I have eventually managed to get the securebridge demo (Documents\Devart\MyDAC for RAD Studio\Demos\TechnologySpecific\SecureBridge\Demo) working after deleting references to IdeVer.inc.
I am now trying to understand how it does the things the sample app (on the web page https://docs.devart.com/mydac/ssh.htm) says need doing. It's tricky as the demo is really over complicated with frames, random number generation, no comments etc. so is not as simple as the sample app makes out.
Anyway, in particular, the sample app says "Set the Authentication property to atPublicKey in the TScSSHClient component. In HostKeyName, specify the server public key. In PrivateKeyName, specify the client private key."
In the demo app, in unit unit SSH_Client, I can see the demo app storing a client key in the ScFileStorage using the procedure btKeyGenClick() with the code
//inside btKeyGenClick(Sender: TObject);
Key := TScKey.Create(ScFileStorage.Keys);
Key.KeyName := cbPrivateKey.Text;
Algorithm := aaRSA;
BitCount := 1024;
Key.Generate(Algorithm, BitCount);
Key.ExportTo(Key.KeyName + '.pub', True, ''); //true = PublicKeyOnly - but both get exported?
So far this matches what the sample app instructions say.
Then I can see it storing the received server key in ScFileStorage inside procedure ScSSHClientServerKeyValidate() with the code
//inside ScSSHClientServerKeyValidate(Sender: TObject);
//check if we already have the server key and add it if not
Key := ScFileStorage.Keys.FindKey(ScSSHClient.HostName);
if (Key = nil) or not Key.Ready then
begin
NewServerKey.GetFingerPrint(haMD5, fp);
NewServerKey.KeyName := ScSSHClient.HostName; //'52.194.232.97'
ScFileStorage.Keys.Add(NewServerKey);// adds the key sent by the server, identified by server address
end;
but nowhere in the demo does it set TScSSHClient.HostKeyName, as the instructions in the sample app describe.
Specific questions
1) In the demo app, inside procedure btKeyGenClick() it calls Key.ExportTo(Key.KeyName + '.pub', True, ''). The documentation for TScKey.ExportTo says if the second parameter is True then PublicKeyOnly is set and only the public key is exported. But the demo exports two keys to the HDD with the same name, one with .key and one with.pub extensions (private and public keys?) whether this parameter is true or false. Why?
2) In the demo app, how does the TScSSHClient know which key in ScFileStorage is the server key so that it can do verification, if the value of ScSSHClient.HostKeyName is not set anywhere?
3) Does the server key that is stored inside ScSSHClientServerKeyValidate() when first contact is made have to be given the same name as the server address, (though the line NewServerKey.KeyName := ScSSHClient.HostName? Is that how TScSSHClient is able to find it without HostKeyName being set?
4) Instruction 8 of the sample app says "Double-click the [TScFileStorage] component and generate a pair of keys for authenticating the server by the client".
Does that mean I have to click 'generate' twice, once with 'is private' checked and one without?
5) is there an instruction missing from the sample app that should explain the client public key needs to be placed on the server, as a message in the demo app says?
(I'm trying to understand the minimal amount of code/components needed to convert my existing open connection via port 3306 to one that is encrypted)