockSize property). If the servers returns an error, the OnE rror event is generated. This method sets the E OF property to True if the end of file w as reached. Parameters: Handle - is a handle previously returned in the response to OpenFile. FileOffset - the offset in bytes relative to the beginning of the file that the read starts at. This field is ignored if TE XT M ODE w as specified during the open. hich the data w ill be read. If the buffer is specified, it w ill be returned by the Buffer - The buffer to w OnData event handler. If NonBlocking is True, the parameter can have the nil value. hich to start w riting the data. Offset - the position in the buffer from w Count - the maximum number of bytes to read. See Also NonBlocking OnData ReadBlockSize
15.24.3.17 TScSFTPClient.ReadSymbolicLink
function ReadSymbolicLink( const Path: string): string; Description Call the ReadSymbolicLinkReads the target of a symbolic link. Path specifies the path name of the symlink to be read. If NonBlocking is False, the method returns the target of the link. Otherw ise it returns an empty string, and in order to obtain the result, the OnFileName event should be processed. If the server returns an error, the OnE rror event is generated.
15.24.3.18 TScSFTPClient.RemoveDirectory
procedure RemoveDirectory(const Path: string); Description Call the RemoveDirectory method to remove directory. The Path parameter specifies the directory to be removed. This request cannot be used to remove a file. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events.
15.24.3.19 TScSFTPClient.RemoveFile
procedure RemoveFile(const FileName: string); Description
115
Call the RemoveFile method to remove a file. FileName is the name of the file to be removed. This request cannot be used to remove directories. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events.
15.24.3.20 TScSFTPClient.RenameFile
type TScSFTPRenameFlag = (rfOverwrite, rfAtomic, rfNative); TScSFTPRenameFlags = set of TScSFTPRenameFlag; procedure RenameFile(const OldPath, NewPath: string; Flags: TScSFTPRenameFlags = []); Description Call the RenameFile property to rename file or directory. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events. Parameters: OldPath - the name of an existing file or directory. Path - the new name for the file or directory. New Flags - the renaming parameters. This parameter is supported only since the version 5 of the SFTP protocol. Value Meaning rfOverwrite if this flag is not included, and a file w ith the name specified by new path already exists, the server responds w ith the SSH_FX_FILE _ALRE ADY_E XISTS error. rfAtomic if this flag is included, and the destination file already exists, it is replaced in an atomic fashion. I.e., there is no observable instance in time w here the name does not refer either to the old or the new file. rfAtomic implies rfOverw rite. rfNative if this flag is included and the server cannot replace the destination in an atomic fashion, then the server responds w ith the SSH_FX_OP_UNSUPPORTE D error.
15.24.3.21 TScSFTPClient.RequestExtension
procedure RequestExtension(const ExtName: string; const ExtData: TBytes; ReplyExtension: TScSFTPExtension = nil); overload; procedure RequestExtension(Extension: TScSFTPExtension ; ReplyExtension: TScSFTPExtension = nil); overload; Description Call the RequestE xtension method to send an extended request to the server. E xtensions allow clients to query the server for additional information w hich may not be w idely supported, but all the same can be implemented by some servers. If the NonBlocking property is False, the method returns control after receiving an answ er from the server and w riting it to the ReplyE xtension object. Otherw ise the result is w ritten to the ReplyE xtension object on executing the OnReplyE xtension event. If the server returns an error, the OnE rror event is generated. Note: this option is supported starting from the version 3 of the SFTP protocol.
116
Parameters: E xtName - string that holds the extension name. E xtData - the extension data, that is specified by the specific extension. hich specify the extension parameters. E xtension - the object the Name and Data properties of w hich the replied data w ill be w ritten. ReplyE xtension - the object to w nil , OnReplyE xtension event. If the object is specified, it w ill be returned in the OnReplyE xtension event handler.
15.24.3.22 TScSFTPClient.RetrieveAbsolutePath
type TScSFTPRealpathControl = (rcNoCheck, rcStatIf, rcStatAlways); function RetrieveAbsolutePath( const Path: string; Control: TScSFTPRealpathControl = rcNoCheck; ComposePath: TStringList = nil): string; Description Call the RetrieveAbsolutePath method to have the server canonize any given path name to an absolute path. This is useful for converting path names containing ".." components or relative pathnames w ithout a leading slash into absolute paths. If NonBlocking is False, the method returns absolute path. Otherw ise it returns an empty string, and in order to obtain absolute path the OnFileName event should be processed. If the server returns an error, the OnE rror event is generated. Parameters: hich the client w ants to be resolved into an absolute canonical path. Path - original path w Control - the parameters of identifying the absolute path. This parameter is supported starting w ith the version 6 of the SFTP protocol. Value Meaning rcNoCheck the server does not fail the request if the path does not exist, is hidden, or the user does not have access to the path or some component thereof. rcStatIf the server uses the path if it exists and is accessible to the client. How ever, if the path does not exist, isn't visible, or isn't accessible, the server does not fail the request. If the status of the file fails, the file type w ill be ftUnknow n. rcStatAlways the server uses the path. If the stat operation fails, the server fails the request. hich case the server should build ComposePath - the client may specify multiple elements, in w the resulting path by applying each compose path to the accumulated result until all elements have been applied. This parameter is supported starting w ith the version 6 of the SFTP protocol.
15.24.3.23 TScSFTPClient.RetrieveAttributes
procedure RetrieveAttributes(Attrs: TScSFTPFileAttributes ; const Path: string; SymbolicLinks: boolean = False; const Flags: TScSFTPAttributes = []); Description
117
Call the RetrieveAttributes method to retrieve the attributes for a named file. If NonBlocking is False, then the method returns control after receiving attributes from the server and w riting them to the Attrs object. Otherw ise the attributes are set to Attrs on executing the OnFileAttributes event. If the server returns an error, the OnE rror event is generated. Parameters: hich the attributes of the requested file w ill be w ritten. Attrs - an object to w hich status should be returned. Path - specifies the file system object for w s symbolic links. SymbolicLinks - specify if the server follow hich the client has particular interest. This parameter is Flags - specify the attribute flags in w supported starting w ith the version 4 of the SFTP protocol. See Also TScSFTPFileAttributes
15.24.3.24 TScSFTPClient.RetrieveAttributesByHandle
procedure RetrieveAttributesByHandle(Attrs: TScSFTPFileAttributes ; const Handle: TScSFTPFileHandle ; const Flags: TScSFTPAttributes = []); Description Call the RetrieveAttributesByHandle method to retrieve the attributes for a named file. If NonBlocking is False, then the method returns control after receiving attributes from the server and w riting them to the Attrs object. Otherw ise the attributes are set to Attrs on executing the OnFileAttributes event. If the server returns an error, the OnE rror event is generated. Parameters: hich the attributes of the requested file w ill be w ritten. Attrs - an object to w Handle - is a handle previously returned in the response to OpenFile or OpenDirectory. hich the client has particular interest. This parameter is Flags - specify the attribute flags in w supported starting w ith the version 4 of the SFTP protocol. See Also TScSFTPFileAttributes
15.24.3.25 TScSFTPClient.SetAttributes
procedure SetAttributes(const Path: string; Attributes: TScSFTPFileAttributes ); Description Call the SetAttributes method to set the attributes for a named file. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events. Parameters: hose attributes are to be modified. If this Path - the file system object (e.g. file or directory) w object does not exist, or the user does not have sufficient access to w rite the attributes, the server w ill return an error. Attributes - object, that specifies the modified attributes to be applied. See Also OpenFile OpenDirectory
118
15.24.3.26 TScSFTPClient.SetAttributesByHandle
procedure SetAttributesByHandle(const Handle: TScSFTPFileHandle ; Attributes: TScSFTPFileAttributes ); Description Call the SetAttributesByHandle method to set the attributes for a named file. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events. Parameters: Handle - is a handle previously returned in the response to OpenFile or OpenDirectory. Attributes - object, that specifies the modified attributes to be applied. See Also OpenFile OpenDirectory
15.24.3.27 TScSFTPClient.TextSeek
function TextSeek(const Handle: TScSFTPFileHandle ; LineNumber: Int64): Boolean; Description Call the TextSeek method to support seek on text file. If the NonBlocking property is False, the method returns True, if the requested line w as found, and False, if the end of file w as reached. If the NonBlocking property is True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events. Note: this request is not supported by all SFTP servers. Parameters: Handle - a handle returned by the OpenFile method. here byte 0 in the file is the line number LineNumber - the index of the line number to look for, w 0, and the byte directly follow ing the first new line sequence in the file is the line number 1 and so on.
15.24.3.28 TScSFTPClient.UnBlock
procedure UnBlock(const Handle: TScSFTPFileHandle ; Offset, Count: Int64); Description Call the UnBlock method to remove a previously acquired byte-range lock on the specified handle. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events. Note: This operation is supported starting w ith the version 6 of the SFTP protocol. Parameters: hich a Block request has previously been. Handle - a handle on w Offset - the beginning of the byte-range to lock.
119
Count - the number of bytes in the range to lock. The special value 0 means lock from Offset to the end of the file.
15.24.3.29 TScSFTPClient.UploadFile
procedure UploadFile(const Source, Destination: string; Overwrite: Boolean); Description Call the UploadFile method to copy a file from the local machine to the remote one. To create a resulting file on the server w ith the required attributes (for example, the attributes should correspond to the ones that the local file has) process the OnSetRemoteFileAttributes event. If the NonBlocking property is set to True, then control is returned at once and you can learn the result of the operation execution by handling the OnSuccess and OnE rror events. Parameters: Source - holds the initial path to the file that is being copied. Destination - holds the destination path to copy the file to. rite - specifies w hether to overw rite the file w ith the same name if it exists. Overw See Also NonBlocking OnSetRemoteFileAttributes OnE rror OnSuccess
15.24.3.30 TScSFTPClient.WriteFile
{$IFNDEF CLR} procedure WriteFile(const Handle: TScSFTPFileHandle ; FileOffset: Int64; const Buffer; Count: Longint); overload; {$ENDIF} procedure WriteFile(const Handle: TScSFTPFileHandle ; FileOffset: Int64; const Buffer: TBytes; Offset, Count: Longint); {$IFNDEF CLR} overload; {$ENDIF} Description Call the WriteFile method to w rite data to the remote file. If the server returns an error, the OnE rror event is generated. Parameters: Handle - a handle previously returned as a response to OpenFile. riting started at. This FileOffset - the offset in bytes relative to the beginning of the file that the w field is ignored if TE XT M ODE w as specified during the opening. ritten to the file. Buffer - the sequence of bytes that should be w Offset the position in the buffer from w hich to start reading the data. Count the number of bytes to w rite. See Also OpenFile
120
15.24.4 Events
15.24.4.1 TScSFTPClient.OnConnect
property OnConnect: TNotifyEvent; Description The OnConnect event occurs before establishing secure logical connection through an SSH tunnel.
15.24.4.2 TScSFTPClient.OnCreateLocalFile
type TScSFTPCreateLocalFileEvent = procedure(Sender: TObject; const LocalFileName, RemoteFileName: string; Attrs: TScSFTPFileAttributes ; var Handle: {$IFDEF CLR}System.IO.Stream {$ELSE}THandle {$ENDIF}) of object; property OnCreateLocalFile: TScSFTPCreateLocalFileEvent; Description The OnCreateLocalFile event occurs w hen copying a file from remote machine to the local during the Dow nloadFile method call. When processing this event, you should create a file and set required attributes for it. The handle of the created file should be specified in the Handle parameter. Parameters: LocalFileName - the local path to copy the file to. RemoteFileName - the path to the file (that should be copied) on the server. Attrs - the object that holds the attributes of the file that is being copied (the original file). Handle - set the handle of the created file as a value of this variable. See Also Dow nloadFile
15.24.4.3 TScSFTPClient.OnData
type TScSFTPDataEvent = procedure(Sender: TObject; const FileName: string; const Handle: TScSFTPFileHandle ; const Buffer: TBytes; Offset, Count: Integer; EOF: Boolean) of object; property OnData: TScSFTPDataEvent; Description The OnData event occurs w hen reading data from a remote file w hen executing the ReadFile method. This event may occur several times during one call of this method. Parameters: hich the data is being read. FileName - the name of the file from w as sent to the ReadFile method. Handle - the file handle for the file that w hich holds the data read from the file. It can hold the nil value if E OF = True. Buffer - the buffer w ritten data. Offset - the position in the buffer that indicates the beginning of the w Count - the amount of data received in bytes.
121
as reached. If its value is True, the end of file w as reached. E OF - indicates that the end of file w Otherw ise it w as not reached. See Also ReadFile
15.24.4.4 TScSFTPClient.OnDirectoryList
type TScSFTPDirectoryListEvent = procedure(Sender: TObject; const Path: string; const Handle: TScSFTPFileHandle ; FileInfo: TScSFTPFileInfo ; EOF: Boolean) of object; property OnDirectoryList: TScSFTPDirectoryListEvent; Description The OnDirectoryList event occurs w hen receiving directory listing during the ReadDirectory method call. This event is generated for every name of a file or directory that w as received. Parameters: hich the directory listing is retrieved. Path - the path from w as sent to the ReadDirectory method. Handle - a handle of this directory, that w FileInfo - the object that holds information on the file. Can be of the nil value if E OF = True. E OF - determines if there are more files or directories in the specified directory. If its value is True, this file is the last file in this directory and it does not contain any other files. Otherw ise there are more files in the directory. See Also TScSFTPFileInfo ReadDirectory
15.24.4.5 TScSFTPClient.OnDisconnect
property OnDisconnect: TNotifyEvent; Description The OnDisconnect event occurs after the logical connection through an SSH server is closed.
15.24.4.6 TScSFTPClient.OnError
type TScSFTPErrorEvent = procedure(Sender: TObject; Operation: TScSFTPOperation ; const FileName: string; const Handle: TScSFTPFileHandle ; ErrorCode: integer; const ErrorMessage: string; var Fail: Boolean) of object; property OnError: TScSFTPErrorEven; Description The OnE rror event occurs w hen the server returns an error w hen executing some operation. Parameters: hich operation the error occurred. Operation - determines during w
122
FileName - the name of the file or directory w ith w hich the operation w as performed. Handle - the handle of the file w ith w hich the operation w as executed. M ay be of the nil value. E rrorCode - holds the error code. To learn the error codes, refer to the E ScSFTPE rror topic. E rrorM essage - holds the readable description of the error. Fail - if the NonBlocking property is False, then set the Fail parameter to False to prevent raising an exception, and set this parameter to True to raise the E ScSFTPE rror exception. if the NonBlocking property is True, this parameter is ignored.
See Also TScSFTPOperation E ScSFTPE rror

15.24.4.7 TScSFTPClient.OnFileAttributes
type TScSFTPFileAttributesEvent = procedure(Sender: TObject; const FileName: string; const Handle: TScSFTPFileHandle ; FileAttributes: TScSFTPFileAttributes ) of object; property OnFileAttributes: TScSFTPFileAttributesEvent; Description The OnFileAttributes event occurs w hen requesting file attributes during the RetrieveAttributes or RetrieveAttributesByHandle method call. Parameters: hich attributes are returned. FileName - the name of the file for w Handle - a file handle for this file. This property is set only if the RetrieveAttributesByHandle method is called. Otherw ise it has nil value. FileAttributes - the object that holds the attributes of the requested file. See Also TScSFTPFileAttributes RetrieveAttributes RetrieveAttributesByHandle
15.24.4.8 TScSFTPClient.OnFileName
type TScSFTPFileNameEvent = procedure(Sender: TObject; const SrcFileName, DestFileName: string) of object; property OnFileName: TScSFTPFileNameEvent; Description The OnFileName event occurs during the call to the ReadSymbolicLink, RetrieveAbsolutePath , or QueryUserHomeDirectory method. If the ReadSymbolicLink method w as called, the SrcFileName parameter holds the name of the symbolic link, and the DestFileName parameter holds the target of this symbolic link. During the RetrieveAbsolutePath method call SrcFileName holds the original path and DestFileName holds the absolute path. During the QueryUserHomeDirectory method call SrcFileName holds the specified user name, and DestFileName - home directory for this user name.
123
See Also ReadSymbolicLink RetrieveAbsolutePath QueryUserHomeDirectory

15.24.4.9 TScSFTPClient.OnOpenFile
type TScSFTPOpenFileEvent = procedure(Sender: TObject; const FileName: string; const Handle: TScSFTPFileHandle ) of object; property OnOpenFile: TScSFTPOpenFileEvent; Description The OnOpenFile event occurs w hen opening file or directory w hen executing OpenFile or OpenDirectory methods. Parameters: FileName - the name of the file or directory that is being opened. as received from the server for the file or directory that is being Handle - the file handle that w opened. This handle may be used in other operations like ReadFile, WriteFile etc. See Also OpenFile OpenDirectory
15.24.4.10 TScSFTPClient.OnReplyCheckFile
type TScSFTPReplyCheckFileEvent = procedure(Sender: TObject; const FileName: string; const Handle: TScSFTPFileHandle ; CheckFileReplyExtension: TScCheckFileReplyExtension ) of object; property OnReplyCheckFile: TScSFTPReplyCheckFileEvent; Description The OnReplyCheckFile event occurs w hen requesting file check during the CheckFile or CheckFileByHandle method call. Parameters: FileName - the path to the file to check. hen calling the CheckFileByHandle Handle - a file hanle for this file. This property is set only w method. Otherw ise its value is nil. CheckFileReplyE xtension - the object that holds received computed hashes. See Also TScCheckFileReplyE xtension CheckFile CheckFileByHandle
15.24.4.11 TScSFTPClient.OnReplyExtension
type TScSFTPReplyExtensionEvent = procedure(Sender: TObject; const ExtName:
124
string; Extension: TScSFTPExtension ) of object; property OnReplyExtension: TScSFTPReplyExtensionEvent; Description The OnReplyE xtension event occurs w hen the server answ ers the extended request during the RequestE xtension method call. Parameters: E xtName - holds the extension name as string. hich the replied ddata is w ritten. E xtension - the object to w See Also TScSFTPE xtension RequestE xtension
15.24.4.12 TScSFTPClient.OnReplySpaceAvailable
type TScSFTPReplySpaceAvailableEvent = procedure(Sender: TObject; const Path: string; SpaceAvailableReplyExtension: TScSpaceAvailableReplyExtension ) of object; property OnReplySpaceAvailable: TScSFTPReplySpaceAvailableEvent; Description The OnReplySpaceAvailable event occurs w hen requesting available space for an arbitrary path during the QueryAvailableSpace method call. Parameters: hich the available space w as requested. Path - the path for w SpaceAvailableReplyE xtension - the object that holds data about the available space. See Also TScSpaceAvailableReplyE xtension
15.24.4.13 TScSFTPClient.OnSetRemoteFileAttributes
type TScSFTPSetRemoteFileAttributesEvent = procedure(Sender: TObject; const LocalFileName, RemoteFileName: string; Attrs: TScSFTPFileAttributes ) of object; property OnSetRemoteFileAttributes: TScSFTPSetRemoteFileAttributesEvent; Description The OnSetRemoteFileAttributes event occurs w hen copying a file from local machine to remote during the UploadFile method call. On processing this event you can set the attributes for the remote file using the Attrs object. Parameters: LocalFileName - the path to the file that is being copied on the local machine. here the file w ill be copied. RemoteFileName - The path on the server w Attrs the object w here the attributes of the file on the server should be specified (the attributes of
125
the local file may be used). See Also UploadFile

15.24.4.14 TScSFTPClient.OnSuccess
type TScSFTPSuccessEvent = procedure(Sender: TObject; Operation: TScSFTPOperation ; const FileName: string; const Handle: TScSFTPFileHandle ; const Message: string) of object; property OnSuccess: TScSFTPSuccessEvent; Description The OnSuccess event occurs after successful execution of an operation that does not return any data (for example, RemoveFile ). Parameters: hich operation w as executed. Operation - determines w ith w hich the operation w as performed. FileName - the name of the file or directory w ith w hich the operation w as performed. M ay be of the nil Handle - the handle handle of the file w value. M essage - holds the message about the result of the operation execution. See Also TScSFTPOperation
15.24.4.15 TScSFTPClient.OnVersionSelect
type TScSFTPVersion = (vSFTP0, vSFTP1, vSFTP2, vSFTP3, vSFTP4, vSFTP5, vSFTP6) ; TScSFTPVersions = set of TScSFTPVersion; type TScSFTPVersionSelectEvent = procedure(Sender: TObject; const Versions: TScSFTPVersions; var Version: TScSFTPVersion) of object; property OnVersionSelect: TScSFTPVersionSelectEvent; Description The OnVersionSelect event occurs w hen establishing a connection to the SFTP server on calling the Initialize method. If the server supports higher versions, then it w as specified during the initialization, it can notify the client about this and OnVersionSelect w ill be initiated. Parameters: Versions - the set of SFTP protocols that are supported by the SFTP server. ants to change this version, the Version - the version of the SFTP protocol that is used. If client w value of this variable may be changed to one of the supported versions of the SFTP protocol. See Also Initialize ServerVersion
126
Version
127
15.25 TScSFTPCustomExtension
15.25.1 Description
Unit ScSFTPUtils Description The TScSFTPCustomE xtension class is a base abstract class for other SFTP protocol extensions classes like TScSFTPE xtension, TScCheckFileReplyE xtension, TScSFTPSupportedE xtension etc. E xtensions make it possible for clients to query the server for additional information w hich may not be w idely supported, but may be implemented by some servers. See Also TScSFTPE xtension
128
15.25.2 Properties
15.25.2.1 TScSFTPCustomExtension.Name
property Name: string; Description The Name property holds the extension name.
129
15.26 TScSFTPExtension
15.26.1 Description
Unit ScSFTPUtils Description The TScSFTPE xtension class is used to implement users' extensions. See Also TScSFTPCustomE xtension
130
15.26.2 Properties
15.26.2.1 TScSFTPExtension.Data
property Data: TBytes read FData write SetData; Description The Data property holds the extension data defined by the specific extension.
131
15.27 TScSFTPFileAttributes
15.27.1 Description
Unit ScSFTPClient Description The TScSFTPFileAttributes class is defined for encoding file attributes. The same encoding is used both w hen returning file attributes from the server and w hen sending file attributes to the server. When sending it to the server, the properties specify w hich attributes are included, and the server w ill use the default values for the remaining attributes (or w ill not modify the values of remaining attributes). When receiving attributes from the server, the properties specify w hich attributes are included in the returned data. The server normally returns all attributes it know s about. The ValidAttributes property specifies the attributes values w ith meaning.
132
15.27.2 Properties
15.27.2.1 TScSFTPFileAttributes.AccessTime
property AccessTime: TDateTime; Description The AccessTime property contains the time of the last access to the file. M any operating systems either don't have this field, only optionally maintain it, or maintain it w ith less resolution than other fields. This time is presented in the UTC time scale. See Also ValidAttributes
15.27.2.2 TScSFTPFileAttributes.ACEs
property ACEs: TScCollection ; Description ACL (Access Control List) is a list of attributes. The ACE s property holds a set of TScSFTPACE Item objects. Note: This property is supported starting w ith version 4 of the SFTP protocol. See Also ValidAttributes
15.27.2.3 TScSFTPFileAttributes.AclFlags
type TScSFTPAclFlag = (aclControlIncluded, aclControlPresent, aclControlInherited, aclAuditAlarmIncluded,aclAuditAlarmInherited); TScSFTPAclFlags = set of TScSFTPAclFlag; property AclFlags: TScSFTPAclFlags ; Description The AclFlags property holds the NFS Access Control attributes. Note: This property is supported starting w ith version 6 of the SFTP protocol. Value aclControlIncluded Meaning if this flag is set w hen creating file attributes, then the client intends to modify the ALLOWE D/DE NIE D entries of the property ACE s. Otherw ise, the client intends for these entries to be preserved. if this flag is not set, then the client w ishes to remove control entries. If the flag is clear, then control of the file may be through the permissions mask. The server may also grant full access to the file. If both the aclControlIncluded and the aclControlPresent flags are set, but they are not ALLOW/DE NY entries in the property ACE s, the client w ishes to deny all access to the file or directory. if this flag is set, then ALLOW/DE NY ACE s may be inherited from the parent directory. If it is off, then they must not be INHE RITE D. If the server does not support controlling inheritance, then the client must
aclControlPresent
aclControlInherited
133
clear this bit; in this case the inheritance properties of the server are undefined. aclAuditAlarmIncluded If flag is set w hen creating file attributes, then the client intends to modify the AUDIT/ALARM entries of the ACE s. Otherw ise, the client intends for these entries to be preserved. aclAuditAlarmInherited If flag is set, then AUDIT/ALARM ACE s may be inherited from the parent directory. If it is off, then they must not be INHE RITE D. If the server does not support controlling inheritance, then the client must clear this bit; in this case the inheritance properties of the server are undefined. See Also ValidAttributes
15.27.2.4 TScSFTPFileAttributes.AllocationSize
property AllocationSize: Int64; Description Use the AllocationSize property to specify thi file size on disk (in bytes). If this property is set w hen the file is created, the file is created and the specified number of bytes is pre-allocated. If pre-allocation process fails, the file can be removed (if it w as created), and an error w ill be arised. If the property is set w hen creating file attributes, the file can be extended or truncated to the specified size. The Size property may be affected by this operation. Note: This property is supported starting w ith version 6 of the SFTP protocol. See Also ValidAttributes
15.27.2.5 TScSFTPFileAttributes.Attrs
type TScSFTPFileAttr = (faReadonly, faSystem, faHidden, faCaseInsensitive, faArchive, faEncrypted, faCompressed, faSparse, faAppendOnly, faImmutable, faSync, faTranslationError); TScSFTPFileAttrs = set of TScSFTPFileAttr; property Attrs: TScSFTPFileAttrs ; Description These flags reflect various attributes of the file or directory on the server. Note: This property is supported starting w ith version 5 of the SFTP protocol. Value faReadonly Meaning advisory, read-only bit. This bit is not a part of the access control information on the file, but is rather an advisory field indicating that the file should not be w ritten. the file is a part of the operating system. file should not be show n to user unless specifically requested. For example, most UNIX systems should set this bit if the filename begins w ith a 'period'. This bit may be read-only. M ost UNIX systems w ill not allow this to be changed.
faSystem faHidden
134
faCaseInsensitive
faArchive faEncrypted
faCompressed faSparse
faAppendOnly
faImmutable
faSync faTranslationError
this attribute applies only to directories. This attribute is alw ays readonly, and cannot be modified. This attribute means that files and directory names in this directory should be compared w ithout regard to case. Unless otherw ise specified, filenames are assumed to be case sensitive. the file should be included in backup/archive operations. the file is stored on disk using file-system level transparent encryption. This flag does not affect the file data on the w ire (for either RE AD or WRITE requests.) the file is stored on disk using file-system level transparent compression. This flag does not affect the file data on the w ire. the file is a sparse file; this means that file blocks that have not been explicitly w ritten are not stored on disk. For example, if a client w rites a buffer at 10 M from the beginning of the file, the blocks betw een the previous E OF marker and the 10 M offset w ould not consume physical disk space. Some servers may store all files as sparse files, in w hich case this bit w ill be unconditionally set. Other servers may not have a mechanism for determining if the file is sparse, and so the file M AY be stored sparse even if this flag is not set. opening the file w ithout either the ofAppendData or the ofAppendDataAtomic flag (TScSFTPClient.OpenFile) must result in an SSH_FX_INVALID_PARAM E TE R error. the file cannot be deleted or renamed, no hard link can be created to this file, and no data can be w ritten to the file. This bit implies a stronger level of protection than aReadonly, the file permission mask, or ACLs. Typically even the superuser cannot w rite to immutable files, and only the superuser can set or remove the bit. When the file is modified, the changes are w ritten synchronously to the disk. The server may include this bit in a directory listing or realpath response. It indicates that there w as a failure in the translation to UTF-8. If this flag is included, the server should also include the UntranslatedName property.
See Also TScSFTPClient.OpenFile ValidAttributes

15.27.2.6 TScSFTPFileAttributes.ChangeAttrTime
property ChangeAttrTime: TDateTime; Description The ChangeAttrTime property contains the time of the last attribute modification. The exact meaning of this field depends on the server. This time is presented in the UTC time scale. Note: This property is supported starting w ith version 4 of the SFTP protocol. See Also ValidAttributes
135
15.27.2.7 TScSFTPFileAttributes.CreateTime
property CreateTime: TDateTime; Description The CreateTime property contains the time w hen the file w as created. This time is presented in the UTC time scale. Note: This property is supported starting w ith version 4 of the SFTP protocol. See Also ValidAttributes
15.27.2.8 TScSFTPFileAttributes.ExtendedAttributes
property ExtendedAttributes: TObjectList; Description The E xtendedAttributes holds the list of the TScSFTPE xtension objects that are extended attributes. Additional fields can be added to the file attributes by defining extended attributes for them. See Also ValidAttributes
15.27.2.9 TScSFTPFileAttributes.FileType
type TScSFTPFileType = (ftFile, ftDirectory, ftSymlink, ftSpecial, ftUnknown, ftSocket, ftCharDevice, ftBlockDevice, ftFifo); property FileType: TScSFTPFileType ; Description The FileType property holds the file type. Note: this option is supported starting w ith version 4 of the SFTP protocol. Value ftFile ftDirectory ftSymlink ftSpecial ftUnknown ftSocket ftCharDevice ftBlockDevice ftFifo See Also ValidAttributes Meaning the type of the file is File the type of the file is Directory the type of the file is symbolic link this value is used for files that are of a know n type w hich cannot be expressed in the protocol this value is used if the type is unknow n the type of the file is Socket the type of the file is Char device the type of the file is Block device the type of the file is Fifo
136
15.27.2.10 TScSFTPFileAttributes.GID
property GID: integer; Description The GID property contains numeric Unix-like group identifier for a file. Note: This property is supported only w ith the version 3 of the SFTP protocol. See Also ValidAttributes
15.27.2.11 TScSFTPFileAttributes.Group
property Group: string; Description The Group property holds the name of the group to w hich the file belongs. The string should be of the form "user@dns_domain". This w ill allow a client and server that do not use the same local representation to translate to common syntax that can be interpreted by both. In the case w hen no translation is possible for the client or server, the attribute value must be constructed w ithout "@". Note: This property is supported starting w ith version 4 of the SFTP protocol. See Also ValidAttributes
15.27.2.12 TScSFTPFileAttributes.LinkCount
property LinkCount: integer; Description The LinkCount property contains the hard link count of the file. This property should not be set w hen creating file attributes. Note: This property is supported starting w ith version 6 of the SFTP protocol. See Also ValidAttributes
15.27.2.13 TScSFTPFileAttributes.MimeType
property MimeType: string; Description The M imeType property contains the mime-type [RFC1521] string. M ost servers w ill not know this information and w ill not set the flag in their TScSFTPSupportedE xtension.SupportedAttributes property. Note: This property is supported starting w ith version 6 of the SFTP protocol. See Also SupportedAttributes ValidAttributes
137
15.27.2.14 TScSFTPFileAttributes.Modif yTime
property ModifyTime: TDateTime; Description The M odifyTime property contains the last of the last file modification. This time is presented in the UTC time scale. See Also ValidAttributes
15.27.2.15 TScSFTPFileAttributes.Owner
property Owner: string; Description The Ow ner property holds the name of the file ow ner. The string should be of the form "user@dns_domain". This w ill allow a client and server that do not use the same local representation to translate to a common syntax that can be interpreted by both. In the case w hen no translation available to the client or server, the attribute value must be constructed w ithout "@". Note: This property is supported starting w ith version 4 of the SFTP protocol. See Also ValidAttributes
15.27.2.16 TScSFTPFileAttributes.Permissions
type TScSFTPFilePermission = (pR_USR, pW_USR, pX_USR, pR_GRP, pW_GRP, pX_GRP, pR_OTH, pW_OTH, pX_OTH, pS_UID, pS_GID, pS_VTX); TScSFTPFilePermissions = set of TScSFTPFilePermission; property Permissions: TScSFTPFilePermissions ; Description The Permissions property contains the flags specifying file permissions. These permissions correspond to the st_mode field of the stat structure defined by POSIX [IE E E .1003-1.1996]. Value pR_USR pW_USR pX_USR pR_GRP pW_GRP pX_GRP pR_OTH pW_OTH pX_OTH Meaning specifies the ow ner's read access right for the file. specifies the ow ner's w rite access right for the file. specifies the ow ner's execute access right for the file. specifies the group read access right for a file. specifies the group w rite access right for a file. specifies the group execute access right for a file. specifies the read access right for a file for the user w ho is not its ow ner and doesn't belong to the same group as the file. specifies the w rite access right for a file for the user w ho is not its ow ner and doesn't belong to the same group as the file. specifies the execute access right for a file for the user w ho is not its ow ner and doesn't belong to the same group as the file.
138
pS_UID pS_GID pS_VTX
specifies if the file w ill be executed w ith the rights of its ow ner. specifies if the file w ill be executed w ith the rights of the group. set this flag on directory in order to allow files renaming and deleting to their ow ners only. Usage is now obsolete and the sticky bit is ignored on files.
See Also ValidAttributes

15.27.2.17 TScSFTPFileAttributes.Size
property Size: Int64; Description Use the Size property to specify the number of bytes that can be read from the file, or in other w ords, the location of the end-of-file. This property should not be set w hile creating a file. If this property is set w hen creating file attributes, the file can be extended or truncated to the specified size. See Also ValidAttributes
15.27.2.18 TScSFTPFileAttributes.TextHint
type TScSFTPTextHint = (thKnownText, thGuessedText, thKnownBinary, thGuessedBinary); property TextHint: TScSFTPTextHint ; Description The value of the TextHint property can be one of the follow ing set, and it indicates w hat information does the server have about the file content. This property should not be set w hen creating file attributes. Note: This property is supported starting w ith version 6 of the SFTP protocol. Value thKnownText thGuessedText thKnownBinary thGuessedBinary Meaning the server know s that the file is a text file, and it w ill be opened using the ofTextM ode flag. the server w ill apply a hueristic or other mechanism and after that the file w ill be opened w ith the ofTextM ode flag. the server know s that the file has binary content. the server w ill apply a hueristic or other mechanism and believes has binary content, and after that file w ill not be opened w ith the ofTextM ode flag.
See Also ValidAttributes

15.27.2.19 TScSFTPFileAttributes.UID
property UID: integer; Description

139
The UID property contains numeric Unix-like user identifiers for a file. Note: This property is supported only w ith the version 3 of the SFTP protocol. See Also ValidAttributes
15.27.2.20 TScSFTPFileAttributes.UntranslatedName
property UntranslatedName: string; Description The UntranslatedName property contains the name of the file before its translation w as attempted. It should not be included unless the faTranslationE rror flag in the Attrs property is set on the server side. Note: This property is supported starting w ith version 6 of the SFTP protocol. See Also Attrs ValidAttributes
15.27.2.21 TScSFTPFileAttributes.ValidAttributes
type TScSFTPAttribute = (aSize, aAllocationSize, aOwnerGroup, aPermissions, aAccessTime, aCreateTime, aModifyTime, aChangeAttrTime, aSubsecondTimes, aAcl, aAttrs, aTextHint, aMimeType, aLinkCount, aUntranslatedName, aExtended); TScSFTPAttributes = set of TScSFTPAttribute; property ValidAttributes: TScSFTPAttributes ; Description Use the ValidAttributes property to define the file attributes that have meaning. While receiving attributes from the server w hen a flag for the required property w as set, this value w as received from the server. If the flag is not set, the value of the property can be set to any value. When sending attributes to the server, only properties w ith the corresponding flag are sent. Other properties are ignored. Value aSize aAllocationSize aOwnerGroup aPermissions aAccessTime aCreateTime aModifyTime aChangeAttrTime aSubsecondTimes aAcl aAttrs aTextHint Meaning the Size property is set; the AllocationSize prperty is set; the GID, UID, Group and Ow ner properties are set; the Permissions property is set; the AccessTime property is set; the CreateTime property is set; the M odifyTime property is set; the ChangeAttrTime property is set; the nseconds is to be added to the seconds AccessTime, CreateTime, M odifyTime, ChangeAttrTime fields for the final time representation. the AclFlags ACE s are set; the Attrs property is set; the TextHint property is set;
140
aMimeType aLinkCount aUntranslatedName aExtended
the the the the
M imeType property is set; LinkCount property is set; UntranslatedName property is set; E xtendedAttributes property is set;
141
15.28 TScSFTPFileInfo
15.28.1 Description
Unit ScSFTPUtils Description The TScSFTPFileInfo class holds the file information that is returned by server after the TScSFTPClient. ReadDirectory command w as called. See also TScSFTPClient.ReadDirectory
142
15.28.2 Properties
15.28.2.1 TScSFTPFileInf o.Attributes
property Attributes: TScSFTPFileAttributes ; Description The Attributes property holds the attributes of the file or directory. See also TScSFTPFileAttributes
15.28.2.2 TScSFTPFileInf o.Filename
property Filename: string; Description The Filename property holds the name of the file.
15.28.2.3 TScSFTPFileInf o.Longname
property Longname: string; Description The Longname property holds an expanded format for the file name, similar to the one returned by "ls -l" on Unix systems. Note: Is set only by version 3 of the SFTP protocol.
143
15.29 TScSFTPServerProperties
15.29.1 Description
Unit ScSFTPClient Description The TScSFTPServerProperties class holds detailed information about the SFTP server that server can send w hen establishing a connection. This class consists of the pairs of properties. One property holds information about the specific extension, and the other is a boolean property that specifies if this property w as received from the server. For example: property FilenameCharset: string; property FilenameCharsetAvailable: boolean; If the FilenameCharsetAvailable property is True, then the value of the FilenameCharset property may be used. Otherw ise FilenameCharset is not initialized.
144
15.29.2 Properties
15.29.2.1 TScSFTPServerProperties.FilenameCharset
property FilenameCharset: string; Description The FilenameCharset property contains the charset of file names used by server. If server sends information about filename charset, then filenames can be received in the specified encoding. If the server does not send this information, then the names of files w ill be converted and w ill be received in the UTF-8 encoding. If the server sent the filename charset and you w ant to receive data in the specified encoding, you should send TScFilenameTranslationControlE xtension w ith the DoTranslate property set to False. If you need to receive data in the UTF-8 encoding, you may send TScFilenameTranslationControlE xtension w ith the DoTranslate property set to True. To check if the information about filename charset w as received from the server use the FilenameCharsetAvailable property. See Also TScFilenameTranslationControlE xtension DoTranslate FilenameCharsetAvailable
15.29.2.2 TScSFTPServerProperties.FilenameCharsetAvailable
property FilenameCharsetAvailable: boolean; Description Use the FilenameCharsetAvailable property to check if the information about filename charset w as received from the server. If FilenameCharsetAvailable is True, then the FilenameCharset property w as set by the server. Otherw ise FilenameCharset is not initialized. See Also FilenameCharset
15.29.2.3 TScSFTPServerProperties.Newline
property Newline: string; Description The New line property contains new line sequences used on the server. New line sequences are used in order to process text files in a cross platform compatible w ay correctly. To check if data about new line sequences w as received from the server, use the New lineAvailable property. See Also New lineAvailable
15.29.2.4 TScSFTPServerProperties.NewlineAvailable
property NewlineAvailable: boolean; Description Use the New lineAvailable property to check if information about new line sequences w as received from
145
the server. If the New lineAvailable is True, then the New line property is set by the server. Otherw ise New line is not initialized. See Also New line
15.29.2.5 TScSFTPServerProperties.SupportedAcls
property SupportedAcls: TScSFTPSupportedAclExtension ; Description The SupportedAcls property holds the supported by server capabilities of the ACL attribute. To check if this extension w as receied from the server use the SupportedAclsAvailable property. See Also SupportedAclsAvailable
15.29.2.6 TScSFTPServerProperties.SupportedAclsAvailable
property SupportedAclsAvailable: boolean; Description Use the SupportedAclsAvailable property to check if the information about supported capabilities of the ACL attribute w as received from the server. If the SupportedAclsAvailable property is True, then the SupportedAcls property is set by the server. Otherw ise SupportedAcls is not initialized. See Also SupportedAcls
15.29.2.7 TScSFTPServerProperties.SupportedExtension
property SupportedExtension: TScSFTPSupportedExtension ; Description The SupportedE xtension contains features supported by server. To check if this extension w as received from the server, use the SupportedE xtensionAvailable property. See Also SupportedE xtensionAvailable
15.29.2.8 TScSFTPServerProperties.SupportedExtensionAvailable
property SupportedExtensionAvailable: boolean; Description Use the SupportedE xtensionAvailable property to check if the information about supported features w as received from the server. If the SupportedE xtensionAvailable property is True, then the SupportedE xtension property w as set by the server. Otherw ise SupportedE xtension is not initialized. See Also SupportedE xtension
146
15.29.2.9 TScSFTPServerProperties.Vendor
property Vendor: TScSFTPVendorExtension ; Description The Vendor property holds detailed information about the version and build of the SFTP server. To check if this extension w as received from the server use the VendorAvailable property. See Also VendorAvailable
15.29.2.10 TScSFTPServerProperties.VendorAvailable
property VendorAvailable: boolean; Description Use the VendorAvailable property to check if the Vendor extension w as received from the server. If the VendorAvailable property is True, then the Vendor property is set by the server. Otherw ise Vendor is not initialized. See Also Vendor
15.29.2.11 TScSFTPServerProperties.Versions
property Versions: TScSFTPVersionsExtension ; Description The Versions property contains a list of the SFTP protocol versions supported by the server. To check if this information w as received from the server use the VersionsAvailable property. See Also VersionsAvailable
15.29.2.12 TScSFTPServerProperties.VersionsAvailable
property VersionsAvailable: boolean; Description Use the VersionsAvailable property to check if the list of the supported SFTP protocol versions w as received from the server. If the VersionsAvailable property is True, then the Versions property w as set by the server. Otherw ise the Versions property is not initialized. See Also Versions
147
15.30 TScSFTPSupportedAclExtension
15.30.1 Description
Unit ScSFTPClient Description The TScSFTPSupportedAclE xtension class holds the capabilities of the ACL attribute supported by the server. The server sends this extension during the connection initialization. Note: Is supported starting w ith the version 6 of the SFTP protocol. See Also TScSFTPServerProperties.SupportedAcls
148
15.30.2 Properties
15.30.2.1 TScSFTPSupportedAclExtension.SupportedAcls
type TScSFTPSupportedAcl = (saAllow, saDeny, saAudit, saAlarm, saInheritAccess, saInheritAuditAlarm); TScSFTPSupportedAcls = set of TScSFTPSupportedAcl ; property SupportedAcls: TScSFTPSupportedAcls; Description The SupportedAcls property holds a set of the supported capabilities of the ACL attribute. Value saAllow saDeny saAudit saAlarm saInheritAccess saInheritAuditAlarm Meaning The server supports the associated ACL ACE type; The server supports the associated ACL ACE type; The server supports the associated ACL ACE type; The server supports the associated ACL ACE type; The server can control w hether an ACL w ill inherit DE NY and ALLOW ACE s that are marked as inheritable from it's parent object; The server can control w hether an ACL w ill inherit AUDIT or ALARM ACE s that are marked inheritable from it's parent object.
149
15.31 TScSFTPSupportedExtension
15.31.1 Description
Unit ScSFTPUtils Description Now SFTP protocol supports a number of features that may not be supported by all servers. When a server receives a request for a feature it does not support, it returns 'UNSUPPORTE D' error status code, unless otherw ise specified. The TScSFTPSupportedE xtension class facilitates clients that are able to use the maximum available feature set, and yet not be overburdened by dealing w ith the error status codes. Server sends this extension during the connection initialization. When client executes some command, it checks if this operation and its attributes are supported. In case server does not support this operation or its attributes, it generates an exception or uses a mask for the attributes depending on the value of the RaiseE rror property. Note: Is supported since the version 5 of the SFTP protocol. See Also TScSFTPServerProperties.SupportedE xtension
150
15.31.2 Properties
15.31.2.1 TScSFTPSupportedExtension.MaxReadSize
property MaxReadSize: Integer; Description The M axReadSize property holds the maximum read size that the server guarantees to complete. For example, certain server implementations complete only the first 4K of a read, even if there is additional data to be read from the file.
15.31.2.2 TScSFTPSupportedExtension.RaiseError
property RaiseError: Boolean; Description If the RaiseE rror property is set to True, an error is raised w hen attempting to execute an invalid command or attributes. In this case the command is not sent to the server. If False, then a mask is applied to the attributes (if possible) and the command is sent to the server. In this case, if the server does not support the command, it w ill return an error message. The default value is True.
15.31.2.3 TScSFTPSupportedExtension.SupportedAccessMask
property SupportedAccessMask: TScSFTPAceMask ; Description Use the SupportedAccessmask property to specify the supported access flags on file opening using TScSFTPClient.OpenFile. See Also TScSFTPClient.OpenFile
15.31.2.4 TScSFTPSupportedExtension.SupportedAttribExtensionNames
property SupportedAttribExtensionNames: TStringList; Description The SupportedAttribE xtensionNames property holds the list of extension names that can be used in TScSFTPFileAttributes.E xtendedAttributes.
15.31.2.5 TScSFTPSupportedExtension.SupportedAttributeBits
property SupportedAttributeBits: TScSFTPFileAttrs ; Description Use the SupportedAttributeBits property to specify the file attributes (supported by the server) usage in TScSFTPFileAttributes.Attrs.
15.31.2.6 TScSFTPSupportedExtension.SupportedAttributes
property SupportedAttributes: TScSFTPAttributes;
151
Description Use the SupportedAttributes property to specify the attributes (supported by the server) of TScSFTPFileAttributes. See Also ValidAttributes
15.31.2.7 TScSFTPSupportedExtension.SupportedBlockModes
property SupportedBlockModes: TScSFTPBlockModes ; Description Use the SupportedBlockM odes property to pass the supported block modes as one of the supported parameters to the TScSFTPClient.OpenFile method on file opening. See Also TScSFTPClient.OpenFile
15.31.2.8 TScSFTPSupportedExtension.SupportedExtensionNames
property SupportedExtensionNames: TStringList; Description The SupportedE xtensionNames property holds the list of extension that can be used in the TScSFTPClient.RequestE xtension method. See Also TScSFTPClient.RequestE xtension
15.31.2.9 TScSFTPSupportedExtension.SupportedOpenFlags
property SupportedOpenFlags: TScSFTPFileOpenFlags; Description Use the SupportedOpenFlags property to specify the supported file open flags used in TScSFTPClient. OpenFile. See Also TScSFTPClient.OpenFile
152
15.31.3 Methods
15.31.3.1 TScSFTPSupportedExtension.IsSupportedBlockSet
function IsSupportedBlockSet(const BlockModes: TScSFTPBlockModes): boolean; Description Call the IsSupportedBlockSet method to check if the specified block modes set is supported by SFTP server on file opening. If the mode is supported, it returns True. False otherw ise. See Also OpenFile
15.31.3.2 TScSFTPSupportedExtension.IsSupportedOpenBlockSet
function IsSupportedOpenBlockSet(const BlockModes: TScSFTPBlockModes): boolean; Description Call the IsSupportedOpenBlockSet to check if the specified block modes set is supported by SFTP server on requesting to block a file. If the mode is supported, it returns True. False otherw ise. See Also Block
153
15.32 TScSFTPVendorExtension
15.32.1 Description
Unit ScSFTPUtils Description It is often necessary to detect the version of the server to w orkaround bugs. This extension allow s the client to do so. Server sends this extension during the connection initialization. See Also Vendor
154
15.32.2 Properties
15.32.2.1 TScSFTPVendorExtension.ProductBuildNumber
property ProductBuildNumber: Int64; Description The ProductBuildNumber property holds the build-number for the product. So, if a bug is fixed in the build-number 'x', it can be assumed that (barring regression in the product) it is fixed in all build-numbers after 'x'.
15.32.2.2 TScSFTPVendorExtension.ProductName
property ProductName: string; Description The ProductName property holds an arbitrary name identifying the product.
15.32.2.3 TScSFTPVendorExtension.ProductVersion
property ProductVersion: string; Description The ProductVersion property holds an arbitrary string identifying the version of the product.
15.32.2.4 TScSFTPVendorExtension.VendorName
property VendorName: string; Description The VendorName property holds an arbitrary name identifying the product vendor.
155
15.33 TScSFTPVersionsExtension
15.33.1 Description
Unit ScSFTPClient Description If the server supports any other versions besides the one that w as sent by client during negotiation, it may send this extension to inform the client of this fact. In this case the client may choose w hich of the supported versions to use. Server sends this extension during the connection initialization. See Also Versions
156
15.33.2 Properties
15.33.2.1 TScSFTPVersionsExtension.AsString
property AsString: string; Description The AsString property holds a string of version numbers separated by commas. The defined versions are: "2", "3", "4", "5", "6". Any other version advertised by the server should follow the DNS extensibility naming convention outlined in [I-D.ietf-secsh-architecture]. For example: "2,3,6,private@example.com".
15.33.2.2 TScSFTPVersionsExtension.Versions
type TScSFTPVersion = (vSFTP0, vSFTP1, vSFTP2, vSFTP3, vSFTP4, vSFTP5, vSFTP6) ; TScSFTPVersions = set of TScSFTPVersion; property Versions: TScSFTPVersions; Description The Versions property is an unparsed set of versions that are supported by the server. The AsString property holds this set as a string of version numbers separated by commas.
157
15.34 TScSpaceAvailableReplyExtension
15.34.1 Description
Unit ScSFTPUtils Description The TScSpaceAvailableReplyE xtension class holds the answ er of the SFTP server on the request of the QueryAvailableSpace extension. See Also QueryAvailableSpace
158
15.34.2 Properties
15.34.2.1 TScSpaceAvailableReplyExtension.BytesAvailableToUser
property BytesAvailableToUser: Int64; Description The BytesAvailableToUser property holds the total number of bytes, both used and unused, available to the authenticated user on the device. Holds 0 if this number is unknow n.
15.34.2.2 TScSpaceAvailableReplyExtension.BytesOnDevice
property BytesOnDevice: Int64; Description The BytesOnDevice property holds the total number of bytes on the device, both used and unused. Is 0 if the total number of bytes is unknow n.
15.34.2.3 TScSpaceAvailableReplyExtension.BytesPerAllocationUnit
property BytesPerAllocationUnit: Int64; Description The BytesPerAllocationUnit property holds the number of bytes in each allocation unit on the device, or in other w ords, the minimum number of bytes that a file allocation size can grow or shrink by. If the server does not know this information, or the file-system in use does not use allocation blocks, this value must be 0.
15.34.2.4 TScSpaceAvailableReplyExtension.UnusedBytesAvailableToUser
property UnusedBytesAvailableToUser: Int64; Description The UnusedBytesAvailableToUser property holds the total number of unused bytes available to the authenticated user on the device. Holds 0 if the number is unknow n.
15.34.2.5 TScSpaceAvailableReplyExtension.UnusedBytesOnDevice
property UnusedBytesOnDevice: Int64; Description The UnusedBytesOnDevice property holds the total number of unused bytes available on the device. Holds 0 if the number unknow n.
159
15.35 TScSSHChannel
15.35.1 Description
Unit ScSSHChannel Description TScSSHChannel is the component that creates logical connection via an SSH tunnel and gives an interface for data exchange. Physically the secure connection is provided by an SSH client that can be assigned to the Client property. When setting the Direct property to True, a connection to specified DestHost and DestPort via secure channel is established. To exchange data, you should use the ReadBuffer and WriteBuffer functions. If the Direct property is not set, the component lets you forw arding data from one machine to another through an encrypted SSH tunnel. In this case the component is listening the SourcePort on the local or remote host (depending on the Remote property) and forw ards received data to specified DestHost and DestPort. See Also Connected TScSSHClient Step-by-step tutorial SSH-tunnel principles
160
15.35.2 Properties
15.35.2.1 TScSSHChannel.Connected
property Connected: Boolean; Description If the Direct property is set to True, Connected determines w hether the connection to the specified DestHost is established. Otherw ise, it determines w hether the port forw arding is running. If Direct is False, and you are setting Connected to True, the component starts listening SourcePort on the local or remote host (on w hich the SSH server is located) depending on the Remote property value. If someone is connected to this port, the logical connection to the specified DestHost and DestPort is established. When setting Connected to False, all open channels are closed and the listener thread is terminated and freed. Note: To establish a connection, it is required to set the Client property w ith a component that provides secure physical connection to the SSH server. After the connection is established, the information w ill be transferred through the secure channel. See Also Gatew ayPorts
15.35.2.2 TScSSHChannel.DestHost
property DestHost: string; Description A host name to w hich the connection w ill be established. See Also DestPort Connected
15.35.2.3 TScSSHChannel.DestPort
property DestPort: integer; Description Use DestPort to specify the port number on DestHost for TCP/IP connection. See Also DestHost Connected
15.35.2.4 TScSSHChannel.Direct
property Direct: Boolean; Description It Direct is True, the direct connection to the specified DestHost and DestPort w ill be created. Otherw ise the component w ill forw ard data from one machine to another through an encrypted SSH channel.
161
See Also Connected

15.35.2.5 TScSSHChannel.GatewayPorts
property GatewayPorts: Boolean; Description Specifies w hether remote hosts are allow ed to connect to forw arded SourcePort. If Gatew ayPorts is False (default value), remote hosts are not allow ed to connect to forw arded ports.
15.35.2.6 TScSSHChannel.InCount
property InCount: integer; Description Determines data size received from the server. This data can be obtained using the ReadBuffer method. Note: This property has sense only if the Direct and NonBlocking properties are set to True. See Also Direct NonBlocking ReadBuffer
15.35.2.7 TScSSHChannel.NonBlocking
property NonBlocking: Boolean; Description Use this property to determine w hat data transferring mode w ill be used: synchronous or asynchronous. If NonBlocking is True, the WriteBuffer method w ill not block the execution of other code in the application. The data is transferred in asynchronous mode. When data is received from the server, the OnAsyncReceive event arises. Note: This property has sense only if the Direct property is set to True. See Also InCount OutCount OnAsyncReceive OnAsyncE rror ReadBuffer WriteBuffer
15.35.2.8 TScSSHChannel.OutCount
property OutCount: Integer; Description Determines data size that is w aiting for sending to the server.
162
Note: This property has sense only if the Direct and NonBlocking properties are set to True. See Also NonBlocking WriteBuffer
15.35.2.9 TScSSHChannel.Remote
property Remote: Boolean; Description Determines on w hich side the SourcePort w ill be listened w hen port forw arding. If this property is False, port on the localhost w ill be listened, if Remote is True - port on the remote host (on w hich the SSH server is located) w ill be listened. Note: This property has sense only if the Direct property is set to False. See Also Connected
15.35.2.10 TScSSHChannel.SourcePort
property SourcePort: integer; Description Use the SourcePort property to specify the port number that w ill be listened on the local or remote host for port forw arding. See Also Connected Gatew ayPorts
15.35.2.11 TScSSHChannel.SSHStream
property SSHStream: TScSSHStream; Description Use SSHStream to access the object that lets w orking w ith an SSH channel through the Stream interface.
163
15.35.3 Methods
15.35.3.1 TScSSHChannel.ReadBuf f er
{$IFNDEF CLR} function ReadBuffer(var Buffer; const Count: Longint): Longint; overload; {$ENDIF} function ReadBuffer(var Buffer: TBytes; const Offset, Count: Longint): Longint; overlo Description Call ReadBuffer to read Count bytes from the stream into Buffer . ReadBuffer returns bytes count that w ere actually read. If size of the received data is less than Count bytes, ReadBuffer w aits during amount of time specified in Timeout, and then returns control. If the NonBlocking property is True, the OnAsyncReceive event arises w hen data from the server is received asynchronously. It means that you can call ReadBuffer to read this data. The InCount property indicates the size of received data. Note: This method w orks only if the Direct property is set to True. Otherw ise, an exception is raised. See Also NonBlocking WriteBuffer
15.35.3.2 TScSSHChannel.WriteBuf f er
{$IFNDEF CLR} function WriteBuffer(const Buffer; const Count: Longint): Longint; overload; {$ENDIF} function WriteBuffer(const Buffer: TBytes; const Offset, Count: Longint): Longint; ove Description Call WriteBuffer transfer Count bytes from Buffer through an existent connection. The function returns bytes count that w as actually transferred. Note: This method w orks only if the Direct property is set to True. Otherw ise, an exception is raised. Note: If the NonBlocking property is True, the function returns control immediately. Data is transferred asynchronously. The OutCount indicates size of the data that is w aiting for sending to the server. See Also NonBlocking ReadBuffer
15.35.3.3 TScSSHChannel.WriteString
Unit ScSSHChannel
164
Description TScSSHShell is responsible for opening the shell on remote side. Usually, there is only one shell logical connection established during secure session. Physically secure connection is provided by SSH client that can be assigned to the Client property. There are tw ow ays to use this component. The first w ay is to execute a command w ith the E xecuteCommand method. The second w ay is connection in NonBlocking mode. Set NonBlocking to True, connect to the server, send commands to the server using the WriteString method. The OnAsyncReceive event notifies that some data from the server w as received. Use the ReadString method to read it. See Also TScSSHClient SSHShell demo
165
15.35.4 Events
15.35.4.1 TScSSHChannel.OnError
type TScError = procedure(Sender: TObject; E: Exception) of object; property OnError: TScError; Description Occurs w ith local port forw arding if an error arose in the listening thread. Sender is the object that raised the exception. E is the exception object that describes the exception. See Also Connected
15.35.4.2 TScSSHChannel.OnSocketConnect
type TScSocketEvent = procedure(Sender: TObject; const SockAddr: {$IFNDEF CLR} TSockAddr{$ELSE}IPEndPoint{$ENDIF}) of object; property OnSocketConnect: TScSocketEvent; Description This event occurs if someone tries to connect to the SourcePort w hen local port forw arding. Sender is the object that raised the event. SockAddr it the object that describes the socket for data exchange. See Also OnSocketDisconnect Connected
15.35.4.3 TScSSHChannel.OnSocketDisconnect
type TScSocketEvent = procedure(Sender: TObject; const SockAddr: {$IFNDEF CLR} TSockAddr{$ELSE}IPEndPoint{$ENDIF}) of object; property OnSocketDisconnect: TScSocketEvent; Description This event occurs if the socket w hich the connection w as established w ith, become closed or broken. Sender is the object that raised the event. SockAddr it the object that describes the socket for data exchange. See Also OnSocketConnect Connected
166
15.36 TScSSHClient
15.36.1 Description
Unit ScSSHClient Description TScSSHClient is a component that implements functionality of SSH client. TScSSHClient unites several logical server connections in one physical secure connection. Logical connections can exist in different threads. It connects to the SSH server to w hich point the HostName and Port properties. To connect to an SSH server, you can use the follow ing parameters: ill be used by the server to authenticate the client. authentication method Authentication that w asymmetric encrypting algorithms HostKeyAlgorithms and server public key HostKeyName are used by the client to authenticate for the SSH server; symmetric encrypting algorithms CiphersClient and CiphersServer to encrypt transferred data; ord, PrivateKeyName . information about user: User, Passw See Also Connected Step-by-step tutorial SSH-tunnel destination
167
15.36.2 Properties
15.36.2.1 TScSSHClient.Authentication
type TScSSHAuthentication = (atPublicKey, atPassword, atKeyboardInteractive); property Authentication: TScSSHAuthentication; Description The Authentication property determines w hat method w ill be used by server to authenticate the client. atPublicKey authentication by the user's public key. Under this authentication method, server verifies user the name User and the client key PrivateKeyName . If a public key on the server corresponds to this user, the user can login to this server if he have a secret key. This method is considered more secure than atPassword, because the key is harder to crack. You should take care the key to be periodically regenerated and confidential delivered (see the Keys transferring topic). authentication by passw ord. Under this authentication method, server verifies the user name User and passw ord of the user Passw ord. The passw ord should be pretty length to ensure high secure level. The long passw ord name, the harder it to crack. keyboard-interactive authentication.
atPassword
atKeyboardInteractive See Also Connected

15.36.2.2 TScSSHClient.CiphersClient
property CiphersClient: TScSSHCiphers ; Description The CiphersClient property holds a list of the acceptable symmetric algorithms that can be used for encrypting data that is passed from client to server. See Also Connected
15.36.2.3 TScSSHClient.CiphersServer
property CiphersServer: TScSSHCiphers ; Description The CiphersServer property holds a list of the acceptable symmetric algorithms that can be used for encrypting data that is passed from server to client. See Also
168
Connected
15.36.2.4 TScSSHClient.ClientInf o
property ClientInfo: TScSSHClientInfo ; Description Holds information about the current connection. ClientInfo is initialized after the client is authenticated by server. See Also Connected
15.36.2.5 TScSSHClient.Connected
property Connected: Boolean; Description Determines w hether the connection to SSH server is established. Sw itch it to True, to establish connection to SSH server. Sw itch it to False, to close the connection to SSH server.
See Also Connect Disconnect

15.36.2.6 TScSSHClient.HostKeyAlgorithms
property HostKeyAlgorithms: TScSSHHostKeyAlgorithms ; Description The HostKeyAlgorithms property holds the list of the algorithms supported for the server host key. Specify the asymmetric algorithms, for w hat the client have a server public key, or w ant to obtain this key. This key used by client to authenticate the server. See Also HostKeyName Connected
15.36.2.7 TScSSHClient.HostKeyName
property HostKeyName: string; Description Determines name of the server public key that is stored in KeyStorage. The public key received from the server is compared w ith the key from KeyStorage w hen server is authenticating. If the keys does not coincide, or the corresponding key is not found in the Storage, the OnServerKeyValidate event is raised. If the keys coincide, the server is considered valid.
169
Note: If HostKeyName is not specified, the key is searched by HostName. See Also OnServerKeyValidate HostKeyAlgorithms
15.36.2.8 TScSSHClient.HostName
property HostName: string; Description Host name to connect to SSH server. See Also Port Connected
15.36.2.9 TScSSHClient.KeyStorage
property KeyStorage: TScStorage; Description KeyStorage is used to access key list in storage. If KeyStorage is not assigned, an exception w ill be raised w hen attempting to connect. See Also HostKeyName PrivateKeyName
15.36.2.10 TScSSHClient.Options
type TScSSHClientOptions = class(TPersistent) published property RekeyLimit: string; property ServerAliveCountMax: integer; property ServerAliveInterval: integer; property TCPKeepAlive: Boolean; property BindAddress: string; property ClientVersion: string; property MsgIgnoreRate: integer; end; property Options: TScSSHClientOptions; Description Options determines behaviour of a TScSSHClient object. The members of the Options are described below : Property RekeyLimit Description This option determines how much data can be transferred before the
170
session key is renegotiated. You can specify a number w ith a prefix that indicates unit (K - Kilobytes, M - M egabytes, G - Gigabytes). ServerAliveCountMax Determines how many messages may be sent to server before a message from the server is received. If the value of this property is reached, TScSSHClient w ill disconnect from the server. The default value is 3. Determines a timeout interval in seconds after w hich TScSSHClient w ill send a message through the encrypted channel to request a response from the server if no data has been received from the server. The default value is 0. It means that these messages w ill not be sent to the server. This option specifies w hether the system should send TCP keep alive messages to the other side. If they are sent, death of the connection or crash of one of the machines w ill be properly noticed. Use the specified address on the local machine as the source address of the connection. Only useful on systems w ith more than one address. The version of the SSH-client. Determines probability of sending a packet that w ill be ignore by the server (SSH_M SG_IGNORE packets) after each data packet. These ignore packets are intended for increasing data protection level against cracking by traffic analyzing. The value of this property can vary from 0 to 100. 0 means that no ignore packages w ill be sent. 100 means that one ignore package w ill be sent after the each data package. Note: The traffic is increased w hen you increase the value of this option.
ServerAliveInterval
TCPKeepAlive
BindAddress
ClientVersion MsgIgnoreRate
See Also Connected

15.36.2.11 TScSSHClient.Password
property Password: string; Description Passw ord is used to connect to the server w hen user is authenticated by passw ord. See Also Authentication Connected
15.36.2.12 TScSSHClient.Port
property Port: integer; Description Use Port property to specify port number for TCP/IP connection w ith SSH-server.
171
The default value is 22. See Also HostName Connected

15.36.2.13 TScSSHClient.PrivateKeyName
property PrivateKeyName: string; Description Specifies private key name that is stored in KeyStorage. If the authentication by key is used, the user must have his pair of keys. The public key should be transferred to the server, w hile the private key w ill be used by the client to sign data, that w ill be used by server to authenticate the user. Note: If PrivateKeyName is not specified, the key w ill be searched by the name in User. See Also Authentication Keys transferring
15.36.2.14 TScSSHClient.Timeout
property Timeout: integer; Description Determines the time interval in seconds during w hich the client w ill try to obtain data from the server w hen authenticating. If data is not obtained, the connection becomes closed. The default value is 15. See Also Connected
15.36.2.15 TScSSHClient.User
property User: string; Description User name that is used to connect to the server. See Also Passw ord Connected
172
15.36.3 Methods
15.36.3.1 TScSSHClient.Connect
procedure Connect; Description E stablishes connection to SSH server. Connect sets the Connected property to True.
See Also Disconnect AfterConnect BeforeConnect

15.36.3.2 TScSSHClient.Disconnect
procedure Disconnect; Description Closes an existent connection to SSH server. Disconnect sets the Connected property to False.
See Also Connect AfterDisconnect BeforeDisconnect
173
15.36.4 Events
15.36.4.1 TScSSHClient.Af terConnect
property AfterConnect: TNotifyEvent; Description Occurs after a connection to an SSH server is established. See Also AfterDisconnect BeforeConnect BeforeDisconnect Connected
15.36.4.2 TScSSHClient.Af terDisconnect
property AfterDisconnect: TNotifyEvent; Description Occurs after the connection to an SSH server becomes closed. See Also AfterConnect BeforeConnect BeforeDisconnect Connected
15.36.4.3 TScSSHClient.Bef oreConnect
property BeforeConnect: TNotifyEvent; Description Occurs immediately before establishing a connection to an SSH server. See Also AfterConnect AfterDisconnect BeforeDisconnect Connected
15.36.4.4 TScSSHClient.Bef oreDisconnect
property BeforeDisconnect: TNotifyEvent; Description Occurs immediately before the connection to an SSH server becomes closed. See Also AfterConnect AfterDisconnect BeforeConnect Connected
174
15.36.4.5 TScSSHClient.OnBanner
type TBannerEvent = procedure(Sender: TObject; const Banner: string) of object; property OnBanner: TBannerEvent; Description Occurs if SSH server returns a banner w hen authenticating. The Banner hold received banner. The banner may contain a w arning message or any other information message. See Also Connected
15.36.4.6 TScSSHClient.OnServerKeyValidate
type TScServerKeyValidate = procedure(Sender: TObject; NewServerKey: TScKey; var Accept: Boolean) of object; property OnServerKeyValidate: TScServerKeyValidate; Description Occurs if the key received from the server and the key specified in HostKeyName does not coincide. It the client connects to the server for the first time and does not have the server public key, it is possible to accept the key received from the server. This key w ill be stored in Storage. It w ill be used to authenticate the server in the future. But in this case to provide safety, you ought to verify in any w ay (e. g. by phone) the key print. If you trust the server, set the Accept to True to establish the connection. To get the key print, use the GetFingerprint method. To save a key to the Storage, specify the key name (New ServerKey.KeyName) and invoke KeyStorage. Keys.Add(New ServerKey) . Parameters: Sender - the object that raised the event; NewServerKey - the public key received from the server; hen Accept is set to True, the server is considered valid, and the server authentication Accept - w is successful. When Accept is set to False, the server is considered invalid and the connection is closed. See Also HostKeyName Connected
175
15.37 TScSSHCustomChannel
15.37.1 Description
Unit ScSSHChannel Description TScSSHCustomChannel is an abstract class that ensures the logical connection creation via the SSH tunnel and gives an interface for data exchange. Physically a secure connection is provided by an SSH client that can be assigned to the Client property. To exchange data, you should use ReadBuffer , ReadString and WriteBuffer, WriteString methods. See Also TScSSHChannel TScSSHShell TScSSHClient
176
15.37.2 Properties
15.37.2.1 TScSSHCustomChannel.Client
property Client: TScSSHClient; Description The Client property determines the physical connection betw een SSH client and SSH server. This connection is used to exchange data. To create a logical connection, the Client property must be set. This property can be set at design time by selecting a TScSSHClient object from the provided list. At runtime, set the Client property to reference of an existent TScSSHClient object.
15.37.2.2 TScSSHCustomChannel.Connected
property Connected: Boolean; Description Connected determines, w hether the connection is established. Sw itch it to True, to establish a logical connection to an SSH server. Sw itch it to False, to close a logical connection to the SSH server. Note: To establish a connection, it is required to set the Client property, that provides secure physical connection to the SSH server. After the connection is established, the information is transferred through the secure channel. See Also Client
15.37.2.3 TScSSHCustomChannel.InCount
property InCount: integer; Description Determines data size received from the server. This data can be obtained using the ReadBuffer method. Note: This property has sense only if the NonBlocking property is set to True. See Also NonBlocking ReadBuffer
15.37.2.4 TScSSHCustomChannel.NonBlocking
property NonBlocking: Boolean; Description Use this property to determine w hat data transferring mode w ill be used: synchronous or asynchronous. If NonBlocking is True, the WriteBuffer method w ill not block the execution of other code in the application. The data is transferred in asynchronous mode. When data is received from the server, the OnAsyncReceive event w ill arise. See Also InCount OutCount OnAsyncReceive
177
OnAsyncE rror ReadBuffer WriteBuffer

15.37.2.5 TScSSHCustomChannel.OutCount
property OutCount: Integer; Description Determines data size that is w aiting for sending to the server. Note: This property has sense only if the NonBlocking properties are set to True. See Also NonBlocking WriteBuffer
15.37.2.6 TScSSHCustomChannel.Timeout
property Timeout: integer; Description Determines amount of time during which the client makes attempts to obtain data from the server. It is measured in seconds. Default value is 1. See Also ReadBuffer
178
15.37.3 Methods
15.37.3.1 TScSSHCustomChannel.Connect
procedure Connect; Description Call Connect to establish a logical connection through an SSH tunnel. Connect sets the Connected property to True. See Also Connected
15.37.3.2 TScSSHCustomChannel.Disconnect
procedure Disconnect; Description Call Disconnect to close a logical connection through an SSH tunnel. Disconnect sets the Connected property to False. See Also Connected
15.37.3.3 TScSSHCustomChannel.ReadBuf f er
{$IFNDEF CLR} function ReadBuffer(var Buffer; const Count: Longint): Longint; overload; {$ENDIF} function ReadBuffer(var Buffer: TBytes; const Offset, Count: Longint): Longint; overlo Description Call ReadBuffer to read Count bytes from the stream into Buffer. ReadBuffer returns bytes count that w as actually read. If size of the received data is less than Count bytes, ReadBuffer w aits during amount of time specified in Timeout, and then returns control. Note: If the NonBlocking property is True, the OnAsyncReceive event arises w hen data from server is received. The InCount property indicates the size of received data. See Also NonBlocking WriteBuffer
15.37.3.4 TScSSHCustomChannel.ReadString
function ReadString: string; Description The ReadString method reads all data from the stream and returns it as a string.
179
Note: If the NonBlocking property is True, the OnAsyncReceive event arises w hen data from server is received. See Also ReadBuffer WriteString
15.37.3.5 TScSSHCustomChannel.WriteBuf f er
{$IFNDEF CLR} function WriteBuffer(const Buffer; const Count: Longint): Longint; overload; {$ENDIF} function WriteBuffer(const Buffer: TBytes; const Offset, Count: Longint): Longint; ove Description Call WriteBuffer transfer Count bytes from Buffer through an existent connection. The function returns bytes count that w as actually transferred. Note: If the NonBlocking property is True, the function returns control immediately. Data is transferred asynchronous. The OutCount indicates size of the data that is w aiting for sending to the server. See Also NonBlocking ReadBuffer
180
15.37.4 Events
15.37.4.1 TScSSHCustomChannel.OnAsyncError
type TScAsyncError = procedure (Sender: TObject; E: Exception) of object; property OnAsyncError: TScAsyncError; Description Occurs w hen an exception is raised during asynchronous data receiving or transferring. Sender is the object that raised the exception. E is the exception object that describes the exception. Note: This event occurs only if NonBlocking is True. See Also NonBlocking
15.37.4.2 TScSSHCustomChannel.OnAsyncReceive
type TScAsyncReceive = procedure(Sender: TObject) of object; property OnAsyncReceive: TScAsyncReceive; Description Occurs w hen data is received from the server in asynchronous mode. The data can be read w ith the ReadBuffer method. The InCount property indicates size of received data. This event occurs only if NonBlocking is True. See Also NonBlocking
15.37.4.3 TScSSHCustomChannel.OnConnect
property OnConnect: TNotifyEvent; Description Occurs before establishing logical connection through an SSH tunnel. See Also OnDisconnect
15.37.4.4 TScSSHCustomChannel.OnDisconnect
property OnDisconnect: TNotifyEvent; Description Occurs after the logical connection to an SSH server becomes closed. See Also
181
OnConnect
182
15.38 TScSSHServer
15.38.1 Description
Unit ScSSHServer Description The TScSSHServer component implements functions of SSH server. TScSSHServer listens to the port TCP/IP port specified in the Port property, and if an SSH client tries to connect to this port, TScSSHServer authenticates the client. If authentication is successful, it w ill establish connection. After that the TScSSHServer carries out client queries. Storage.Users holds the list of the users that are allow ed to connect to the server.
See Also Active TScSSHClient Step-by-step tutorial
183
15.38.2 Properties
15.38.2.1 TScSSHServer.Active
property Active: Boolean; Description Indicates w hether the SSH server is running. Set Active to True to run the SSH server. After the server is activated, it starts listening the TCP/IP specified in the Port property. Set Active to False to stop the SSH server. See Also Port Storage
15.38.2.2 TScSSHServer.Authentications
type TScSSHAuthentication = (atPublicKey, atPassword); TScSSHAuthentications = set of TScSSHAuthentication; property Authentications: TScSSHAuthentications; Description The Authentications property holds a set of acceptable client authentication methods. atPublicKey atPassword authentication by public key; authentication by passw ord.
15.38.2.3 TScSSHServer.Ciphers
property Ciphers: TScSymmetricAlgorithms ; Description The Ciphers property holds a set of the acceptable symmetric encryption algorithms, that are used for encrypting transferred data.
15.38.2.4 TScSSHServer.HostKeyAlgorithms
property HostKeyAlgorithms: TScAsymmetricAlgorithms ; Description The HostKeyAlgorithms property holds set of the algorithms supported for the host key. Indicate the asymmetric algorithms, for w hich server has private key that. This key is used by client to authenticate the server. See Also KeyNameRSA KeyNameDSA
184
15.38.2.5 TScSSHServer.KeyNameDSA
property KeyNameDSA: string; Description Determines name of the private DSA key that is stored in Storage.
The server must have one or more couples of keys so that clients are able to authenticate the server. The
public key should be passed to the client. The private key w ill be used by the server w hen authenticating. Note: If KeyNameDSA is not specified, the key is searched by the name 'ssh-dss'. See Also KeyNameRSA HostKeyAlgorithms TScSSHClient.HostKeyName Keys transferring
15.38.2.6 TScSSHServer.KeyNameRSA
property KeyNameRSA: string; Description Determines name of the private RSA key that is stored in Storage.
The server must have one or more couples of keys so that clients are able to authenticate the server. The
public key should be passed to the client. The private key w ill be used by the server w hen authenticating. Note: If KeyNameRSA is not specified, the key is searched by the name 'ssh-dss'. See Also KeyNameDSA HostKeyAlgorithms TScSSHClient.HostKeyName Keys transferring
15.38.2.7 TScSSHServer.Options
type TScSSHServerOptions = class(TPersistent) published property AllowEmptyPassword: Boolean; property Banner: string; property ClientAliveCountMax: integer; property ClientAliveInterval: integer; property RekeyLimit: string; property TCPKeepAlive: Boolean; property ListenAddress: string; property MaxStartups: integer; end;
185
property Options: TScSSHServerOptions; Description Set properties of Options to specify the behaviour of TScSSHServer object. The meanings of Options' properties are: Property AllowEmptyPassword Banner Description Determines w hether connection w ith an empty passw ord is allow ed. Holds a w arning message that is sent to a client before authentication is allow ed. Determines how many messages may be sent to a client before a message from the client is received. If the value of this property is reached, TScSSHServer w ill close connection w ith this client. The default value is 3. Determines a timeout interval in seconds after w hich TScSSHServer w ill send a message through the encrypted channel to request a response from the client if no data has been received from the client. The default value is 0. It means that these messages w ill not be sent to the client. This option determines how much data can be transferred before the session key is renegotiated. You can specify a number w ith a prefix that indicates unit (K - Kilobytes, M - M egabytes, G - Gigabytes). Specifies w hether the system should send TCP keepalive messages to the other side. If they are sent, death of the connection or crash of one of the machines w ill be properly noticed. Useful on systems w ith more than one IP. Specifies the local address w hich TScSSHServer should listen to. If there are several netcards installed on the computer, and ListenAddress is not assigned, the "0.0.0.0" address w ill be listened. It means that it is possible to connect to any of the installed netcards. Specifies the maximum number of concurrent unauthenticated connections to the TScSSHServer. Additional connections w ill be dropped until authentication succeeds. The default is 20.
ClientAliveCountMax
ClientAliveInterval
RekeyLimit
TCPKeepAlive
ListenAddress
MaxStartups
See Also Active

15.38.2.8 TScSSHServer.Port
property Port: integer; Description Use the Port property to specify w hat TCP/IP port w ill TScSSHServer listen on.
186
The default value is 22. See Also Active

15.38.2.9 TScSSHServer.ServerVersion
property ServerVersion: string; Description The version of the SSH server. See Also Active
15.38.2.10 TScSSHServer.Storage
property Storage: TScStorage; Description Use this property to store keys and user list in storage. The Storage.Users holds the user list that can connect to the server.
15.38.2.11 TScSSHServer.Timeout
property Timeout: integer; Description Determines time interval in seconds during w hich the server w ill be trying to obtain data from the client w hen authenticating. If the data is not received, server closes this connection. The default value is 15.
187
15.38.3 Methods
15.38.3.1 TScSSHServer.SendToClient
{$IFNDEF CLR} procedure SendToClient(ChannelInfo: TScSSHChannelInfo ; const Buffer; const Count: Longint); overload; {$ENDIF} procedure SendToClient(ChannelInfo: TScSSHChannelInfo ; const Buffer: TBytes; const Offset, Count: Longint); overload; Description Use SendToClient, to send data to SSH client. Use this method if for the channel specified in ChannelInfo. The direct mode is used. To handle data received from the client, the OnDataFromClient and OnDataToClient events are used. Parameters: ChannelInfo - holds an information about SSH channel; Buffer - points to the buffer that contains data to be transferred ; Offset - zero-based byte offset in Buffer that indicates location of the data to transfer; Count - length of the data to be transferred .
188
15.38.4 Events
15.38.4.1 TScSSHServer.Af terChannelDisconnect
type TScAfterChannelDisconnect = procedure(Sender: TObject; ChannelInfo: TScSSHChannelInfo ) of object; property AfterChannelDisconnect: TScAfterChannelDisconnect; Description Occurs after the SSH channel is disconnected. Parameters: Sender - the object that raised the event; ChannelInfo - holds an information about the current SSH channel.
15.38.4.2 TScSSHServer.Af terShellDisconnect
type TScAfterShellDisconnect = procedure(Sender: TObject; ClientInfo: TScSSHClientInfo ) of object; property AfterShellDisconnect: TScAfterShellDisconnect; Description Occurs after the SSH shell session is disconnected. Parameters: Sender - the object that raised the event; ClientInfo - holds information about the current connection state. See Also TScSSHShell
15.38.4.3 TScSSHServer.Af terClientConnect
type TScClientEvent = procedure(Sender: TObject; ClientInfo: TScSSHClientInfo ) of object; property AfterClientConnect: TScClientEvent; Description This event occurs after the connection w ith an SSH client is established. Parameters: hich the client connects; Sender - an SSH server to w ClientInfo - holds an information about the current state.
189
15.38.4.4 TScSSHServer.Af terClientDisconnect
type TScClientEvent = procedure(Sender: TObject; ClientInfo: TScSSHClientInfo ) of object; property AfterClientDisconnect: TScClientEvent; Description Occurs after an SSH client is disconnected, or if connection to the client is lost. Parameters: Sender - an SSH server that raised the event; ClientInfo - holds an information about the current state.
15.38.4.5 TScSSHServer.Bef oreChannelConnect
type TScBeforeChannelConnect = procedure(Sender: TObject; ChannelInfo: TScSSHChannelInfo ; var Direct: Boolean) of object; property BeforeChannelConnect: TScBeforeChannelConnect; Description This event occurs on opening a new channel. If you set the Direct parameter to True, the data obtained from the client w ill not be transferred anyw here. It is required to add a handler for the OnDataFromClient event to handle the data obtained from client. Parameters: Sender - the object that raised the event; ChannelInfo - holds an information about the current SSH channel; hether the data obtained from the client w ill be transferred to the host and port Direct - determines w specified by user. Set Direct to True if you w ant to process the data received from the client yourself. See Also OnDataFromClient OnDataToClient
15.38.4.6 TScSSHServer.Bef oreShellConnect
type TScBeforeShellConnect = procedure(Sender: TObject; ClientInfo: TScSSHClientInfo ) of object; property BeforeShellConnect: TScBeforeShellConnect; Description Occurs before opening a new shell session. Parameters: Sender - the object that raised the event;
190
ClientInfo - holds information about the current connection state. See Also TScSSHShell
15.38.4.7 TScSSHServer.OnChannelError
type TScChannelError = procedure(Sender: TObject; ChannelInfo: TScSSHChannelInfo ; E: Exception) of object; property OnChannelError: TScChannelError; Description This event occurs on errors that arise in SSH channel thread. The event handler is called in the thread in w hich the E xception arose. Parameters: Sender - the object that raised the exception; ChannelInfo - holds an information about the current SSH channel; E - the object that describes the exception.
15.38.4.8 TScSSHServer.OnClientError
type TScClientError = procedure(Sender: TObject; ClientInfo: TScSSHClientInfo ; E: Exception) of object; property OnClientError: TScClientError; Description This event occurs on errors that arise in SSH client thread. The event handler is called in the thread in w hich the E xception arose. Parameters: Sender - the SSH server that raised the exception; ClientInfo - holds an information about the current connection; E - the object that describes the exception.
15.38.4.9 TScSSHServer.OnDataFromClient
type TScData = procedure(Sender: TObject; ChannelInfo: TScSSHChannelInfo ; const Buffer: TBytes; const Offset, Count: Longint) of object; property OnDataFromClient: TScData; Description Occurs w hen a new data chunk from the client is received end decrypted. Parameters:
191
Sender - the object that raised the event; ChannelInfo - holds an information about the current SSH channel; Buffer - points to the buffer that contains received data; Offset - zero-based byte offset in Buffer that indicates location of the received data; Count - length of the received data.
See Also OnDataToClient

15.38.4.10 TScSSHServer.OnDataToClient
type TScData = procedure(Sender: TObject; ChannelInfo: TScSSHChannelInfo ; const Buffer: TBytes; const Offset, Count: Longint) of object; property OnDataToClient: TScData; Description This event occurs after a data chunk is received from the host w ith w hich connection is established in the current channel, and before the data w ill be encrypted and sent to SSH an client. Parameters: Sender - the object that raised the event; ChannelInfo - holds an information about the current SSH channel; Buffer - points to the buffer that contains data to be transferred; Offset - zero-based byte offset in Buffer that indicates location of the data to be encrypted and transferred ; Count - length of the data to be transferred. See Also OnDataFromClient
15.38.4.11 TScSSHServer.OnError
type TScError = procedure(Sender: TObject; E: Exception) of object; property OnError: TScError; Description This event occurs, if an error arise in the main thread of TScSSHServer. E vent handler is called in the same thread w here the exception arose. Parameters: Sender - the object that raised the exception; E - the object that describes the exception. See Also Active
192
15.39 TScSSHShell
15.39.1 Description
Unit ScSSHChannel Description TScSSHShell is responsible for opening the shell on remote side. Usually, there is only one shell logical connection established during secure session. Physically secure connection is provided by SSH client that can be assigned to the Client property. There are tw ow ays to use this component. The first w ay is to execute a command w ith the E xecuteCommand method. The second w ay is connection in NonBlocking mode. Set NonBlocking to True, connect to the server, send commands to the server using the WriteString method. The OnAsyncReceive event notifies that some data from the server w as received. Use the ReadString method to read it. See Also TScSSHClient SSHShell demo
193
15.39.2 Properties
15.39.2.1 TScSSHShell.Environment
property Environment: TStrings; Description This property should contain a list of environment variables in format of Variable=Value. These variables are sent to the server on connect.
194
15.39.3 Methods
15.39.3.1 TScSSHShell.ExecuteCommand
function ExecuteCommand(const Command: string): string; Description E xecutes Command on the server. E xecuteCommand establishes the logical connection to the SSH server and sends a command execution inquiry. If NonBlocking mode is not enabled, the method w aits until the command is executed, and then returns a result. After the result is obtained, connection to the server is closed. So, this method can execute only one command w ithin a connection. In NonBlocking mode the method immediately returns an empty string, and does not w ait until the command is executed. The command execution result can be obtained w ith the ReadString or ReadBuffer method. The result of the E xecute method is tightly related to the SSH server that executes the command. An alternative w ay to execute commands remotely is calling the WriteString and WriteBuffer methods. See Also NonBlocking ReadString WriteString
15.39.3.2 TScSSHShell.ReadString
function ReadString: string; Description The ReadBuffer method reads the result of a command executed by the WriteString method. In NonBlocking mode the result can be read after the OnAsyncReceive event arises. See Also ReadBuffer WriteString
15.39.3.3 TScSSHShell.WriteString
procedure WriteString(const Buffer: string); Description Use the WriteString method to send a command w ith parameters to the server. The command is passed through an existent connection and executed remotely. The line feed symbol must conclude the command. The result of the command execution can be obtained by the ReadString and ReadBuffer methods. Note: If the NonBlocking property is True, the function returns control immediately. Data is transferred asynchronously. The OutCount indicates size of the data that is w aiting for sending to the server. See Also ReadString WriteBuffer
195
15.40 TScSSLClient
15.40.1 Description
Unit ScSSLClient Description TScSSLClient is a component that implements functionality of the SSL client. TScSSLClient connects to an application supporting the SSL protocol to w hich point the HostName and Port properties. When you connect to a server that supports SSL, data w ill be transferred in a plain form until you sw itch IsSecure to True. To establish secure connection through SSL, you can use the follow ing parameters: security protocol kind; encryption and data integrity algorithms to encrypt the data to be transferred; the client certificate. To exchange data, you should use the ReadBuffer and WriteBuffer methods. See Also Connected IsSecure
196
15.40.2 Properties
15.40.2.1 TScSSLClient.CACertName
property CACertName: string; Description Specifies the server CA certificate name that is stored in Storage. CA certificate is used to authenticate the server through SSL. From the server comes a certificate w hen authenticating. This certificate must be signed by the specified CA certificate. If received certificate is not signed by the CA certificate, the Accept parameter w ill be set to False in the OnServerCertValidate . If the server certificate is signed by the CA certificate, Accept w ill be set to True. If the certificate w ith the name specified in CACertName w as not found, an exception is raised. See Also OnServerCertValidate
15.40.2.2 TScSSLClient.CertName
property CertName: string; Description Specifies the client certificate name that is stored in Storage. The client certificate is used to authenticate the client by the server. It must be signed by CACertName, and must have a private key ( TScCertificate.Key.IsPrivate is True). If the specified certificate w as not found in the storage and the SSL server requires the client certificate for authentication, secure connection w ill not be established. Note: If CertName is not specified, the certificate is searched by HostName. See Also CACertName
15.40.2.3 TScSSLClient.CipherSuites
property CipherSuites: TScSSLCipherSuites ; Description The CipherSuites property holds a list of acceptable algorithms that can be used for encrypting and support integrity of the data transferred betw een the client and the server through a secure connection. See Also IsSecure
197
15.40.2.4 TScSSLClient.Connected
property Connected: Boolean; Description Determines w hether the connection to an SSL server is established. Sw itch it to True, to establish connection to an SSL server. Sw itch it to False, to close the connection. See Also Connect Disconnect
15.40.2.5 TScSSLClient.ConnectionInf o
property ConnectionInfo: TScSSLConnectionInfo ; Description Holds information about the current connection. ConnectionInfo is initialized after the client is authenticated by a server. See Also IsSecure
15.40.2.6 TScSSLClient.HostName
property HostName: string; Description Host name to connect to the server through SSL. See Also Port Connected
15.40.2.7 TScSSLClient.InCount
property InCount: integer; Description Determines data size received from the server in NonBlocking mode. This data can be obtained using the ReadBuffer method. See Also NonBlocking
15.40.2.8 TScSSLClient.IsSecure
property IsSecure: Boolean; Description Determines w hether the connection to SSL server is protected.
198
When you connect to a server that supports SSL, data w ill be transferred in a plain form until you sw itch IsSecure to True. Sw itching it to False closes the connection. See Also Protocols
15.40.2.9 TScSSLClient.NonBlocking
property NonBlocking: Boolean; Description Use this property to determine w hat data transferring mode w ill be used: synchronous or asynchronous. If NonBlocking is True, the WriteBuffer method w ill not block the main application thread in the application. The data is transferred in asynchronous mode. When data is received from the server, the OnAsyncReceive event w ill arise. See Also InCount OutCount OnAsyncReceive OnAsyncE rror
15.40.2.10 TScSSLClient.OutCount
property OutCount: Integer; Description Determines data size that is w aiting for sending to the server. Note, that this property has a sense only if the NonBlocking property is set to True. See Also NonBlocking
15.40.2.11 TScSSLClient.Port
property Port: integer; Description Specifies the port number for TCP/IP connection w ith the SSL server. See Also HostName Connected
15.40.2.12 TScSSLClient.Protocols
type TScSSLProtocol = (spSsl3, spTls1); TScSSLProtocols = set of TScSSLProtocol;

199
property Protocols: TScSSLProtocols; Description Specifies supported security protocols. The default value is [spSsl3, spTls1]. If you change the Protocol value to [spSsl3], the client w ill not support the TLS 1.0 protocol. If only spTls1 is in set, the client w ill support both SSL 3.0 an TLS 1.0. But SSL 3.0 w ill be used only if the server refuses to connnect through TLS 1.0. See Also IsSecure
15.40.2.13 TScSSLClient.Storage
property Storage: TScStorage; Description This property is used to access certificate list in the linked storage. If Storage is not assigned, an exception w ill be raised on connect. See Also CACertName CertName
15.40.2.14 TScSSLClient.Timeout
property Timeout: integer; Description Determines the time interval in seconds during w hich the client w ill w ait for data from the server w hen reading by the ReadBuffer method, or passing data to the server by the WriteBuffer method. After the time has expired, methods return the result and control to the program. The default value is 0. See Also ReadBuffer WriteBuffer
200
15.40.3 Methods
15.40.3.1 TScSSLClient.Connect
procedure Connect; Description E stablishes connection to the specified SSL server. Connect sets the Connected property to True. See Also Disconnect AfterConnect BeforeConnect
15.40.3.2 TScSSLClient.Disconnect
procedure Disconnect; Description Closes an existent connection to the SSL server. Disconnect sets the Connected property to False. See Also Connect AfterDisconnect BeforeDisconnect
15.40.3.3 TScSSLClient.ReadBuf f er
{$IFNDEF CLR} function ReadBuffer(var Buffer; const Count: Longint): Longint; overload; {$ENDIF} function ReadBuffer(var Buffer: TBytes; const Offset, Count: Longint): Longint; overload; Description Call ReadBuffer to read Count bytes from the stream into Buffer. ReadBuffer returns bytes count that w as actually read. If size of the received data is less than Count bytes, ReadBuffer w aits during amount of time specified in Timeout, and then returns control. Note: If the NonBlocking property is True, the OnAsyncReceive event arises w hen data from server is received. The InCount property indicates the size of received data. See Also NonBlocking Timeout WriteBuffer
201
15.40.3.4 TScSSLClient.WriteBuf f er
{$IFNDEF CLR} function WriteBuffer(const Buffer; const Count: Longint): Longint; overload; {$ENDIF} function WriteBuffer(const Buffer: TBytes; const Offset, Count: Longint): Longint; overload; Description WriteBuffer passes Count bytes from Buffer through an existent connection. The function returns bytes count that w as actually passed. Note: If the NonBlocking property is True, the function returns control immediately. Data is transferred asynchronously. The OutCount parameter indicates the size of the data that is w aiting to be sent to the server. See Also NonBlocking ReadBuffer Timeout
202
15.40.4 Events
15.40.4.1 TScSSLClient.Af terConnect
property AfterConnect: TNotifyEvent; Description Occurs after a connection to an SSL server is established. See Also AfterDisconnect BeforeConnect BeforeDisconnect Connected
15.40.4.2 TScSSLClient.Af terDisconnect
property AfterDisconnect: TNotifyEvent; Description Occurs after the connection to an SSL server becomes closed. See Also AfterConnect BeforeConnect BeforeDisconnect Connected
15.40.4.3 TScSSLClient.Bef oreConnect
property BeforeConnect: TNotifyEvent; Description Occurs immediately before establishing a connection to an SSL server. See Also AfterConnect AfterDisconnect BeforeDisconnect Connected
15.40.4.4 TScSSLClient.Bef oreDisconnect
property BeforeDisconnect: TNotifyEvent; Description Occurs immediately before the connection to an SSL server becomes closed. See Also AfterConnect AfterDisconnect BeforeConnect Connected
203
15.40.4.5 TScSSLClient.OnAsyncError
type TScAsyncError = procedure (Sender: TObject; E: Exception) of object; property OnAsyncError: TScAsyncError; Description Occurs w hen an exception is raised during asynchronous data receiving or transferring. Sender is an object that raised the exception. E is the exception object that describes the exception. Note: This event occurs only if NonBlocking is True. See Also NonBlocking
15.40.4.6 TScSSLClient.OnAsyncReceive
type TScAsyncReceive = procedure(Sender: TObject) of object; property OnAsyncReceive: TScAsyncReceive; Description Occurs if data w as received from the server in asynchronous mode. The data can be read w ith the ReadBuffer method. The InCount property indicates size of the received data. Note: This event occurs only if NonBlocking is True. See Also NonBlocking
15.40.4.7 TScSSLClient.OnServerCertValidate
type TScServerCertValidate = procedure(Sender: TObject; ServerCertificate: TScCertificate ; var Accept: boolean) of object; property OnServerCertValidate: TScServerCertValidate; Description Occurs w hen the server certificate is received from the server. When authenticating an SSL server, from the server comes a certificate that must be signed by the specified CA certificate. If received certificate is not signed by the CA certificate, the Accept parameter w ill be set to False in the OnServerCertValidate. If the server certificate is signed by the CA certificate, Accept w ill be set to True in the OnServerCertValidate event. A handler of this event can perform additional verifications to authenticate the server. If you trust the server, set the Accept to True and the connection w ill be established. Parameters: Sender
- the object that raised the event;

204
- the server certificate received from the server; ServerCertificate - SecureBridge determines the value of the Accept parameter and passes it into Accept this event. You can change the Accept value w ithin this event handler. If Accept is set to True, the server is considered valid, and the server authentication is considered successful. Otherw ise, the server is considered invalid, and the connection is closed.
See Also IsSecure
205
15.41 TScStorage
15.41.1 Description
Unit ScBridge Description TScStorage is an abstract class that describes the interface for storing asymmetric keys, certificates and users of TScSSHServer . See also TScFileStorage TScRegStorage TScCryptoAPIStorage TScCertificate TScKey TScUser
206
15.41.2 Properties
15.41.2.1 TScStorage.Certif icates
property Certificates: TScCertificateList ; Description Lists all certificate objects of the Storage. Accessing certificates w ith the Certificates property is useful for applications that iterate over some or all certificates in a storage.
15.41.2.2 TScStorage.Keys
property Keys: TScKeyList; Description Lists all key objects of the Storage. Accessing keys w ith the Keys property is useful for applications that iterate over some or all keys in a storage.
15.41.2.3 TScStorage.Users
property Users: TScUserList; Description Lists all user objects of the Storage. Accessing users w ith the Users property is useful for applications that iterate over some or all users in a storage.
15.41.2.4 TScStorage.ReadOnly
property ReadOnly: Boolean; Description Determines w hether the storage content can be changed. Set the ReadOnly property to True to forbid removing, adding, and changing objects in the storage. Set the ReadOnly property to False to allow edit the storage.
207
15.41.3 Methods
15.41.3.1 TScStorage.DeleteStorage
procedure DeleteStorage; virtual; Description Physically deletes the storage and all its contents (keys, certificates, user list).
208
15.41.4 Events
15.41.4.1 TScStorage.OnCheckUserPass
type TScCheckUserPass = procedure(ClientInfo: TScSSHClientInfo ; const Password: string; var Accept: Boolean) of object; property OnCheckUserPass: TScCheckUserPass; Description The OnCheckUserPass event arises w hen the passw ord authentication is demanded on the server. The server previously verifies the given user and passw ord in the Storage and specifies the value for the Accept parameter. If you w ant to grant or deny access for the current connection attempt, you should change the Accept parameter value. Parameters: ClientInfo - the information about the user to be authenticated; ord to be verified; Password - a user passw ed to connect to the server, otherw ise the user Accept - if Accept is set to True, the user is allow is not allow ed to connect to the server. See also TScUser
15.41.4.2 TScStorage.OnCheckUserKey
type TScCheckUserKey = procedure(ClientInfo: TScSSHClientInfo ; Key: TScKey; var Accept: Boolean) of object; property OnCheckUserKey: TScCheckUserKey; Description The OnCheckUserKey event arises w hen the authentication by the public key is demanded on the server. The server previously verifies the given user and key in the Storage and specifies the value for the Accept parameter. If you w ant to grant or deny access for the current connection attempt, you should change the Accept parameter value. Parameters: ClientInfo - the information about the user to be authenticated; Key - a user public key to be verified; ed to connect to the server, otherw ise the user Accept - if Accept is set to True, the user is allow is not allow ed to connect to the server. See also TScUser
209
15.42 TScUser
15.42.1 Description
Unit ScBridge Description TScUser holds data about a user. This data is used by SSH server w hen the SSH client authentication is performed. To store a user list in a the Storage, use the UserList property. See Also TScStorage
210
15.42.2 Properties
15.42.2.1 TScUser.Authentications
type TScUserAuthentication = (uaPublicKey, uaPassword, uaOSAuthentication); TScUserAuthentications = set of TScUserAuthentication; property Authentications: TScUserAuthentications; Description The Authentications property contains available authentication methods.
Value uaPublicKey
Meaning Determines w hether the connecting by key is allow ed. If the Authentications property does not contain this value, the Key property is nil. When this value is added, the TScKey object is created automatically, w hen it is removed, the Key is freed. Determines w hether the connecting by passw ord is allow ed. In this case the passw ord is obtained from the Passw ord property. Determines w hether the connecting by passw ord is allow ed. In this case the system passw ord is used. The Passw ord property can be empty.
uaPassword
uaOSAuthentication
Note: If both uaPassword and uaOSAuthentication values are in the set, at first the passw ord from the Passw ord property is used. If the authentication fails, then the system passw ord is used.
15.42.2.2 TScUser.Key
property Key: TScKey; Description The key property Key holds the public key of the user that is used for authentication by key. The authentication by key is possible if the Authentications property includes the uaPublicKey value. Note: If the Authentications property does not include the uaPublicKey value, the Key is nil. See Also Authentications
15.42.2.3 TScUser.Password
property Password: string; Description The Passw ord property holds the passw ord that is used for passw ord authentication. The authentication by key is possible if the Authentications property includes the uaPassw ord value.
211
See Also Authentications

15.42.2.4 TScUser.UserList
property UserList: TScUserList; Description UserList is used for automatic loading and saving the information about user in the Storage. See Also UserName UserList.Storage
15.42.2.5 TScUser.UserName
property UserName: string; Description UserName is used for authentication, and for automatic loading and saving data in the UserList. See Also TScStorage
212
15.42.3 Methods
15.42.3.1 TScUser.BeginUpdate
procedure BeginUpdate; Description BeginUpdate prevents changed data from saving to Storage until the E ndUpdate method is called. Use BeginUpdate for improving the performance of you application. It w ill prevent data from rew riting it to the Storage each time w hen a property has been changed. This is useful if you are going to change multiple properties of TScUser. See Also E ndUpdate
15.42.3.2 TScUser.EndUpdate
procedure EndUpdate; Description Use E ndUpdate to save changed data to the Storage and cancel the mode that w as enabled by the BeginUpdate. See Also BeginUpdate
213
15.43 TScUserList
15.43.1 Description
Unit ScBridge Description TScUserList is used by a storage to manage the user objects that correspond to users in the storage. This class is used for storing the user list on the server. Use the properties and methods of TScUserList to: Access a specific user. Add a new user object or delete persistent user objects from the list. Find out how many users there are. See also TScUser
214
15.43.2 Properties
15.43.2.1 TScUserList.Count
property Count: Integer; Description Use Count to determine the number of users referenced by the TScUserList object. See Also Users
15.43.2.2 TScUserList.Users
property Users[Index: Integer]: TScUser; default; Description Use Users to obtain a pointer to a specific user. The Index parameter indicates the index of the user, w here 0 is the index of the first user, 1 is the index of the second user, and so on. Set Users to assign the properties of another user object to one of the users in the list. Use Users w ith the Count property to iterate through all of the users in the list. See Also Count
15.43.2.3 TScUserList.Storage
property Storage: TScStorage; Description Check the value of the Storage property to determine the storage that is associated w ith the TScUserList object. Applications should not directly assign the Storage property of a UserList. It is assigned automatically w hen the UserList is created. See Also TScStorage
215
15.43.3 Methods
15.43.3.1 TScUserList.Add
procedure Add(User: TScUser); Description Inserts a new user to the end of the Users array. At that the UserList property of User is replaced to the current TScUserList object and information about the User is saved to the Storage. See Also TScUser
15.43.3.2 TScUserList.CheckUserName
procedure CheckUserName( const UserName: string); Description Checks for the user specified by UserName in the Users property array. If the user w ith the specified name is already listed, CheckUserName raises an E ScE rrorexception w ith a duplicate user name error message. See Also Users E ScE rror
15.43.3.3 TScUserList.Clear
procedure Clear; Description Deletes all users from the TScUserList object. Clear empties the Users property array, frees the memory used to store the array and delete the users from the Storage. See Also Users
15.43.3.4 TScUserList.FindUser
function FindUser(const UserName: string): TScUser; Description Call FindUser to determine if a specified user is referenced in the TScUserList object. UserName is the name of the user for w hich to search. If FindUser finds a user w ith a matching name, it returns the TScUser object for the specified user. Otherw ise it returns nil. Note: FindUser differs from the UserByName method only w hen the named user is not in the list. When the user is not found, FindUser returns nil, w hile UserByName raises an exception. See also UserByName
216
15.43.3.5 TScUserList.UserByName
function UserByName(const UserName: string): TScUser; Description Call UserByName to determine if a specified user is referenced in the TScUserList object. UserName is the name of the user for w hich to search. If UserByName finds a user w ith a matching name, it returns the TScUser object for the specified user. Otherw ise it raises an exception. Note: UserByName differs from the FindUser method only w hen the named user is not in the list. When the user is not found, FindUser returns nil, w hile UserByName raises an exception. See also FindUser
15.43.3.6 TScUserList.GetUserNames
procedure GetUserNames(List: TStrings); Description Call GetUserNames to fill the List w ith the user names for all users in the users object. List is a TStrings descendant created and maintained by the application. See also TScUser
15.43.3.7 TScUserList.IndexOf
function IndexOf(User: TScUser): Integer; Description Call IndexOf to get the index for a user in the Users array. Specify the user as the User parameter. The first user in the array has index 0, the second user has index 1, and so on. If a user is not in the Users array, IndexOf returns -1. See also TScUser
15.43.3.8 TScUserList.Remove
procedure Remove(User: TScUser); Description Deletes the reference to the User parameter from the Users array and delete the user from the Storage. After a user is removed, all of the items that follow it are moved up in index position and the Count is reduced by one. See also TScUser
217
15.43.3.9 TScUserList.Ref resh
procedure Refresh; Description Reloads the Users list from the Storage. See also Storage.Users
218
16 SecureBridge Object and Component Listing by Unit

16.1 ScBridge
16.1.1 Clas s es
ScBridge unit implements the follow ing classes: TScCollection TScSSHCipherItem TScSSHCiphers TScSSHHostKeyAlgorithmItem TScSSHHostKeyAlgorithms TScKey TScKeyList TScUser TScUserList TScStorage TScFileStorage TScRegStorage TScSSHConnectionInfo TScSSHClientInfo TScSSHChannelInfo TScOid TScDistinguishedName TScCertE xtension TScCertBasicConstraintsE xtension TScCertE nhancedKeyUsageE xtension TScCertKeyUsageE xtension TScCertificate TScCertificateList
219
16.2 ScCryptoAPIStorage
16.2.1 Clas s es
ScCryptoAPIStorage unit implements the follow ing classes: TScCryptoAPIStorage
220
16.3 ScIndy
16.3.1 Clas s es
ScIndy unit implements the follow ing classes: TScIdIOHandler
221
16.4 ScRNG
16.4.1 Clas s es
ScRNG unit implements the follow ing classes: TScRandom TScRandom_LFSR
222
16.5 ScSFTPClient
16.5.1 Clas s es
ScSFTPClient unit implements the follow ing classes: TScSFTPClient TScSFTPServerProperties
223
16.6 ScSFTPUtils
16.6.1 Clas s es
ScSFTPUtils unit implements the follow ing classes: E ScSFTPE rror TScCheckFileReplyE xtension TScSFTPACE Item TScSFTPCustomE xtension TScSFTPE xtension TScSFTPFileAttributes TScSFTPFileInfo TScSFTPSupportedAclE xtension TScSFTPSupportedE xtension TScSFTPVendorE xtension TScSFTPVersionsE xtension TScFilenameTranslationControlE xtension TScSpaceAvailableReplyE xtension
224
16.7 ScSSHChannel
16.7.1 Clas s es
ScSSHChannel unit implements the follow ing classes: TScSSHCustomChannel TScSSHChannel TScSSHStream TScSSHShell
225
16.8 ScSSHClient
16.8.1 Clas s es
ScSSHClient unit implements the follow ing classes: TScSSHClient TScSSHClientOptions
226
16.9 ScSSLClient
16.9.1 Clas s es
ScSSLClient unit implements the follow ing classes: TScSSLClient TScSSLConnectionInfo TScSSLCipherSuiteItem TScSSLCipherSuites
227
16.10 ScSSHServer
16.10.1 Clas s es
ScSSHServer unit implements the follow ing classes: TScSSHServer TScSSHServerOptions
228
16.11 ScSSHUtil
16.11.1 Clas s es
ScSSHUtil unit implements the follow ing classes and types: E ScE rror TScSymmetricAlgorithm TScSymmetricAlgorithms TScHashAlgorithm TScHashAlgorithms TScAsymmetricAlgorithm TScAsymmetricAlgorithms
229
Index
-AAccessTime 132 TScSFTPFileAttributes 132 AceFlags 99 TScSFTPACE Item 99 AceM ask 99 TScSFTPACE Item 99 ACE s 132 TScSFTPFileAttributes 132 AceType 99 TScSFTPACE Item 99 AclFlags 132 TScSFTPFileAttributes 132 Active 102 TScSFTPClient 102 TScSSHServer 183 Add TScCertificateList 56 TScKeyList 86 TScUserList 215 AfterChannelDisconnect TScSSHServer 188 AfterClientConnect TScSSHServer 188 AfterClientDisconnect TScSSHServer 189 AfterConnect TScSSHClient 173 TScSSLClient 202 AfterDisconnect TScSSHClient 173 TScSSLClient 202 AfterShellDisconnect TScSSHServer 188 Algorithm 74, 97 TScFileStorage 74 TScKey 78 TScRegStorage 97 AllocationSize 133 TScSFTPFileAttributes 133 AsString TScSFTPVersionsE xtension 156 Attributes 142
TScSFTPFileInfo 142 Attrs 133 TScSFTPFileAttributes 133 Authentication TScSSHClient 167 Authentications TScSSHServer 183 TScUser 210
- BBeforeChannelConnect TScSSHServer 189 BeforeConnect TScSSHClient 173 TScSSLClient 202 BeforeDisconnect TScSSHClient 173 TScSSLClient 202 BeforeShellConnect TScSSHServer 189 BeginUpdate TScUser 212 BitCount 78 TScKey 78 Block TScSFTPClient 105 BytesAvailableToUser TScSpaceAvailableReplyE xtension 158 BytesOnDevice TScSpaceAvailableReplyE xtension 158 BytesPerAllocationUnit TScSpaceAvailableReplyE xtension 158
-CCACertName TScSSLClient 196 CertificateAuthority 41 TScCertBasicConstraintsE xtension 41 CertificateByName TScCertificateList 56 CertificateList 47 TScCertificate 47 Certificates TScCertificateList 55 TScStorage 206
Index
230
CertLocation 66 TScCryptoAPIStorage 66 CertName 47 TScCertificate 47 TScSSLClient 196 CertProviderType 66 TScCryptoAPIStorage 66 CertStoreName 67 TScCryptoAPIStorage 67 ChangeAttrTime 134 TScSFTPFileAttributes 134 CheckCertificateName TScCertificateList 56 CheckFile TScSFTPClient 106 CheckFileByHandle TScSFTPClient 106 CheckKeyName TScKeyList 86 CheckUserName TScUserList 215 Ciphers TScSSHServer 183 CiphersClient TScSSHClient 167 CiphersServer TScSSHClient 167 CipherSuites TScSSLClient 196 Clear TScCertificateList 56 TScKeyList 86 TScObjList 90 TScUserList 215 Client TScIdIOHandler 76 TScSSHCustomChannel 176 ClientInfo TScSSHClient 168 CloseHandle TScSFTPClient 107 Connect TScSSHClient 172 TScSSHCustomChannel 178 TScSSLClient 200 Connected TScSSHChannel 160 TScSSHClient 168
TScSSHCustomChannel 176 TScSSLClient 197 Connection timeout 7 ConnectionInfo TScSSLClient 197 CopyRemoteFile TScSFTPClient 107 Count 70 TScCertificateList 55 TScDistinguishedName 70 TScKeyList 85 TScObjList 89 TScUserList 214 CreateLink TScSFTPClient 107 CreateTime 135 TScSFTPFileAttributes 135 Critical 45 TScCertE xtension 45
-DData 130 TScSFTPE xtension 130 Decrypt TScCertificate 51 TScKey 80 DeleteStorage TScStorage 207 DestHost TScSSHChannel 160 DestPort TScSSHChannel 160 Direct TScSSHChannel 160 Disconnect TScSFTPClient 108 TScSSHClient 172 TScSSHCustomChannel 178 TScSSLClient 200 DoTranslate 72 DoTranslate 72 TScFilenameTranslationControlE xtension 72 Dow nloadFile TScSFTPClient 108
231
-EE ncrypt TScCertificate 51 TScKey 80 E ndUpdate TScUser 212 E nhancedKeyUsages 43 TScCertE nhancedKeyUsageE xtension 43 E nvironment TScSSHShell 193 E OF 102 TScSFTPClient 102 E quals TScCertificate 51 TScKey 80 E rrorCode 39 E ScSFTPE rror 39 E ScE rror 37 E ScSFTPE rror 38 E rrorCode 39 E xecuteCommand TScSSHShell 194 E xportTo TScCertificate 51 TScKey 80 E xtendedAttributes 135 TScSFTPFileAttributes 135 E xtensions 47 TScCertificate 47
FindUser TScUserList 215 Flush TScObjList 90 FriendlyName 92 TScOid 92
-GGatew ayPorts TScSSHChannel 161 Generate TScKey 81 GetCertificateNames TScCertificateList 57 GetFingerprint TScCertificate 52 TScKey 82 GetKeyNames TScKeyList 87 GetProviderNames TScCryptoAPIStorage 68 GetUserNames TScUserList 216 GID 136 TScSFTPFileAttributes 136 Group 136 TScSFTPFileAttributes 136
- HHashAlgorithm 64 TScCheckFileReplyE xtension 64 Hashes 64 TScCheckFileReplyE xtension 64 HashesCount 64 TScCheckFileReplyE xtension 64 HasPathLengthConstraint 41 TScCertBasicConstraintsE xtension 41 HostKeyAlgorithms TScSSHClient 168 TScSSHServer 183 HostKeyName TScSSHClient 168 HostName 169 TScSSHClient 169 TScSSLClient 197
-FFilename 142 TScSFTPFileInfo 142 FilenameCharset 144 TScSFTPServerProperties 144 FilenameCharsetAvailable 144 TScSFTPServerProperties 144 FileType 135 TScSFTPFileAttributes 135 FindCertificate TScCertificateList 57 FindKey TScKeyList 86
Index
232
- IImportFrom TScCertificate 52 TScKey 82 InCount TScSSHChannel 161 TScSSHCustomChannel 176 TScSSLClient 197 IndexOf TScCertificateList 57 TScKeyList 87 TScUserList 216 Initialize TScSFTPClient 108 IsPrivate 78 TScKey 78 IsSecure TScSSLClient 197 Issuer 47 TScCertificate 47 IssuerName 48 TScCertificate 48 IsSupportedBlockSet TScSFTPSupportedE xtension 152 IsSupportedOpenBlockSet TScSFTPSupportedE xtension 152
TScKeyList 85 TScStorage 206 KeyStorage 169 TScSSHClient 169 KeyUsages 60 TScCertKeyUsageE xtension 60
-LLinkCount 136 TScSFTPFileAttributes 136 Longname 142 TScSFTPFileInfo 142
-MM akeDirectory TScSFTPClient 109 M axReadSize TScSFTPSupportedE xtension 150 M imeType 136 TScSFTPFileAttributes 136 M odifyTime 137 TScSFTPFileAttributes 137
- NName 70, 128 TScDistinguishedName 70 TScSFTPCustomE xtension 128 Names 70 TScDistinguishedName 70 New line 144 TScSFTPServerProperties 144 New lineAvailable 144 TScSFTPServerProperties 144 NonBlocking 102 TScSFTPClient 102 TScSSHChannel 161 TScSSHCustomChannel 176 TScSSLClient 198 NotAfter 48 TScCertificate 48 NotBefore 48 TScCertificate 48
-KKey 48 TScCertificate 48 TScUser 210 KeyByName TScKeyList 86 KeyList 78 TScKey 78 KeyName 79 TScKey 79 KeyNameDSA TScSSHServer 184 KeyNameRSA TScSSHServer 184 KeyPath 97 TScRegStorage 97 Keys
233
-OOid 45 TScCertE xtension 45 OnAsyncE rror TScSSHCustomChannel TScSSLClient 203 OnAsyncReceive TScSSHCustomChannel TScSSLClient 203 OnBanner TScSSHClient 174 OnChannelE rror TScSSHServer 190 OnCheckUserKey TScStorage 208 OnCheckUserPass TScStorage 208 OnClientE rror TScSSHServer 190 OnConnect TScSFTPClient 120 TScSSHCustomChannel OnCreateLocalFile TScSFTPClient 120 OnData TScSFTPClient 120 OnDataFromClient TScSSHServer 190 OnDataToClient TScSSHServer 191 OnDirectoryList TScSFTPClient 121 OnDisconnect TScSFTPClient 121 TScSSHCustomChannel OnE rror TScSFTPClient 121 TScSSHChannel 165 TScSSHServer 191 OnFileAttributes TScSFTPClient 122 OnFileName TScSFTPClient 122 OnOpenFile TScSFTPClient 123 OnReplyCheckFile 180
180
180
TScSFTPClient 123 OnReplyE xtension TScSFTPClient 123 OnReplySpaceAvailable TScSFTPClient 124 OnServerCertValidate TScSSLClient 203 OnServerKeyValidate TScSSHClient 174 OnSetRemoteFileAttributes TScSFTPClient 124 OnSocketConnect TScSSHChannel 165 OnSocketDisconnect TScSSHChannel 165 OnSuccess TScSFTPClient 125 OnVersionSelect TScSFTPClient 125 OpenDirectory TScSFTPClient 109 OpenFile TScSFTPClient 109 Options TScSSHClient 169 TScSSHServer 184 OutCount TScSSHChannel 161 TScSSHCustomChannel 177 TScSSLClient 198 Ow ner 137 TScSFTPFileAttributes 137
- P180 Passw ord 74, 97 TScFileStorage 74 TScRegStorage 97 TScSSHClient 170 TScUser 210 Path 74 TScFileStorage 74 PathLengthConstraint 41 TScCertBasicConstraintsE xtension 41 Permissions 137 TScSFTPFileAttributes 137 Port TScSSHClient 170
Index
234
Port TScSSHServer 185 TScSSLClient 198 PrivateKeyName TScSSHClient 171 ProductBuildNumber TScSFTPVendorE xtension 154 ProductName TScSFTPVendorE xtension 154 ProductVersion TScSFTPVendorE xtension 154 Protocols 198 TScSSLClient 198 ProviderName 67 TScCryptoAPIStorage 67
-QQueryAvailableSpace TScSFTPClient 112 QueryUserHomeDirectory TScSFTPClient 113
- RRaiseE rror TScSFTPSupportedE xtension 150 Random TScRandom 94 Randomize TScRandom 94 Raw Data 45 TScCertE xtension 45 ReadBlockSize 103 TScSFTPClient 103 ReadBuffer TScSSHChannel 163 TScSSHCustomChannel 178 TScSSLClient 200 ReadDirectory TScSFTPClient 113 ReadFile TScSFTPClient 113 ReadOnly TScStorage 206 ReadString TScSSHCustomChannel 178
TScSSHShell 194 ReadSymbolicLink TScSFTPClient 114 Ready 49, 79 TScCertificate 49 TScKey 79 Refresh TScCertificateList 58 TScKeyList 87 TScObjList 90 TScUserList 217 Remote TScSSHChannel 162 Remove TScCertificateList 58 TScKeyList 87 TScUserList 216 RemoveDirectory TScSFTPClient 114 RemoveFile TScSFTPClient 114 RenameFile TScSFTPClient 115 RequestE xtension TScSFTPClient 115 RetrieveAbsolutePath TScSFTPClient 116 RetrieveAttributes TScSFTPClient 116 RetrieveAttributesByHandle TScSFTPClient 117 RootKey 97 TScRegStorage 97
-SScBridge classes 218 ScCryptoAPIStorage classes 219 ScIndy classes 220 ScRNG classes 221 ScSFTPClient classes 222 ScSFTPUtils classes 223
235
ScSSHChannel classes 224 ScSSHClient classes 225 ScSSHServer classes 227 ScSSHUtil classes 228 ScSSLClient classes 226 SendToClient TScSSHServer 187 SerialNumber 49 TScCertificate 49 ServerProperties 103 TScSFTPClient 103 ServerVersion 103 TScSFTPClient 103 TScSSHServer 186 SetAttributes TScSFTPClient 117 SetAttributesByHandle TScSFTPClient 118 Sign TScCertificate 52 TScKey 83 SignatureAlgorithm 49 TScCertificate 49 Size 138 TScSFTPFileAttributes 138 SourcePort TScSSHChannel 162 SSH_tunnel_principles 159 SSHClient 102 TScSFTPClient 102 SSHStream TScSSHChannel 162 Storage 199 TScCertificateList 55 TScKeyList 85 TScObjList 89 TScSSHServer 186 TScSSLClient 199 TScUserList 214 Subject 49 TScCertificate 49 SubjectKeyIdentifier 62 TScCertSubjectKeyIdE xtension 62
SubjectName 49 TScCertificate 49 SupportedAccessM ask TScSFTPSupportedE xtension 150 SupportedAcls 145 TScSFTPServerProperties 145 TScSFTPSupportedAclE xtension 148 SupportedAclsAvailable 145 TScSFTPServerProperties 145 SupportedAttribE xtensionNames TScSFTPSupportedE xtension 150 SupportedAttributeBits TScSFTPSupportedE xtension 150 SupportedAttributes TScSFTPSupportedE xtension 150 SupportedBlockM odes TScSFTPSupportedE xtension 151 SupportedE xtension 145 TScSFTPServerProperties 145 SupportedE xtensionAvailable 145 TScSFTPServerProperties 145 SupportedE xtensionNames TScSFTPSupportedE xtension 151 SupportedOpenFlags TScSFTPSupportedE xtension 151
-TTextHint 138 TScSFTPFileAttributes 138 TextSeek TScSFTPClient 118 Timeout 103 TScSFTPClient 103 TScSSHClient 171 TScSSHCustomChannel 177 TScSSHServer 186 TScSSLClient 199 TScCertBasicConstraintsE xtension 40 CertificateAuthority 41 HasPathLengthConstraint 41 PathLengthConstraint 41 TScCertE nhancedKeyUsageE xtension 42 E nhancedKeyUsages 43 TScCertE xtension 44 Critical 45 Oid 45 Raw Data 45
Index
236
TScCertificate 46 CertificateList 47 CertName 47 Decrypt 51 E ncrypt 51 E quals 51 E xportTo 51 E xtensions 47 GetFingerprint 52 ImportFrom 52 Issuer 47 IssuerName 48 Key 48 NotAfter 48 NotBefore 48 Ready 49 SerialNumber 49 Sign 52 SignatureAlgorithm 49 Subject 49 SubjectName 49 VerifySign 53 Version 50 TScCertificateList 54 Add 56 CertificateByName 56 Certificates 55 CheckCertificateName 56 Clear 56 Count 55 FindCertificate 57 GetCertificateNames 57 IndexOf 57 Refresh 58 Remove 58 Storage 55 TScCertKeyUsageE xtension 59 KeyUsages 60 TScCertSubjectKeyIdE xtension 61 SubjectKeyIdentifier 62 TScCheckFileReplyE xtension 63 HashAlgorithm 64 Hashes 64 HashesCount 64 TScCryptoAPIStorage 65 CertLocation 66 CertProviderType 66 CertStoreName 67
GetProviderNames 68 ProviderName 67 TScDistinguishedName 69 Count 70 Name 70 Names 70 ValueFromIndex 70 Values 70 TScFilenameTranslationControlE xtension 71 TScFileStorage 73 Algorithm 74 Passw ord 74 Path 74 TScIdIOHandler 75 Client 76 TScKey 48, 77 Algorithm 78 BitCount 78 Decrypt 80 E ncrypt 80 E quals 80 E xportTo 80 Generate 81 GetFingerprint 82 ImportFrom 82 IsPrivate 78 KeyList 78 KeyName 79 Ready 79 Sign 83 VerifySign 83 TScKeyList 84 Add 86 CheckKeyName 86 Clear 86 Count 85 FindKey 86 GetKeyNames 87 IndexOf 87 KeyByName 86 Keys 85 Refresh 87 Remove 87 Storage 85 TScObjList 88 Clear 90 Count 89
237
TScObjList 88 Flush 90 Refresh 90 Storage 89 TScOid 91 FriendlyName 92 Value 92 TScRandom 93 Random 94 Randomize 94 TScRandom_LFSR 95 TScRegStorage 96 Algorithm 97 KeyPath 97 Passw ord 97 RootKey 97 TScSFTPACE Item 98 AceFlags 99 AceM ask 99 AceType 99 Who 99 TScSFTPClient 101 Active 102 Block 105 CheckFile 106 CheckFileByHandle 106 CloseHandle 107 CopyRemoteFile 107 CreateLink 107 Disconnect 108 Dow nloadFile 108 E OF 102 Initialize 108 M akeDirectory 109 NonBlocking 102 OnConnect 120 OnCreateLocalFile 120 OnData 120 OnDirectoryList 121 OnDisconnect 121 OnE rror 121 OnFileAttributes 122 OnFileName 122 OnOpenFile 123 OnReplyCheckFile 123 OnReplyE xtension 123 OnReplySpaceAvailable 124 OnSetRemoteFileAttributes 124
OnSuccess 125 OnVersionSelect 125 OpenDirectory 109 OpenFile 109 QueryAvailableSpace 112 QueryUserHomeDirectory 113 ReadBlockSize 103 ReadDirectory 113 ReadFile 113 ReadSymbolicLink 114 RemoveDirectory 114 RemoveFile 114 RenameFile 115 RequestE xtension 115 RetrieveAbsolutePath 116 RetrieveAttributes 116 RetrieveAttributesByHandle 117 ServerProperties 103 ServerVersion 103 SetAttributes 117 SetAttributesByHandle 118 SSHClient 102 TextSeek 118 Timeout 103 UnBlock 118 UploadFile 119 Version 104 WriteBlockSize 104 WriteFile 119 TScSFTPCustomE xtension 127 Name 128 TScSFTPE xtension 129 Data 130 TScSFTPFileAttributes 131 AccessTime 132 ACE s 132 AclFlags 132 AllocationSize 133 Attrs 133 ChangeAttrTime 134 CreateTime 135 E xtendedAttributes 135 FileType 135 GID 136 Group 136 LinkCount 136 M imeType 136 M odifyTime 137
Index
238
TScSFTPFileAttributes 131 Ow ner 137 Permissions 137 Size 138 TextHint 138 UID 138 UntranslatedName 139 ValidAttributes 139 TScSFTPFileInfo 141 Attributes 142 Filename 142 Longname 142 TScSFTPServerProperties 143 FilenameCharset 144 FilenameCharsetAvailable 144 New line 144 New lineAvailable 144 SupportedAcls 145 SupportedAclsAvailable 145 SupportedE xtension 145 SupportedE xtensionAvailable 145 Vendor 146 VendorAvailable 146 Versions 146 VersionsAvailable 146 TScSFTPSupportedAclE xtension 147 SupportedAcls 148 TScSFTPSupportedE xtension 149 IsSupportedBlockSet 152 IsSupportedOpenBlockSet 152 M axReadSize 150 RaiseE rror 150 SupportedAccessM ask 150 SupportedAttribE xtensionNames 150 SupportedAttributeBits 150 SupportedAttributes 150 SupportedBlockM odes 151 SupportedE xtensionNames 151 SupportedOpenFlags 151 TScSFTPVendorE xtension 153 ProductBuildNumber 154 ProductName 154 ProductVersion 154 VendorName 154 TScSFTPVersionsE xtension 155 AsString 156 Versions 156 TScSpaceAvailableReplyE xtension 157
BytesAvailableToUser 158 BytesOnDevice 158 BytesPerAllocationUnit 158 UnusedBytesAvailableToUser 158 UnusedBytesOnDevice 158 TScSSHChannel 159 Connected 160 DestHost 160 DestPort 160 Direct 160 Gatew ayPorts 161 InCount 161 NonBlocking 161 OnE rror 165 OnSocketConnect 165 OnSocketDisconnect 165 OutCount 161 ReadBuffer 163 Remote 162 SourcePort 162 SSHStream 162 WriteBuffer 163 TScSSHClient 166 AfterConnect 173 AfterDisconnect 173 Authentication 167 BeforeConnect 173 BeforeDisconnect 173 CiphersClient 167 CiphersServer 167 ClientInfo 168 Connect 172 Connected 168 Disconnect 172 HostKeyAlgorithms 168 HostKeyName 168 HostName 169 KeyStorage 169 OnBanner 174 OnServerKeyValidate 174 Options 169 Passw ord 170 Port 170 PrivateKeyName 171 Timeout 171 User 171 TScSSHCustomChannel 175 Client 176
239
TScSSHCustomChannel 175 Connect 178 Connected 176 Disconnect 178 InCount 176 NonBlocking 176 OnAsyncE rror 180 OnAsyncReceive 180 OnConnect 180 OnDisconnect 180 OutCount 177 ReadBuffer 178 ReadString 178 Timeout 177 WriteBuffer 179 WriteString 163 TScSSHServer 182 Active 183 AfterChannelDisconnect 188 AfterClientConnect 188 AfterClientDisconnect 189 AfterShellDisconnect 188 Authentications 183 BeforeChannelConnect 189 BeforeShellConnect 189 Ciphers 183 HostKeyAlgorithms 183 KeyNameDSA 184 KeyNameRSA 184 OnChannelE rror 190 OnClientE rror 190 OnDataFromClient 190 OnDataToClient 191 OnE rror 191 Options 184 Port 185 SendToClient 187 ServerVersion 186 Storage 186 Timeout 186 TScSSHShell 192 E nvironment 193 E xecuteCommand 194 ReadString 194 WriteString 194 TScSSLClient 195 AfterConnect 202 AfterDisconnect 202
BeforeConnect 202 BeforeDisconnect 202 CACertName 196 CertName 196 CipherSuites 196 Connect 200 Connected 197 ConnectionInfo 197 Disconnect 200 HostName 197 InCount 197 IsSecure 197 NonBlocking 198 OnAsyncE rror 203 OnAsyncReceive 203 OnServerCertValidate 203 OutCount 198 Port 198 Protocols 198 ReadBuffer 200 Storage 199 Timeout 199 WriteBuffer 201 TScStorage 205 Certificates 206 DeleteStorage 207 Keys 206 OnCheckUserKey 208 OnCheckUserPass 208 ReadOnly 206 Users 206 TScUser 209 Authentications 210 BeginUpdate 212 E ndUpdate 212 Key 210 Passw ord 210 UserList 211 UserName 211 TScUserList 213 Add 215 CheckUserName 215 Clear 215 Count 214 FindUser 215 GetUserNames 216 IndexOf 216 Refresh 217
Index
240
TScUserList 213 Remove 216 Storage 214 UserByName 216 Users 214
- UUID 138 TScSFTPFileAttributes 138 UnBlock TScSFTPClient 118 UntranslatedName 139 TScSFTPFileAttributes 139 UnusedBytesAvailableToUser TScSpaceAvailableReplyE xtension 158 UnusedBytesOnDevice TScSpaceAvailableReplyE xtension 158 UploadFile TScSFTPClient 119 User TScSSHClient 171 UserByName TScUserList 216 UserList 211 TScUser 211 UserName 211 TScUser 211 Users TScStorage 206 TScUserList 214
TScSFTPVendorE xtension 154 VerifySign TScCertificate 53 TScKey 83 Version 50, 104 TScCertificate 50 TScSFTPClient 104 Versions 146 TScSFTPServerProperties 146 TScSFTPVersionsE xtension 156 VersionsAvailable 146 TScSFTPServerProperties 146
-WWho 99 TScSFTPACE Item 99 WriteBlockSize 104 TScSFTPClient 104 WriteBuffer TScSSHChannel 163 TScSSHCustomChannel 179 TScSSLClient 201 WriteFile TScSFTPClient 119 WriteString TScSSHCustomChannel 163 TScSSHShell 194
-VValidAttributes 139 TScSFTPFileAttributes 139 Value 92 TScOid 92 ValueFromIndex 70 TScDistinguishedName 70 Values 70 TScDistinguishedName 70 Vendor 146 TScSFTPServerProperties 146 VendorAvailable 146 TScSFTPServerProperties 146 VendorName

Secure Bridge

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Secure Bridge

Uploaded by

Copyright:

Available Formats

SecureBridge Components

SecureBridge Alphabetical Object and Component Listing ..................................................................................................................................................37

SecureBridge Components, Copyright 2007-2009 Devart

M ethods ................................................................................................................................................. 105

E vents ................................................................................................................................................. 120

M ethods ................................................................................................................................................. 152

.......................................................................................................................................................................................... VendorName 154

M ethods ................................................................................................................................................. 163

E vents ................................................................................................................................................. 165

M ethods ................................................................................................................................................. 172

E vents ................................................................................................................................................. 173

M ethods ................................................................................................................................................. 178

E vents ................................................................................................................................................. 180

M ethods ................................................................................................................................................. 187

E vents ................................................................................................................................................. 188

M ethods ................................................................................................................................................. 194

M ethods ................................................................................................................................................. 200

E vents ................................................................................................................................................. 202

M ethods ................................................................................................................................................. 207

E vents ................................................................................................................................................. 208

M ethods ................................................................................................................................................. 212

M ethods ................................................................................................................................................. 215

SecureBridge Object and Component Listing by Unit ..................................................................................................................................................218

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SSH tunnel diagram

SSL connection diagram

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

Serves for remote commands execution using abilities of an SSH server.

Implements SSH server functionality.

Stores list of certificates, keys, and users in files.

Stores list of certificates, keys, and users in the system registry.

SecureBridge Components, Copyright 2007-2009 Devart

See Also Hierarchy chart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

|-TProtection |TScRandom |TScRandom_LFSR

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

Location W indow s\System32 Delphi\Bin Delphi\Bin Delphi\Bin

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

Only Architect, E nterprise, and Professional editions are supported.

SecureBridge Components, Copyright 2007-2009 Devart

12 Licensing and Subscriptions

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart

14.2 SSH specific

14.2.1 SSH-tunnel principles

SecureBridge Components, Copyright 2007-2009 Devart

SecureBridge Components, Copyright 2007-2009 Devart