SecureBlackbox 2020 Frequently Asked Questions

Use this article to find answers to questions that are often asked in our support channels. Many questions may already be covered in this section. If your question is one of them, looking the answer up here may help you much quicker than waiting for the support team's answer.

Contents

Supported Platforms

SecureBlackbox supports a number of operating platforms. As you probably noticed, some platforms are supported by more than one edition. For example, Android is supported by a dedicated Android edition, C++ edition, and Delphi edition. Which one to choose?

In most cases, the choice of the platform is substantiated by the development environment that you use or prefer to use. In the above example with Android, if you use Java for your Android development, the Android edition would be the right one to choose. If you use Firemonkey with Delphi, the Delphi edition would be a more appropriate choice.

For your convenience, we are presenting the answer from two viewpoints: from the viewpoint of someone with a specific target platform, needing to make a decision about the product edition to use, and from the viewpoint of someone interested in knowing a set of platforms supported by a particular SecureBlackbox edition.

My target platform is...

Windows

Most of development environments and SDKs are available for Windows, so virtually any SecureBlackbox edition can be used to develop for this popular platform. The only exceptions are iOS and Android edition, which target specific mobile platforms.

Linux

For Linux you can also develop with a variety of editions:

  • with .NET edition using Visual Studio Code and .NET Core
  • with Java edition, running your applications on Linux JVM
  • with Delphi edition using Embarcadero Linux compiler, FreePascal/Lazarus, or CodeTyphon
  • with C++ edition using g++
  • with Kotlin edition
  • with PHP or Python editions using respective interpreters.

Mac OS X

The following editions support development for Mac OS X:

  • .NET edition using Visual Studio Code and .NET Core
  • C++ edition using Objective C or Swift
  • Delphi edition using Embarcadero compilers for Mac OS or FreePascal
  • Java and Kotlin editions
  • Python and PHP editions

Android

Android is supported by Android edition (pure Java for Android JVM), C++ edition, and Delphi edition using Embarcadero Android compiler.

iOS

iOS edition is supported by iOS edition (Swift) and Delphi Edition (Embarcadero iOS compiler).

I develop with ... edition, what platforms can I create apps for?

.NET edition

With .NET edition you can create applications for Windows (.NET framework, .NET Standard), Linux (.NET Standard), Mac OS X (.NET Standard), and Windows Mobile (.NET CF). You can use any compatible CLR language, including C# and VB.NET.

Java edition

Java edition supports all platforms that have an associated full JVM. This includes Windows, Linux, Mac OS X. Use Android edition to develop Java apps for Android.

Delphi edition

SecureBlackbox Delphi edition supports all Embarcadero compilers, allowing to create applications based on classic VCL and Firemonkey, as well as FreePascal. This means that you can use it to develop for Windows, Linux, Mac OS X, Android, and iOS. The source code can also be built for ARM (Raspbian) using FreePascal.

C++ edition

C++ edition can be used to develop for Windows, Linux, Mac OS X, and Android (natively).

iOS and Android editions

These two editions target mobile platforms native tools specifically. iOS edition offers support for Objective C and Swift, and Android edition supports development in Java with Android Studio.

C++ Builder edition

C++ Builder edition (don't confuse with C++ edition) supports Windows using Embarcadero C++ Builder compilers.

PHP and Python editions

PHP and Python editions can be used with the respective interpreters on Windows, Linux, and Mac OS X.

NodeJS edition

NodeJS edition supports Windows, Linux, and Mac OS X.

Qt edition

With Qt edition you can develop for Windows, Linux, or Mac OS X.

Kotlin edition

Kotlin edition supports development for any platform supported by Kotlin itself. This includes Windows, Linux, Mac OS X, and Android.

Supported Algorithms

This page answers the most commom questions about scope of algorithms and technologies supported by SecureBlackbox, all in one place.

Please note that higher-level technologies often use their own variations of algorithms, which may see a particular algorithm not being supported with that particular technology. For example, TLS does not define ciphersuites to be used with TWOFISH, so while this algorithm is supported by SecureBlackbox is general, it won't be available in TLS components.

Symmetric cryptography

Here is a comprehensive list of symmetric algorithms supported by SecureBlackbox.

  • AES (Rijndael): 128, 192, and 256 bit
  • Blowfish: 128 to 448 bit
  • Camellia: 128, 192, and 256 bit
  • CAST5: 128 bit
  • ChaCha20: 256 bit
  • DES: 56 bit
  • 3DES-EDE: 168 bit
  • IDEA: 128 bit
  • RC2: 128 bit
  • RC4: 64-128 bit (stream cipher)
  • Serpent: 128, 192, and 256 bit
  • Twofish: 128, 192, and 256 bit

The following symmetric cipher modes are supported: ECB, CBC, CTR, CFB8, GCM, CCM (AEAD).

Public key cryptography

The following public key (asymmetric) cryptographic algorithms are supported:

  • RSA (PKCS#1, OAEP, and PSS variants)
  • ECDSA (see the list of supported curves below)
  • EdDSA (curve 448, curve 25519)
  • Elgamal
  • DSA
  • Diffie-Hellman

Supported Elliptic Curves:

  • SEC2 recommended curves over a prime field (SECP112R1, SECP112R2, SECP128R1, SECP128R2, SECP160K1, SECP160R1, SECP160R2, SECP192K1, SECP192R1, SECP224K1, SECP224R1, SECP256K1, SECP256R1, SECP384R1, SECP521R1)
  • SEC2 recommended curves over extended binary field (SECT113R1, SECT113R2, SECT131R1, SECT131R2, SECT163K1, SECT163R1, SECT163R2, SECT193R1, SECT193R2, SECT233K1, SECT233R1, SECT239K1, SECT283K1, SECT283R1, SECT409K1, SECT409R1, SECT571K1, SECT571R1)
  • X9.62 recommended curves over a prime field (PRIME192V1, PRIME192V2, PRIME192V3, PRIME239V1, PRIME239V2, PRIME239V3, PRIME256V1)
  • X9.62 recommended curves over an extended binary field (C2PNB163V1, C2PNB163V2, C2PNB163V3, C2PNB176W1, C2TNB191V1, C2TNB191V2, C2TNB191V3, C2ONB191V4, C2ONB191V5, C2PNB208W1, C2TNB239V1, C2TNB239V2, C2TNB239V3, C2ONB239V4, C2ONB239V5, C2PNB272W1, C2PNB304W1, C2TNB359V1, C2PNB368W1, C2TNB431R1)
  • NIST recommended curves over a prime field (P192, P224, P256, P384, P521)
  • NIST recommended curves over an extended binary field (B163, B233, B283, B409, B571)
  • NIST recommended Koblitz curves (K163, K233, K283, K409, K571)
  • Brainpool curves (P160R1, P160T1, P192R1, P192T1, P224R1, P224T1, P256R1, P256T1, P320R1, P320T1, P384R1, P384T1, P512R1, P512T1)
  • Edwards curves (curve 25519, curve 448)

Hash algorithms

The following hash algorithms are supported.

  • SHA256
  • SHA384
  • SHA512
  • SHA224
  • SHA3-256
  • SHA3-384
  • SHA3-512
  • SHA3-224
  • RIPEMD160
  • Whirlpool
  • Poly1305
  • Argon2
  • Blake2
  • SHAKE
  • SHA1
  • MD5
  • MD4
  • MD2
  • CRC32 (*)
  • HMAC (SHA1, SHA2, SHA3, RIPEMD160-based)
  • UMAC

(*) CRC is not exactly a hash algorithm, but we include it in this category for being close enough to it.

TLS ciphersuites

Below follows a comprehensive list of ciphersuites supported by SecureBlackbox. Note that not all of the ciphersuites are enabled by default, and, when enabled, some have higher priorities than the others.

  • NULL_NULL_NULL
  • RSA_NULL_MD5
  • RSA_NULL_SHA
  • RSA_RC4_MD5
  • RSA_RC4_SHA
  • RSA_RC2_MD5
  • RSA_IDEA_MD5
  • RSA_IDEA_SHA
  • RSA_DES_MD5
  • RSA_DES_SHA
  • RSA_3DES_MD5
  • RSA_3DES_SHA
  • RSA_AES128_SHA
  • RSA_AES256_SHA
  • DH_DSS_DES_SHA
  • DH_DSS_3DES_SHA
  • DH_DSS_AES128_SHA
  • DH_DSS_AES256_SHA
  • DH_RSA_DES_SHA
  • DH_RSA_3DES_SHA
  • DH_RSA_AES128_SHA
  • DH_RSA_AES256_SHA
  • DHE_DSS_DES_SHA
  • DHE_DSS_3DES_SHA
  • DHE_DSS_AES128_SHA
  • DHE_DSS_AES256_SHA
  • DHE_RSA_DES_SHA
  • DHE_RSA_3DES_SHA
  • DHE_RSA_AES128_SHA
  • DHE_RSA_AES256_SHA
  • DH_ANON_RC4_MD5
  • DH_ANON_DES_SHA
  • DH_ANON_3DES_SHA
  • DH_ANON_AES128_SHA
  • DH_ANON_AES256_SHA
  • RSA_RC2_MD5_EXPORT
  • RSA_RC4_MD5_EXPORT
  • RSA_DES_SHA_EXPORT
  • DH_DSS_DES_SHA_EXPORT
  • DH_RSA_DES_SHA_EXPORT
  • DHE_DSS_DES_SHA_EXPORT
  • DHE_RSA_DES_SHA_EXPORT
  • DH_ANON_RC4_MD5_EXPORT
  • DH_ANON_DES_SHA_EXPORT
  • RSA_CAMELLIA128_SHA
  • DH_DSS_CAMELLIA128_SHA
  • DH_RSA_CAMELLIA128_SHA
  • DHE_DSS_CAMELLIA128_SHA
  • DHE_RSA_CAMELLIA128_SHA
  • DH_ANON_CAMELLIA128_SHA
  • RSA_CAMELLIA256_SHA
  • DH_DSS_CAMELLIA256_SHA
  • DH_RSA_CAMELLIA256_SHA
  • DHE_DSS_CAMELLIA256_SHA
  • DHE_RSA_CAMELLIA256_SHA
  • DH_ANON_CAMELLIA256_SHA
  • PSK_RC4_SHA
  • PSK_3DES_SHA
  • PSK_AES128_SHA
  • PSK_AES256_SHA
  • DHE_PSK_RC4_SHA
  • DHE_PSK_3DES_SHA
  • DHE_PSK_AES128_SHA
  • DHE_PSK_AES256_SHA
  • RSA_PSK_RC4_SHA
  • RSA_PSK_3DES_SHA
  • RSA_PSK_AES128_SHA
  • RSA_PSK_AES256_SHA
  • RSA_SEED_SHA
  • DH_DSS_SEED_SHA
  • DH_RSA_SEED_SHA
  • DHE_DSS_SEED_SHA
  • DHE_RSA_SEED_SHA
  • DH_ANON_SEED_SHA
  • SRP_SHA_3DES_SHA
  • SRP_SHA_RSA_3DES_SHA
  • SRP_SHA_DSS_3DES_SHA
  • SRP_SHA_AES128_SHA
  • SRP_SHA_RSA_AES128_SHA
  • SRP_SHA_DSS_AES128_SHA
  • SRP_SHA_AES256_SHA
  • SRP_SHA_RSA_AES256_SHA
  • SRP_SHA_DSS_AES256_SHA
  • ECDH_ECDSA_NULL_SHA
  • ECDH_ECDSA_RC4_SHA
  • ECDH_ECDSA_3DES_SHA
  • ECDH_ECDSA_AES128_SHA
  • ECDH_ECDSA_AES256_SHA
  • ECDHE_ECDSA_NULL_SHA
  • ECDHE_ECDSA_RC4_SHA
  • ECDHE_ECDSA_3DES_SHA
  • ECDHE_ECDSA_AES128_SHA
  • ECDHE_ECDSA_AES256_SHA
  • ECDH_RSA_NULL_SHA
  • ECDH_RSA_RC4_SHA
  • ECDH_RSA_3DES_SHA
  • ECDH_RSA_AES128_SHA
  • ECDH_RSA_AES256_SHA
  • ECDHE_RSA_NULL_SHA
  • ECDHE_RSA_RC4_SHA
  • ECDHE_RSA_3DES_SHA
  • ECDHE_RSA_AES128_SHA
  • ECDHE_RSA_AES256_SHA
  • ECDH_ANON_NULL_SHA
  • ECDH_ANON_RC4_SHA
  • ECDH_ANON_3DES_SHA
  • ECDH_ANON_AES128_SHA
  • ECDH_ANON_AES256_SHA
  • RSA_NULL_SHA256
  • RSA_AES128_SHA256
  • RSA_AES256_SHA256
  • DH_DSS_AES128_SHA256
  • DH_RSA_AES128_SHA256
  • DHE_DSS_AES128_SHA256
  • DHE_RSA_AES128_SHA256
  • DH_DSS_AES256_SHA256
  • DH_RSA_AES256_SHA256
  • DHE_DSS_AES256_SHA256
  • DHE_RSA_AES256_SHA256
  • DH_ANON_AES128_SHA256
  • DH_ANON_AES256_SHA256
  • RSA_AES128_GCM_SHA256
  • RSA_AES256_GCM_SHA384
  • DHE_RSA_AES128_GCM_SHA256
  • DHE_RSA_AES256_GCM_SHA384
  • DH_RSA_AES128_GCM_SHA256
  • DH_RSA_AES256_GCM_SHA384
  • DHE_DSS_AES128_GCM_SHA256
  • DHE_DSS_AES256_GCM_SHA384
  • DH_DSS_AES128_GCM_SHA256
  • DH_DSS_AES256_GCM_SHA384
  • DH_ANON_AES128_GCM_SHA256
  • DH_ANON_AES256_GCM_SHA384
  • ECDHE_ECDSA_AES128_SHA256
  • ECDHE_ECDSA_AES256_SHA384
  • ECDH_ECDSA_AES128_SHA256
  • ECDH_ECDSA_AES256_SHA384
  • ECDHE_RSA_AES128_SHA256
  • ECDHE_RSA_AES256_SHA384
  • ECDH_RSA_AES128_SHA256
  • ECDH_RSA_AES256_SHA384
  • ECDHE_ECDSA_AES128_GCM_SHA256
  • ECDHE_ECDSA_AES256_GCM_SHA384
  • ECDH_ECDSA_AES128_GCM_SHA256
  • ECDH_ECDSA_AES256_GCM_SHA384
  • ECDHE_RSA_AES128_GCM_SHA256
  • ECDHE_RSA_AES256_GCM_SHA384
  • ECDH_RSA_AES128_GCM_SHA256
  • ECDH_RSA_AES256_GCM_SHA384
  • PSK_AES128_GCM_SHA256
  • PSK_AES256_GCM_SHA384
  • DHE_PSK_AES128_GCM_SHA256
  • DHE_PSK_AES256_GCM_SHA384
  • RSA_PSK_AES128_GCM_SHA256
  • RSA_PSK_AES256_GCM_SHA384
  • PSK_AES128_SHA256
  • PSK_AES256_SHA384
  • PSK_NULL_SHA256
  • PSK_NULL_SHA384
  • DHE_PSK_AES128_SHA256
  • DHE_PSK_AES256_SHA384
  • DHE_PSK_NULL_SHA256
  • DHE_PSK_NULL_SHA384
  • RSA_PSK_AES128_SHA256
  • RSA_PSK_AES256_SHA384
  • RSA_PSK_NULL_SHA256
  • RSA_PSK_NULL_SHA384
  • RSA_CAMELLIA128_SHA256
  • DH_DSS_CAMELLIA128_SHA256
  • DH_RSA_CAMELLIA128_SHA256
  • DHE_DSS_CAMELLIA128_SHA256
  • DHE_RSA_CAMELLIA128_SHA256
  • DH_ANON_CAMELLIA128_SHA256
  • RSA_CAMELLIA256_SHA256
  • DH_DSS_CAMELLIA256_SHA256
  • DH_RSA_CAMELLIA256_SHA256
  • DHE_DSS_CAMELLIA256_SHA256
  • DHE_RSA_CAMELLIA256_SHA256
  • DH_ANON_CAMELLIA256_SHA256
  • ECDHE_ECDSA_CAMELLIA128_SHA256
  • ECDHE_ECDSA_CAMELLIA256_SHA384
  • ECDH_ECDSA_CAMELLIA128_SHA256
  • ECDH_ECDSA_CAMELLIA256_SHA384
  • ECDHE_RSA_CAMELLIA128_SHA256
  • ECDHE_RSA_CAMELLIA256_SHA384
  • ECDH_RSA_CAMELLIA128_SHA256
  • ECDH_RSA_CAMELLIA256_SHA384
  • RSA_CAMELLIA128_GCM_SHA256
  • RSA_CAMELLIA256_GCM_SHA384
  • DHE_RSA_CAMELLIA128_GCM_SHA256
  • DHE_RSA_CAMELLIA256_GCM_SHA384
  • DH_RSA_CAMELLIA128_GCM_SHA256
  • DH_RSA_CAMELLIA256_GCM_SHA384
  • DHE_DSS_CAMELLIA128_GCM_SHA256
  • DHE_DSS_CAMELLIA256_GCM_SHA384
  • DH_DSS_CAMELLIA128_GCM_SHA256
  • DH_DSS_CAMELLIA256_GCM_SHA384
  • DH_ANON_CAMELLIA128_GCM_SHA256
  • DH_ANON_CAMELLIA256_GCM_SHA384
  • ECDHE_ECDSA_CAMELLIA128_GCM_SHA256
  • ECDHE_ECDSA_CAMELLIA256_GCM_SHA384
  • ECDH_ECDSA_CAMELLIA128_GCM_SHA256
  • ECDH_ECDSA_CAMELLIA256_GCM_SHA384
  • ECDHE_RSA_CAMELLIA128_GCM_SHA256
  • ECDHE_RSA_CAMELLIA256_GCM_SHA384
  • ECDH_RSA_CAMELLIA128_GCM_SHA256
  • ECDH_RSA_CAMELLIA256_GCM_SHA384
  • PSK_CAMELLIA128_GCM_SHA256
  • PSK_CAMELLIA256_GCM_SHA384
  • DHE_PSK_CAMELLIA128_GCM_SHA256
  • DHE_PSK_CAMELLIA256_GCM_SHA384
  • RSA_PSK_CAMELLIA128_GCM_SHA256
  • RSA_PSK_CAMELLIA256_GCM_SHA384
  • PSK_CAMELLIA128_SHA256
  • PSK_CAMELLIA256_SHA384
  • DHE_PSK_CAMELLIA128_SHA256
  • DHE_PSK_CAMELLIA256_SHA384
  • RSA_PSK_CAMELLIA128_SHA256
  • RSA_PSK_CAMELLIA256_SHA384
  • ECDHE_PSK_CAMELLIA128_SHA256
  • ECDHE_PSK_CAMELLIA256_SHA384
  • ECDHE_PSK_RC4_SHA
  • ECDHE_PSK_3DES_SHA
  • ECDHE_PSK_AES128_SHA
  • ECDHE_PSK_AES256_SHA
  • ECDHE_PSK_AES128_SHA256
  • ECDHE_PSK_AES256_SHA384
  • ECDHE_PSK_NULL_SHA
  • ECDHE_PSK_NULL_SHA256
  • ECDHE_PSK_NULL_SHA384
  • ECDHE_RSA_CHACHA20_POLY1305_SHA256
  • ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
  • DHE_RSA_CHACHA20_POLY1305_SHA256
  • PSK_CHACHA20_POLY1305_SHA256
  • ECDHE_PSK_CHACHA20_POLY1305_SHA256
  • DHE_PSK_CHACHA20_POLY1305_SHA256
  • RSA_PSK_CHACHA20_POLY1305_SHA256
  • AES128_GCM_SHA256
  • AES256_GCM_SHA384
  • CHACHA20_POLY1305_SHA256
  • AES128_CCM_SHA256
  • AES128_CCM8_SHA256

SSH algorithms

The following SSH algorithms are supported. All ciphers are given in the notation used in the SSH specification.

  • Symmetric key algorithms: aes128-gcm, aes256-gcm, aes128-gcm@openssh.com, aes256-gcm@openssh.com, chacha20-poly1305, chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, 3des-ctr, blowfish-ctr, twofish128-ctr, twofish192-ctr, twofish256-ctr, serpent128-ctr, serpent192-ctr, serpent256-ctr, idea-ctr, cast128-ctr, arcfour128, arcfour256, 3des-cbc, blowfish-cbc, twofish256-cbc, twofish192-cbc, twofish128-cbc, aes256-cbc, aes192-cbc, aes128-cbc, serpent256-cbc, serpent192-cbc, serpent128-cbc, arcfour, idea-cbc, cast128-cbc, des-cbc, none.
  • Public key algorithms: ssh-dss, ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss, ssh-ed25519, ssh-ed448 ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ecdsa-sha2-nistk163, ecdsa-sha2-nistp192, ecdsa-sha2-nistp224, ecdsa-sha2-nistk233, ecdsa-sha2-nistb233, ecdsa-sha2-nistk283, ecdsa-sha2-nistk409, ecdsa-sha2-nistb409, ecdsa-sha2-nistt571, ecdsa-sha2-curve25519, x509v3-ssh-rsa, x509v3-ssh-dss, x509v3-rsa2048-sha256, x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521, x509v3-ecdsa-sha2-nistk163, x509v3-ecdsa-sha2-nistp192, x509v3-ecdsa-sha2-nistp224, x509v3-ecdsa-sha2-nistk233, x509v3-ecdsa-sha2-nistb233, x509v3-ecdsa-sha2-nistk283, x509v3-ecdsa-sha2-nistk409, x509v3-ecdsa-sha2-nistb409, x509v3-ecdsa-sha2-nistt571, x509v3-ecdsa-sha2-curve25519,
  • Key exchange algorithms: diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha256, rsa1024-sha1, rsa2048-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, ecdh-sha2-nistk163, ecdh-sha2-nistp192, ecdh-sha2-nistp224, ecdh-sha2-nistk233, ecdh-sha2-nistb233, ecdh-sha2-nistk283, ecdh-sha2-nistk409, ecdh-sha2-nistb409, ecdh-sha2-nistt571, ecdh-sha2-curve25519, curve25519-sha256@libssh.org, curve448-sha512@libssh.org gss-gex-sha1-*, gss-group1-sha1-*, gss-group14-sha1-*
  • Hash (MAC) algorithms: hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96, hmac-ripemd160, hmac-ripemd, hmac-ripemd160@openssh.com, hmac-sha256@ssh.com, hmac-sha256-96@ssh.com, umac-32@openssh.com, umac-64@openssh.com, umac-96@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, aes128-gcm, aes256-gcm, chacha20-poly1305@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, none

Common Errors

This section covers the most popular errors stepped on by our customers and relevant approaches to their resolution.

TLS certificate validation failed: error 75788; the connection will be terminated

This error can be returned by any component involved in TLS activity - either directly (like Httpclient) or indirectly (like Pdfsigner, which may use TLS when connecting to a timestamping service). It indicates that the TLS certificate presented by the server didn't pass the chain validation procedure.

One of the most common reasons for the TLS certificate to fail validation is that its chain doesn't lead to a trust anchor - a root or CA certificate explicitly trusted in the system. This may happen for a variety of reasons, with the most popular being an outdated or missing list of trusted certificates in the system. For example, aging Windows XP or Windows Mobile systems are unlikely to have trust anchors capable of validating modern web site certificates.

This is also the default case on Linux which, unlike Windows or Mac OS, does not have a concept of system-wide trusted certificates. This means that on Linux systems you must supply the list of trusted certificates to the component manually to make TLS connection work.

Finally, your company's internal test or file servers are unlikely to have their certificates trusted in the system. To connect to them smoothly, you might want to "pin" them to your component by adding their certificate to the component's TrustedCertificates collection.

See the Validating TLS Certificates article for more details about validating certificates in TLS components.

'Invalid Certificate Data', 'Invalid size', or 'Invalid file format (possibly not a PEM?)' exceptions when loading a certificate in Delphi application

Sometimes, when running your application from Delphi IDE, you may observe one or more of those exceptions. In most cases they do not indicate that anything is going wrong and do not affect the flow of your application. Your certificate is most likely well-formed and good for use.

These exceptions are thrown, and caught, by SBB itself, internally, to facilitate and control certificate processing. You can only notice them when running your application under a Delphi debugger, but not when running it standalone outside of it.

The next time when one of these exceptions stops the execution of your program, tick the 'Ignore this exception type' checkbox on the exception dialog before clicking 'Continue'. This will tell the debugger to never stop on it again. Note that as certificate processing may throw several different exceptions, you might need to repeat this procedure for every such exception: EElCertificateError, EElASN1ReadError etc. There are only a few of them (4 or 5) but once you've done this procedure for all or them you will no longer see them.

SecureBlackbox-powered Delphi application crashes on startup. A 0xC000007B or 0x0EEDFADE error is sometimes returned.

This error affects the standard variant of Delphi Edition (not the Backwards Compatibility Pack), and is a symptom of DEP kicking in. It may happen on some target systems but not on others.

More systems are gradually enforcing DEP these days, which, unfortunately, may clash with the way SecureBlackbox packages its functionality by default.

One guaranteed way to avoid this problem is to switch to the external DLL deployment mode when distributing your SecureBlackbox-driven application. You can do that by defining a USESECUREBLACKBOXDLL conditional globally when compiling your project (USESECUREBLACKBOXLITEDLL if using SecureBlackbox Lite), and including secureblackbox20.dll (secureblackboxlite20.dll) in your deployment package.

Delphi Edition Variants

SecureBlackbox offers a number of installation options when it comes to its Delphi Edition. This article intends to provide a quick summary of differences between them, and help you decide which one to choose for your project.

The Delphi edition is shipped in three packaging variants:

The first two variants are available with any SecureBlackbox 2020 Delphi Edition or Red Carpet license. The source code package is licensed separately.

SecureBlackbox 2020 Delphi Edition (the default variant)

This package follows the traditional way of packaging Delphi components by /n software. It includes a selection of v2020-style classes (the new API), such as TsbxPDFSigner, TsbxSFTPClient, or TsbxHTTPServer. The components are implemented as wrappers around an external DLL library, which makes them easy to install and deploy. It also supports all versions of Delphi, starting from Delphi 6 (excluding Delphi 8), and will likely continue to support future Delphi versions.

The installation package is ready to use with any Delphi version.
This package supports the following targets: Windows (32 and 64 bit), Linux (64 bit only), macOS (64 bit only), Android ARM (32 and 64 bit), and iOS.

SecureBlackbox 2020 Delphi Edition - Backwards Compatibility Pack

This package delivers SecureBlackbox functionality in the way similar to the one used in earlier versions (16, 15 etc.), hence the name. The installation includes a selection of v2020-style classes (the new API), as well as v16-style components inherited from earlier versions (TElPDFDocument, TElSimpleSFTPClient, TElX509Certificate)). Both sets of components are shipped in the form of precompiled .dcu files. Architecturally, the v16 style-components work as a backbone for v2020-style classes, so both sets of components provide the same level of support for security protocols and standards.

Besides the .dcu files, each BCP distribution includes .hpp and .obj files that can be used with the matching version of C++ Builder. For example, SecureBlackbox 2020 Delphi Edition - Backwards Compatibility Pack Delphi 10.2 Tokyo includes .obj and .hpp files that can be used with C++ Builder 10.2 Tokyo.

Due to large cumulative size of the .dcu files and the need to supply an individual set of .dcu files for every Delphi version and platform, we split the BCP distribution into a number of separate downloads, one per Delphi version. Please pick the download that matches the version of Delphi you work with. The individual distribution includes a set of .dcu for every target platform supported by that version of Delphi (unless it's old and not in use anymore, like 32 bit macOS). For example, the setup package for Delphi 10.4 Sydney includes .dcus that target Windows (32 and 64 bit), Linux (64 bit), macOS (64 bit), iPhone (64 bit), and Android ARM (32 and 64 bit).

This package supports the following versions of Delphi: 7, 2007, XE (1-8), 10.0-10.4. Support for future Delphi versions will be added upon their release. There is also a separate setup file for FreePascal (3.2.0), with Windows, Linux, and macOS platforms supported.

SecureBlackbox 2020 Delphi Edition - Source Code

The Source Code package contains the pascal source code that matches the set of .dcus offered by Backwards Compatibility Pack package. You need a special kind of license to access this package.

Licensing Differences

Depending on which variant of the Delphi Edition you are using, you may need to use slightly different methods to provide your license:

SecureBlackbox 2020 Delphi Edition (the default variant)

On a system with a development license installed, create an empty Delphi project, put any SecureBlackbox component on the form and check its RuntimeLicense property. This will give you your Runtime Key. The runtime key is a long alphanumeric string: 53424446..0000. Copy this string to a safe place and discard the project.

In your real project, assign your runtime license back to the RuntimeLicense property of every SecureBlackbox component that you use in your code:

sbxHashFunction.RuntimeLicense := '53424446..0000';

This will untie your project from your development system and will let it run normally on other computers.

SecureBlackbox 2020 Delphi Edition - Backwards Compatibility Pack

On a system with a development license installed, create an empty Delphi project, put any "v2020-style" SecureBlackbox component on the form - TsbxHashFunction will do - and check its RuntimeLicense property. This will give you your Runtime Key. The runtime key is a long alphanumeric string: 53424446..0000. Copy this string to a safe place and discard the project.

If you are only using the v2020-style API in your project ("Tsbx***" components), assign your runtime license back to the RuntimeLicense property of every such SecureBlackbox component that you use in your code:

sbxHashFunction.RuntimeLicense := '53424446..0000';

This will untie your project from your development system and will let it run normally on other computers.

If you are using v16-style API in your project ("TEl***" components), add the sbxcore unit to the uses clause of your main form/project, and assign your runtime license to the RuntimeLicense property of every SecureBlackbox component that you use in your code, both v16-style and v2020-style:

sbxHashFunction.RuntimeLicense := '53424446..0000'; //v16-style
ElHashFunction.RuntimeLicense := '53424446..0000';  //v2020-style

Note: while it is mandatory to assign the runtime license to all v2020-style components you are using in your project, it is enough to only assign the runtime license to the one v16-style component that is being used the earliest into your program's run (the rest of v16-style components should pick it up from there). This makes it possible to provide your license using a dummy v16-style component at the very start of your application's process:

with TElX509Certificate.Create(nil) do
  try
    RuntimeLicense := '53424446..0000';
  finally
    Free;
  end;
However, if unsure, your best choice is assigning it to each and every SecureBlackbox component used in your project. Please also keep in mind that while it is enough to pass your runtime license to just one v16-style component, you still need to provide it to each and every v2020-style component you are using.

SecureBlackbox 2020 Delphi Edition - Source Code

No license needs to be provided if you are using SecureBlackbox in the source code form.

Side-by-side Installation and Conflicts

We do not recommend installing several variants of SecureBlackbox 2020 Delphi Edition side by side. This is because all the variants contain identically named components, which, unless the IDE is configured carefully, may lead to various cross-variant conflicts. Please take extra care when switching variants of the same system to avoid any leftovers from the old variant affecting the workability of the new variant. Please make sure that you uninstall any existing SecureBlackbox 2020 Delphi Edition variant before proceeding to the installation of the new variant.

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.