Use storage to store server and client certificates when setting the TLS/SSL client. Server certificate is used for the authentication of a TLS/SSL server. Client certificates can be used for the client authentication. In this case the certificate must contain the private key.

 

Storage setup

Place one of the storage components onto the form: TScCryptoAPIStorage, TScFileStorage, or TScRegStorage.
Specify the path to be used to store information about certificates in the CertStoreName / Path / KeyPath property (depending on the the storage component type).
Add server and client certificates to the storage:
1.Open the editor of the storage component by double click on it, and select the Certificates tab.
2.Add a new certificate by pressing the New button.
3.Type the certificate name.
4.Import information from a file that contains a certificate by using the "Import from..." button.

 

SSL/TLS client setup

Place the TScSSLClient component onto the form.
In the HostName property specify the name of the host on which the TLS/SSL server is located.
In the Port property specify the port number for TCP/IP connection with the TLS/SSL server.
Select already created storage object in the Storage property.
Specify the server certificate in the CACertName property.
If necessary, specify the client certificate in the CertName property.
Establish connection to the server setting the Connected property to True.
To make the connection secure, turn the IsSecure property to True.

 

Random numbers generating

When establishing connection to an TLS/SSL server, random numbers for creating session keys are generated. These keys will be used in the data encryption algorithms. For getting random numbers, pseudo random number generators are used. Before using the pseudo random number generator, you should initialize it, by setting a start seed value. This seed value can be obtained in different ways: using processor step counter, sound card noise, information of random mouse movements, or pressure of keyboard keys. However, the first two ways is not reliable.

One of such ways is implemented in the SSHClient demo.

When using the SecureBridge component library, you should pass a sequence of the random values to the Randomize method of the global Random object.

SecureBridge Components, Copyright © 2007-2021 Devart. All Rights Reserved. Provide Feedback Visit Forum Request Support