FTPS using fingerpring

Question

I have to communicate to an FTP server with SSL.

I've received an example on how to do that that uses, I believe, the WinScp command:

open ftpes://SomeUser:SomePass@SomeDomain.com/ -certificate="xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"

The question is how to use the -certificate part in an application? Do I have to save the string in a file or...?

For example if we use C#'s FtpWebRequest:

FtpWebRequest ftp = (FtpWebRequest)WebRequest.Create(downlaodLocation);

how can we use this fingerprint?

X509Certificate class has a constructor that accepts byte[].

byte[] toBytes = Encoding.ASCII.GetBytes("xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx");
ftp.ClientCertificates.Add(new X509Certificate(toBytes));

Is this the right way to use the certificate fingerprint?

Possible duplicate of [Using a self-signed certificate with .NET's HttpWebRequest/Response](https://stackoverflow.com/questions/526711/using-a-self-signed-certificate-with-nets-httpwebrequest-response) — Martin Prikryl, Sep 25 '17 at 10:28

Evgeni Dimitrov · Accepted Answer · 2017-10-13T08:22:52.740

Eventually I took a different approach for uploading the file and used WinScp for c# lib for that.

            SessionOptions sessionOptions = new SessionOptions
            {
                Protocol = Protocol.Sftp,
                HostName = ConfigurationManager.AppSettings["FTP.HOSTNAME"],
                UserName = ConfigurationManager.AppSettings["FTP.USERNAME"],
                Password = ConfigurationManager.AppSettings["FTP.PASSWORD"],
            };
            if (port.HasValue)
            {
                sessionOptions.PortNumber = port.Value;
            }

                sessionOptions.SshHostKeyFingerprint = ConfigurationManager.AppSettings["FTP.CERT.FINGERPRINT"].Trim();

            using (Session session = new Session())
            {
                if (!string.IsNullOrWhiteSpace(ConfigurationManager.AppSettings["LOG.PATH"]))
                {
                    session.SessionLogPath = ConfigurationManager.AppSettings["LOG.PATH"];
                }
                session.Open(sessionOptions);
                TransferOptions transferOptions = new TransferOptions
                {
                    TransferMode = TransferMode.Binary
                };

                TransferOperationResult transferResult = session.PutFiles(ConfigurationManager.AppSettings["FILE.TO.UPLOAD"], ConfigurationManager.AppSettings["FILE.DESTINATION.NAME"], true, transferOptions);

                transferResult.Check();

                StringBuilder result = new StringBuilder();
                foreach (TransferEventArgs transfer in transferResult.Transfers)
                {
                    result.Append(string.Format("Upload of {0} : {1}", transfer.FileName, transfer.Error));
                }
                Console.WriteLine(result.ToString());
            }

You have asked about SSL/TLS fingerprint for FTP (what can indeed by solved with WinSCP .NET assembly). But actually you have used SSH/SFTP in the end. What is a completely different protocol. Your answer should explain that. — Martin Prikryl, Oct 13 '17 at 06:06
Also your code `if (ShouldUseSSL()) sessionOptions.SshHostKeyFingerprint = ...` makes little sense. First again, SSL and SSH are two completely different protocols. Second, you use SSH/SFTP unconditionally, so you also have to unconditionally set `SshHostKeyFingerprint`. There's hardly any scenario, where you can set `Protocol = Protocol.Sftp`, but not set `SshHostKeyFingerprint`. — Martin Prikryl, Oct 13 '17 at 06:06
@MartinPrikryl Thnaks for the remarks, Martin. I've removed the `ShouldUseSSL` part. I've simplified the code for the SO answer, but forgot to remove the `if` there. My intent was to achieve the same result as the command from the question, so this is what has worked for me. — Evgeni Dimitrov, Oct 13 '17 at 07:07
But, as I have explained already, the code in your answer does completely different thing (SFTP) than the code in your question (FTPS). SFTP and FTPS are two completely different and incompatible protocols. — Martin Prikryl, Oct 13 '17 at 07:24
@MartinPrikryl I've edited the answer to specify that this is a different approach. — Evgeni Dimitrov, Oct 13 '17 at 08:23

FTPS using fingerpring

1 Answers1