Login/Register
How to establish a secure connection by using Synapse?
Asked Answered
Solved delphisslpublic-key-encryptionararat-synapse
T

1

9

I'm testing Synapse and want to know how can I establish a secure connection. I noticed it supports SSL, but I'm not sure whether it suits my needs. I don't have a certificate from CA. I just want to encrypt all data between my server program and client program. Sure, I can encrypt the data myself before sending out. But if SSL can encrypt the data, maybe I can just use it. From what I know, SSL is for "encryption" and "authentication". What I need is only "encryption". Is it possible with Synapse?

UPDATE:

Thanks for helping from daemon_x and the author of Synapse, Lukas Gebauer, I think I finally make it work. Here are what I did:

Server Side:

1) Uses ssl_openssl in your unit and put 'libeay32.dll' and 'ssleay32.dll' to the same directory of the exe file

2) After a connection is accepted, add following lines of code for the newly created socket.

fclient.SSLAcceptConnection;

Client side:

1) Uses ssl_openssl in your unit and put 'libeay32.dll' and 'ssleay32.dll' to the same directory of the exe file

2) After connected to the server, add following line.

fclient.SSLDoConnect;

If no error occurred, the connection is secure now. But when you run your code, as said in document of Synapse, you may notice that the SSLAcceptConnection takes some time to return. So if you want to speed things up, you better create a certificate file and private key file upfront. And add following code before SSLAcceptConnection

  fclient.SSL.CertificateFile := 'bs-cert';
  fclient.SSL.PrivateKeyFile := 'bs-privatekey';

If you don't have a certificate and private key, please refer to "CreateSelfSignedCert" in ssl_openssl for getting a self-signed certificate and private key. You can save, by WriteStrToStream for example, FCertificate and FPrivatekey to files and use them later.

Toleration answered 13/6, 2011 at 17:50 Comment(0)
V
6

Yes it is; you can use one of the plugins shipped with Synapse. As it's also mentioned there, the best is to use the ssl_openssl.pas. If you decide to follow this one you will need except Sysapse also the OpenSSL library. Author recommends OpenSSL 0.9.7 but as he said on our local forum it seems to works also with OpenSSL 1.0.0d.

Note if you are using D2009 up you will need a Unicode support which is not fully supported in version. Download the latest version instead.

The following sample code receives first 1024 bytes as a response to the HTTP GET method of a secured website using SSL encryption. I've used for it OpenSSL 0.9.8h with the latest version of Synapse. Note you need to put libssl32.dll and libeay32.dll from the OpenSSL package into your output directory to make it work properly. Let's have a form with a button and memo where we receive a result.

uses blcksock, synautil, synsock, ssl_openssl, ssl_openssl_lib;

procedure TForm1.Button1Click(Sender: TObject);
var Socket: TTCPBlockSocket;

begin
  Socket := TTCPBlockSocket.Create;

  try
    Socket.Connect('www.yousendit.com', '443'); // connect to the host
    Socket.SSLDoConnect; // start SSL connection; only server has a certificate

    if Socket.LastError = 0 then
      begin
        Socket.SendString('GET' + CRLF); // request GET method
        Memo1.Text := Socket.RecvBufferStr(1024, 1000); // receive 1024 bytes
      end;

  finally
    Socket.Free;
  end;
end;
Vinaya answered 13/6, 2011 at 21:8 Comment(10)
I appreciate your help. The most confusion for me is that I don't know how can I use the encrypted channel when I don't have certificate. I tried invoke "SSLAcceptConnection" after a connection is accept in server side. And, invoked "SSLDoConnect" in client side after connected to the server. They "seems" to work. But where can I setup the password? I tried "SSL.Password" but seems it's for decrypting certificate. The connection is still established even if the password is different.Toleration
@Toleration You can create self signed certificates.Inherence
Is there any component/code I can integrate to my program to generate the certificate? I think it's a bit of complicated for users to generate the certificate themselves.Toleration
@Toleration - SSLAcceptConnection is for the server side usage. About certificates; there is also a way when Synapse creates ad-hoc certificate for you. In principle should be enough to establish the connection to the host by using Connect, specify SSL.Username, SSL.Password and call SSLDoConnect. Also check if your SSL library is working properly; it doesn't throw any error, it won't work instead. You can check it through SSL.LibName; this should return something else than ssl_none.Vinaya
@daemon_x I think I already made it work. Using "SSLDoConnect" in client side after connected to the server. And, the server invokes "SSLAcceptConnection" after accepted a connection. Now, the problem is, as mentioned in Synpase document, it slows down the connection. The "SSLAcceptConnection" took about 2 seconds in my i3 notebook to return. It's too slow and I think I better create a self-signed certificate upfront to speed it up. Can I generate certificate by Synapse? I don't know how can I get CertificateFile, PrivateKeyFile and CertCAFile.Toleration
@Toleration - take a look here for instance.Vinaya
@Toleration - and to your question; yes it can generate the ad-hoc one but it takes some time as you said.Vinaya
@daemon_x - I'm afraid manual operation doesn't work. I need to generate the certificate in my program if user enabled the security optionToleration
@Toleration - what do you mean with the manual operation ? Anyway the code I've posted cannot work as author told me because you if you will use authetification to your server then you will need a certificate also for your client side. I suppose you are building both sides; the server and the client, don't you ?Vinaya
@daemon_x - yes, I did both sides. I just asked the author of Synapse. He confirmed that I can use CreateSelfSignedCert to create the self-singed certificate and private key file. That's enough for securing the transfer.Toleration

© 2022 - 2024 — McMap. All rights reserved.