TScFileStorage - which file is a key associated with?

Discussion of open issues, suggestions and bugs regarding network security and data protection solution - SecureBridge
Post Reply
docH
Posts: 59
Joined: Sun 22 Dec 2013 15:18

TScFileStorage - which file is a key associated with?

Post by docH » Thu 05 Nov 2020 11:33

I am having difficulty keeping track of which key files are associated with each key name in my TScFileStorage and this is causing many 'key not verified' errors and 'do you want to download a key from the server' messages.

TScFileStorage has the ability to import a file into a key or to export the key to a file.

First question
If I import a file into a key, how can I later tell which file was imported into which key? eg if I import file1.pub into a key called test1, how can I later confirm, at design time, that test1 does contain, or point to, the file1.pub, and if not, which file it does use?
(I assume I could find out at run time using the keylist but by then the application may have already stopped with an error)

second question.
What is the property TScFileStorage .KeyExt used for ?
ie If TScSSHClient says to use a key called key1 and key1 in TScFileStorage had the file file1.pub imported into it , does it matter that TScFileStorage .KeyExt is still set to the default extension of key

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: TScFileStorage - which file is a key associated with?

Post by ViktorV » Mon 09 Nov 2020 13:44

If you have imported the file1.pub physical key file to the test1 key, TScFileStorage will use the test1 physical key file with the extension specified in the TScFileStorage.KeyExt property. There's no way to identify which file was imported to a TScFileStorage key as the key could be imported not only from files, but also from the memory.
The TScFileStorage component uses the key file extension from the TScFileStorage.KeyExt property to create key files and search them at the path from the TScFileStorage.Path property.
Note that the keys in TScFileStorage are not connected to the physical key files in any way after the key information has been imported.
You don't have to import the physical key file (e.g., from file1.pub into test1) each time you need the key. After the initial import of the key, you can move the test1.key file to wherever you need it. Also, you all of your key files have the .pub extension, you can just specify the pub extension in KeyExt and put the key files in the TScFileStorage.Path folder rather than import the keys.

docH
Posts: 59
Joined: Sun 22 Dec 2013 15:18

Re: TScFileStorage - which file is a key associated with?

Post by docH » Sat 21 Nov 2020 11:38

Ok, thanks, that explains it
"You don't have to import the physical key file (e.g., from file1.pub into test1) each time you need the key"
So am I right that once I get it working in design mode with a key downloaded from the server onto my HDD, it will work forever in run mode, even if the key is not on the HDD of the user's machine (provided the key needed by the server doesn't change)

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: TScFileStorage - which file is a key associated with?

Post by ViktorV » Tue 24 Nov 2020 14:37

That's not quite right. As we wrote earlier, the TScFileStorage component works only with files.

The server key is used by the client to authenticate the SSH server. The key name is specified in the property TScSSHClient.HostKeyName. When the client is connecting to the SSH server, SecureBridge looks for the key under the path specified in the property TScFileStorage.Path - if it's found, the client uses the key. If the key was not found, you can use the TScSSHClient.OnServerKeyValidate event handler to obtain the server key and import it to TScStorage. If the TScSSHClient.OnServerKeyValidate event handler is not triggered, this means that the server key was found and authenticated.

To accomplish your task, you can do the following:
- distribute the key with your application and place it on the client machine;
- create a folder (for example, ServerKey) in the folder where your application resides, and put the valid key in there;
- set the TScFileStorage.Path property to the respective path on application startup. For example:
ScFileStorage.Path:= ExtractFilePath(Application.ExeName) + '\ServerKey';

Post Reply