SecureBlackbox 16: Using SecureBlackbox with kbmMW


kbmMW uses different transports from different vendors. Currently, these are Indy and DXSock. SecureBlackbox supports the Indy transport, with DXSock support planned. Data exchange via transport components can be affected by various plugins. Plugins are descendants of the TkbmMWCustomTransportPlugin class. Depending on the version of the Indy components you use, SecureBlackbox offers two different plugins: TElkbmMWIndy9Plugin for Indy 9 support and TElkbmMWIndy8Plugin for Indy 8 support.

Adding the Client Components with Indy 9

The steps to add SecureBlackbox with the Indy 9 transport on the client side are below:

  1. Install the necessary packages as described in the SecureBlackbox ReadMe file.
  2. Add the TkbmMWTCPIPIndyClientTransport component (named "TCPTransport" in this example) to the form.
  3. Add the TElkbmMWIndy9Plugin (named "SSLPlugin" in this example) to the form.
  4. Add the TElIndySSLIOHandlerSocket component (named "IOHandler" in this example) to the form.
  5. Set the TCPTransport.Plugin property to SSLPlugin.
  6. Set the SSLPlugin.ClientHandler property to IOHandler.
  7. Optionally, adjust the properties of IOHandler.
  8. Optionally, add a certificate storage to the form and set the IOHandler.CertStorage property to that certificate storage.

Add the Server Components with Indy 9

The steps to add SecureBlackbox with the Indy 9 transport on the server side are the following:

  1. Install the necessary packages as described in the SecureBlackbox ReadMe file.
  2. Add the TkbmMWTCPIPIndyServerTransport component (named "TCPTransport" in this example) to the form.
  3. Add the TElkbmMWIndy9Plugin component (named "SSLPlugin" in this example) to the form.
  4. Add the TElIndySSLServerIOHandler component (named "IOHandler" in this example) to the form.
  5. Set the TCPTransport.Plugin property to SSLPlugin.
  6. Set the SSLPlugin.ServerHandler property to IOHandler.
  7. Optionally, adjust the properties of IOHandler.
  8. Optionally, add a certificate storage to the form and set the IOHandler.CertStorage property to that certificate storage. This storage contains server certificates.
  9. Optionally, add a certificate storage to the form and set the IOHandler.ClientCertStorage property to that certificate storage. This storage contains the certificates of the clients if they are requested from clients when connecting.

Add the Client Components with Indy 8

The steps to add SecureBlackbox with the Indy 8 transport on the client side are below:

  1. Install the necessary packages as described in SecureBlackbox ReadMe file.
  2. Add the TkbmMWTCPIPIndyClientTransport component (named "TCPTransport" in this example) to the form.
  3. Add the TElkbmMWIndy8Plugin component (named "SSLPlugin" in this example) to the form.
  4. Add the TElIndyConnectionSSLIntercept component (named "Intercept" in this example) to the form.
  5. Set the TCPTransport.Plugin property to SSLPlugin.
  6. Set the SSLPlugin.ClientIntercept property to IOHandler.
  7. Optionally, adjust the properties of Intercept.
  8. Optionally, add a certificate storage to the form and set the Intercept.CertStorage property to that certificate storage.

Add the Server Components with Indy 8

The steps to add SecureBlackbox with the Indy 8 transport on the server side are below:

  1. Install the necessary packages as described in the the SecureBlackbox ReadMe file.
  2. Add the TkbmMWTCPIPIndyServerTransport component (named "TCPTransport" in this example) to the form.
  3. Add the TElkbmMWIndy8Plugin component (named "SSLPlugin" in this example) to the form.
  4. Add the TElIndyServerSSLIntercept component (named "Intercept" in this example) to the form.
  5. Set the TCPTransport.Plugin property to SSLPlugin.
  6. Set the SSLPlugin.ServerIntercept property to Intercept.
  7. Optionally, adjust the properties of Intercept.
  8. Optionally, add a certificate storage to the form and set the Intercept.CertStorage property to that certificate storage. This storage contains server certificates.
  9. Optionally, add a certificate storage to the form and set the Intercept.ClientCertStorage property to that certificate storage. This storage contains the certificates of the clients if they are requested from clients when connecting.

You will find sample projects of using SecureBlackbox with kbmMW in the (SecureBlackbox)\Samples\kbmMW folder.


Towards Maximum Security

After the steps above, your connection is encrypted. However, the task is not complete. It is technically possible for some third-party to establish itself as the remote side of the communication and intercept the data.

To prevent this, proper authentication steps must be taken. Both server and client must be properly identified as authorized to access the data. This is done using X.509 certificates. An X.509 certificate can identify the side (server or client) in communications and it can also contain supplementary information that, for example, contains a description of the scope of actions that the client is allowed to perform.

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.