# Visual Basic > Visual Basic 6 and Earlier >  [RESOLVED] VB6 and (S)FTP

## wwolf

In the past I have supplied my programs with new versions via FTP. The program connected to the server, compared the available versions and loaded new data if necessary.

My server hoster has recently blocked all unencrypted FTP connections. For simple downloads I use now HTTP(S). I have a small PHP script on the server for this. But there are more complex things for which (S)FTP would be better.

Using WinSCP, I have explored the possibilities. The following would work:
- SFTP via port 22
- FTP with "TLS/SSL Explicit encryption" over port 21

WinSCP even offers a DLL that supports both. However, this is a .Net DLL that can only be used from VB6 via wrapper. This complicates the installation for the end user. Many dependencies, COM registration, etc. (https://winscp.net/eng/docs/library_install#registering)

Overall, VB6 and SFTP seem to be located on different hemispheres....  :Ehh: 

Do you have any better ideas?

----------


## Schmidt

We use the Chilkat-COM-Dll (for secure Mailings, and secure FTP).
Not freeware, though stable, well-maintained and well-hardened.

Olaf

----------


## jpbro

+1 for the Chilkat bundle. It has a lot of other useful stuff too (HTTP(s), SSH, Email (SMTP/POP3/IMAP), Encryption/Decryption, Encoding/Decoding, Compression/Decompression, Sockets/WebSockets, and more...).

----------


## couttsj

See:
https://www.vbforums.com/showthread....-File-Transfer
It is designed to send encrypted files to the listening end, but could be modified to work the other way around.

J.A. Coutts

----------


## dilettante

Get started with OpenSSH for Windows

Among things this alludes to and implies it includes a native SFTP command-line client.  Windows 10 and probably 11 (I haven't looked there yet) as well.  Probably easy enough to start an instance and "puppeteer" it via StdIO redirection to pipes.

The downside is that it's an optional feature most users probably don't have installed.  That makes 3rd party deployable alternatives superior.

----------


## Arnoutdv

> +1 for the Chilkat bundle. It has a lot of other useful stuff too (HTTP(s), SSH, Email (SMTP/POP3/IMAP), Encryption/Decryption, Encoding/Decoding, Compression/Decompression, Sockets/WebSockets, and more...).


Same here..

----------


## wqweto

The natural continuation of FTP is FTPS. This is like securing HTTP with TLS becomes HTTPS.

SFTP is a totally different beast altogether. This is the "file transfer protocol" (FTP subsystem) in SSH servers. The same way there is "file transfer protocol" (FTP module) in VNC servers too. These totally have nothing to do with FTP protocol on port 21 you have been using so far.

Anyway, FTPS on port 990 (so called implicit secure FTP) is deprecated i.e. the closest thing to HTTPS (which is implicit secure HTTP) is deprecated for one reason or another. This is probably done to deprecate FTP as a protocol which is super ancient and badly designed long before NAT devices were invented.

What is not deprecated is a a form of FTPS called "explicit secure FTP" and abbreviated to FTPES. This starts like regular FTP on port 21 but just before sending credentials a STARTTLS command is issued which secures plain-text FTP connection with a TLS session.

Note that *curl* utility (preinstalled on win10+) supports both FTPS (implicit TLS) w/ *curl ftps://server:990/path/file* and FTPES (explicit TLS) w/ *curl ftp://server:21/path/file --ftp-ssl* where ports in URL are optional (given ports  being default ones).

Edit: You can implement FTPS and FTPES using VbAsyncSocket for the TLS part but will need to reimplement the FTP protocol on low winsock level. There are a several FTP client implementations in the CodeBank here which can be ported to FTPS using this approach.

cheers,
</wqw>

----------


## wwolf

Thank you very much for the useful suggestions. Chilkat's licensing model is very fair for the developer and the end user. It also meets my requirements and requires the least effort to do so. I will have a closer look at it. I will have to accept the additional 10 MB in my distributions, even if I only need 5% of the DLL.

W. Wolf

----------


## wwolf

> See:
> ...but could be modified to work the other way around.
> J.A. Coutts


As I understand it, I need server-side software for this as well? I have already implemented something like that in the form of my PHP script and HTTP(S). However, I would still have to reprogram a lot on the server side to get my old FTP functionality. That's what I don't really want to have....

W. Wolf

----------


## wwolf

> Windows 10 and probably 11 (I haven't looked there yet) as well.


Windows 7 is still mandatory for me and my users. That will not change anytime soon.

W. Wolf

----------


## Arnoutdv

> My server hoster has recently blocked all unencrypted FTP connections





> As I understand it, I need server-side software for this as well? I have already implemented something like that in the form of my PHP script and HTTP(S). However, I would still have to reprogram a lot on the server side to get my old FTP functionality. That's what I don't really want to have....


The server provider should have sFTP server software, not something you normally implement yourself.

----------


## wwolf

> The server provider should have sFTP server software, not something you normally implement yourself.


Sure, the server supports SFTP, I have already written. My comment about server software was related to the answer of couttsj, where it is about own impementations on both sides. That's how I understood it. For Chilkat I don't need anything new on the server side, of course. W. Wolf

----------


## wwolf

> We use the Chilkat-COM-Dll (for secure Mailings, and secure FTP).
> Not freeware, though stable, well-maintained and well-hardened.
> 
> Olaf


I also bought the chilkatsoft and was happy at first. Now a first problem has arisen with the DLL. Maybe it doesn't apply to you at all. If so, how could you solve this?

I use my AX-DLLs and OCX always regfree. This prevents a lot of trouble. Since I usually have RC6 with me, I use RefFree here:


```
Set glob = New_c.RegFree.GetInstance(App_Path & "\ChilkatAx-9.5.0-win32.dll", "ChilkatGlobal"
Set sftp = New_c.RegFree.GetInstance(App_Path & "\ChilkatAx-9.5.0-win32.dll", "ChilkatSFtp")
```

This works fine. However, there are also object instances in the DLL that are created by the DLL and end up as function returns in my code:


```
Set dirListing = sftp.ReadDir(dHandle)
```

From this line on, the chilkatsoft DLL is loaded a second time, this time from the place where the DLL is registered. However, in the exe at the customer the DLL is not registered and there it crashes.

This prevents the use of the DLL at least in RC6 RegFree mode. Remains only the way about a manifest. I have not tested that yet. 

W. Wolf

----------


## VanGoghGaming

> In the past I have supplied my programs with new versions via FTP. The program connected to the server, compared the available versions and loaded new data if necessary.


Why are you using FTP to get the new versions? Do you also need to upload data instead of just download?

----------


## wwolf

> Why are you using FTP to get the new versions? Do you also need to upload data instead of just download?


That is one of the reasons. I use a form of WebEDI service based on FTP (does this exist outside of Germany?). Our provider has offered FTP and SFTP so far. However, FTP is to be discontinued. Overall, I find SFTP also better, because the transferred data are sometimes also worth protecting. W. Wolf

----------


## saturnian

> I also bought the chilkatsoft and was happy at first. Now a first problem has arisen with the DLL. Maybe it doesn't apply to you at all. If so, how could you solve this?
> 
> I use my AX-DLLs and OCX always regfree. This prevents a lot of trouble. Since I usually have RC6 with me, I use RefFree here:
> 
> 
> ```
> Set glob = New_c.RegFree.GetInstance(App_Path & "\ChilkatAx-9.5.0-win32.dll", "ChilkatGlobal"
> Set sftp = New_c.RegFree.GetInstance(App_Path & "\ChilkatAx-9.5.0-win32.dll", "ChilkatSFtp")
> ```
> ...


I use Chilkat tools in Regfree mode. I had questioned the author of the tools, had provided him the link in this forum talking about the creation of manifest and here is his blog answer:
https://cknotes.com/regfree-com-usin...nology-in-vb6/

François

----------


## saturnian

You can download the manifests i use here : https://www.ordoconcept.net/CHILKATManifest.zip

----------


## wwolf

> You can download the manifests i use here : https://www.ordoconcept.net/CHILKATManifest.zip


Danke für die Links. Der Manifest-Ansatz wäre mein nächster Ansatz gewesen. Ich verwende das allerdings nur für OCX-Dateien, weil für DLLs der RC6-Methode komfortabler ist. Bei der Chilkat funktioniert das leider nicht überall. Manifest ist  auch ok. W. Wolf

----------


## saturnian

> Danke für die Links. Der Manifest-Ansatz wäre mein nächster Ansatz gewesen. Ich verwende das allerdings nur für OCX-Dateien, weil für DLLs der RC6-Methode komfortabler ist. Bei der Chilkat funktioniert das leider nicht überall. Manifest ist  auch ok. W. Wolf


Although named ".dll" the Chilkat object is an OCX, in fact

----------

