Secure FTP with .crt and .pvk (private key file)

Chilkat FTP2 provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS). This example demonstrates how to load a certificate from separate .crt (or .cer) and .pvk files and use it as the client-side SSL cert. The .pvk contains the private key. The .crt/.cer file contains the PEM or DER encoded digital certificate. Note: Client-side certificates are only needed in situations where the server demands one.

Download Chilkat FTP2 ActiveX

uses
    Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
    Dialogs, StdCtrls,
    CHILKATFTP2Lib_TLB,
    CHILKATCERTIFICATELib_TLB,
    OleCtrls;

...

procedure TForm1.Button1Click(Sender: TObject);
var
ftp: TChilkatFtp2;
success: Integer;
cert: TChilkatCert;
password: String;
pvk: IPrivateKey;
bForSigning: Integer;
bForKeyExchange: Integer;
bMachineKeyset: Integer;
bNeedPrivateKeyAccess: Integer;
keyContainerName: String;
keyContainer: TKeyContainer;

begin
ftp := TChilkatFtp2.Create(Self);

//  Any string unlocks the component for the 1st 30-days.
success := ftp.UnlockComponent('Anything for 30-day trial');
if (success <> 1) then
  begin
    ShowMessage(ftp.LastErrorText);

  end;

//  You may use this account for testing.
//  This account allows for directory listings and files
//  to be downloaded.  However, file uploads are not allowed.
ftp.Hostname := 'ftp.secureftp-test.com';
ftp.Username := 'test';
ftp.Password := 'test';

//  Establish an explicit secure channel after connection
//  on the standard FTP port 21.
ftp.AuthTls := 1;

//  The Ssl property is for establishing an implicit SSL connection
//  on port 990.  Do not set it.
ftp.Ssl := 0;

cert := TChilkatCert.Create(Self);

//  LoadFromFile will load either PEM and DER formatted files.
//  It automatically recognizes the file format based on the
//  file contents.
success := cert.LoadFromFile('Test.crt');
if (success <> 1) then
  begin
    ShowMessage(cert.LastErrorText);

  end;

password := 'test';
pvk := TprivateKey.Create(Self).ControlInterface;
success := pvk.LoadPvkFile('Test.pvk',password);
if (success <> 1) then
  begin
    ShowMessage(pvk.LastErrorText);

  end;

//  Import the private key to a Windows key container and link
//  it to the certificate.  (It's OK if the key is already
//  imported and present in the key container...)

//  Choose anything for the key container name.
keyContainerName := 'MyCertForFtp';

//  We'll import the key to our logged-on user keyset rather
//  than the machine keyset:
bMachineKeyset := 0;

bNeedPrivateKeyAccess := 1;

//  Create a key container and import the private key.
keyContainer := TKeyContainer.Create(Self);
success := keyContainer.OpenContainer(keyContainerName,bNeedPrivateKeyAccess,bMachineKeyset);
if (success <> 1) then
  begin
    success := keyContainer.CreateContainer(keyContainerName,bMachineKeyset);
  end;
if (success <> 1) then
  begin
    ShowMessage(keyContainer.LastErrorText);

  end;
//  Import the private key into the key container.
//  We're using the key for key exchange, not signing:
bForKeyExchange := 0;
success := keyContainer.ImportPrivateKey(pvk,bForKeyExchange);
if (success <> 1) then
  begin
    ShowMessage(keyContainer.LastErrorText);

  end;

//  Link the cert with the private key in the key container.
bForSigning := 1;
success := cert.LinkPrivateKey(keyContainerName,bMachineKeyset,bForSigning);
if (success <> 1) then
  begin
    ShowMessage(cert.LastErrorText);

  end;
//  The cert now has access to a private key and is ready to be
//  used...

//  Use this certificate for our secure (SSL/TLS) connection:
ftp.SetSslClientCert(cert As CHILKATFTP2Lib_TLB.IChilkatCert);

//  Connect and login to the FTP server.  The connection is
//  made secure because of the AuthTls setting.
success := ftp.Connect();
if (success <> 1) then
  begin
    ShowMessage(ftp.LastErrorText);

  end
else
  begin
    //  LastErrorText contains information even when
    //  successful. This allows you to visually verify
    //  that the secure connection actually occurred.
    Memo1.Lines.Add(ftp.LastErrorText);
  end;

ShowMessage('Secure FTP Channel Established!');

//  Do whatever you're doing to do ...
//  upload files, download files, etc...

ftp.Disconnect();

//  The LastErrorText provides a detailed log of the
//  SSL connection for both success and failed connections.
//  Here is an example of a successful connection.
//  The client certificate is logged as "ClientCertDN":

//  ChilkatLog:
//    Connect:
//      DllDate: Aug 15 2007
//      Hostname: ftp.secureftp-test.com
//      Port: 21
//      IdleTimeoutMs: 60000
//      ConnectTimeout: 60
//      HeartbeatMs: 0
//      initialStatus: 220
//      initialResponse: 220 FileZilla Server version 0.9.23 beta
//      converting to secure connection...
//      ClientCertDN: C=US, S=Illinois, L=Wheaton, O="Chilkat Software, Inc.", OU=Secure Application Development, CN="Chilkat Software, Inc."
//      SSL Server Certificate not verified.
//      ConnectionInfo:
//        protocol: TLS1
//        cipher: RC4
//        cipherStrength: 128
//        hash: MD5
//        hashStrength: 128
//        keyExchange: RSA
//        keyExchangeStrength: 1024
//      Secure Channel Established.
//      successfully converted to secure connection...
//      Features: 211-Features:
//   MDTM
//   REST STREAM
//   SIZE
//   MLST type*;size*;modify*;
//   MLSD
//   AUTH SSL
//   AUTH TLS
//   UTF8
//   CLNT
//   MFMT
//  211 End
//      Directory listings are utf-8
//      Logging in...
//      Username: test
//      Login successful.
//      Connect successful

end;