Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Chilkat

Pages: 1 2 [3] 4 5 ... 7
REST / HTTP / HTTPS / Re: REST Basic authentication only works in localhost
« on: February 07, 2018, 11:40:08 AM »
It's probably because you're not using SSL/TLS.   When it's localhost, there's no security issue. Basic authentication is just base64 encoding the username/password and sticking it in the request header.  If the request is not protected with TLS, then the login/password is easily obtained by anyone sniffing network packets.   I think Chilkat is preventing Basic authentication on non-SSL/TLS connections, except if it's localhost.

REST / HTTP / HTTPS / Re: ChilkatHttp and ChilkatTask
« on: February 07, 2018, 11:33:47 AM »
You would never actually use the Do...Loop in your program.  Calling a method asynchronously and then doing a Do...Loop to wait for the task to complete is just an over-complicated way to duplicate a synchronous call.

The Do...Loop exists so that one can see how the results of the task are obtained after it's completed.

In actuality, you would start the task, and then some other part of your application might check on the task to see if it's finished. 

REST / HTTP / HTTPS / Re: Curl -F parameter
« on: February 06, 2018, 07:01:02 AM »
Use the online tool to generate code from a CURL command:

1) Any Chilkat method that returns an object will return null if it failed.

2) For any Chilkat method, in any class, when a method returns failure, check the contents of the object's LastErrorText property.  It'll have information about what happened.

C / C++ / Re: ignoreAccessDenied dont work
« on: February 02, 2018, 10:02:00 AM »
Make sure to set IgnoreAccessDenied before calling AppendFiles.

Encryption / Re: Unrecognized OID when loading private key
« on: January 30, 2018, 11:44:38 AM »

To fix the problem, I'll need a sample key w/ password (assuming you're providing the key in a pfx or other format that requires a password).  You can send it to

PS> Yes, all fixes and modifications/improvements are always rolled into the next official version released.

Encryption / Re: Unrecognized OID when loading private key
« on: January 29, 2018, 10:06:03 AM »
Thanks.  I'll provide a fix..

If an OID is unrecognized, one can Google the OID to see what it is.  For example, search for "1.2.840.113549." and you'll get results pointing to the  page for the OID, such as here:

This OID is for PBES1 w/ RC4.  Given that Chilkat already implements PBES1 and RC4, the fix is to just (internally) add this OID to the list of recognized OIDs.  (Somehow it was missed...)

I'll post a download URL with the fix when ready. 

Encryption / Re: AES CBC/PKCS7 encryption of empty msg fails
« on: January 25, 2018, 08:50:21 PM »
Thanks Marco,

The testvector you provided is actually for AES128 because the key is 16 bytes.

I updated Chilkat to handle this correctly.  However, for many cipher modes or encryption algorithms it is correct to emit 0 bytes for 0 byte input. (such as for stream ciphers, or cipher modes that effectively turn a block cipher into a stream cipher).

I can provide a pre-release build w/ the fix if you need.  I would need to know the operating system and if Windows, the VC++ version.

Email Protocols / Re: Missing documentation for new Email property Fixups
« on: January 24, 2018, 09:35:44 AM »
Sorry about that!  I got that totally wrong.  It's actually a new method named ApplyFixups (not a property named "Fixups")

I really don't know anything about React, and the ability to answer this question requires knowledge of React.  That being said, my first question would be "Where does the Javascript run?"   If it's client-side (in the Browser), then there's no way the chilkat.node would or could run because the chilkat.node is native code (not Javascript).  You'd have to be running the javascript server-side..

Encryption / Re: Decrypt Mail
« on: January 12, 2018, 12:49:37 PM »
You're fetching headers...

You're using a very old version of Chilkat from 2011.  Update to the latest to see if the problem is already resolved.

In general, protocols such as TLS, SSH, etc. will evolve over the years to newer protocol versions, newer algorithms, etc.  Servers will begin disallowing what was previously secure in past years, but is no longer secure.  It is not a valid expectation that software (never updated), will continue to work when interacting with servers that are updated from time to time.  The current version of Chilkat (or anything else) in 2018 will surely not work with whatever exists in 2028, which hasn't yet been invented.

My recommendation is to avoid being too many years out-of-date.  If you are using something quite old, such as in this case, it is overwhelmingly likely that updating to the latest version will fix the problem.

General Discussion / Re: Spectre and Meltdown Vulnerabilities
« on: January 12, 2018, 12:30:50 PM »
The answer is that it affects Chilkat no differently than anything else.   Here are two thoughts:
  • Generally, when Chilkat has sensitive data in memory, such as passwords, private keys, etc., they are kept encrypted using a random (internal) session key that is different for each internal object instance.  When the particular thing is needed, such as the password, it is decrypted, used, and then the memory zeroed out.  This is standard practice that existed long before Meltdown was ever discovered.
  • With the discovery of Meltdown, Chilkat recognized that methods exist where passwords are passed in strings, such as to authenticate with a mail server, SSH server, etc.  Even if Chilkat stores the password encrypted in memory once it's received, there is still the issue of the password being clear-text in memory in making the call from application code to Chilkat.  Thus Chilkat is introducing the SecureString class to mitigate that vulnerability.  Here is an example:    The SecureString class will be released in Chilkat v9.5.0.71 in the next few days.   The idea of SecureString is that your app might keep passwords in a database, or in files, perhaps encrypted.  They can be loaded into a SecureString from an encrypted source, and then passed to a newly added Chilkat method that accepts the SecureString.

Pages: 1 2 [3] 4 5 ... 7