EldoS | Feel safer!

Software components for data protection, secure storage and transfer

enter PIN at card reader

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#10337
Posted: 06/09/2009 12:49:37
by Kevin Drzycimski (Standard support level)
Joined: 05/27/2009
Posts: 4

Hi,

for according the requirements for German signature law I need to let the User enter his PIN via the keypad of the cardreader.

I was going to use the ElPKCS11CertStorage class for this, but couldn't even find a sample.

Is this even accesible via the ElPKCS11CertStorage or do I need to rely on the ElWinCertStorage class ?

Thanks in advance,
Kevin Drzycimski
#10339
Posted: 06/09/2009 13:01:38
by Eugene Mayevski (EldoS Corp.)

Do you have a technical specification, of what needs to be done? As I understand it (just a guess), the card reader acts as a special kind of keyboard and the input should be captured in some way by the application and passed back to the device. Another option is that the device (card reader) asks the user for a pin when it gets the request to perform some operation using the card. So we need to get technical understanding of what and how needs to be done.


Sincerely yours
Eugene Mayevski
#10340
Posted: 06/10/2009 04:08:34
by Kevin Drzycimski (Standard support level)
Joined: 05/27/2009
Posts: 4

it is a class 2 smart card reader, like this



the PIN may not be entered on the computer because of security issues.
So I cannot ask the user via dialog for the PIN, I must give a messagebox saying "Please enter your PIN at the cardreader" and then tell the smartcard to receive input from the cardreader.
Interfaces CT-API, PC/SC, SIG-API and some more are supported.

Are there any samples accessing the smartcard via ElPKCS11CertStorage ?
#10341
Posted: 06/10/2009 04:17:24
by Eugene Mayevski (EldoS Corp.)

SecureBlackbox doesn't support any of the listed interfaces besides PKCS#11. I believe you would need to use some API provided by the hardware vendor for this.

Quote
Kevin Drzycimski wrote:
Are there any samples accessing the smartcard via ElPKCS11CertStorage ?


Yes, see samples in <SecureBlackbox>\Samples\PKI folder.


Sincerely yours
Eugene Mayevski
#10342
Posted: 06/10/2009 04:49:58
by Kevin Drzycimski (Standard support level)
Joined: 05/27/2009
Posts: 4

oh ok, so this means there is no "out-of-the-box" support for entering the PIN directly on the card reader?
#10343
Posted: 06/10/2009 05:46:16
by Ken Ivanov (EldoS Corp.)

Unfortunately, yes.
#10344
Posted: 06/10/2009 06:25:51
by Eugene Mayevski (EldoS Corp.)

As I mentioned, this depends on particular technical requirements and capabilities of the device. Without knowing how the card reader performs this function it's not possible to answer. It's possible, that PKCS#11 interface will return different error codes when trying to use it's functions without or with login. This way you would be able to tell the user to enter the PIN. But you must know how the device works.


Sincerely yours
Eugene Mayevski
#10368
Posted: 06/11/2009 09:14:26
by Kevin Drzycimski (Standard support level)
Joined: 05/27/2009
Posts: 4

Ok, I am going to try out some low-level communications with the card and present you the results.
Thanks for the quick answers.

Kevin Drzycimski
#23719
Posted: 02/26/2013 02:20:54
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

Eugen, one Q: I just have bought a card reader with a keypad like this here mentened. Can I program SBB with the PIN so that the user does not neet to enter the pin in the cardreader. Or can you recommend a cardreader without keypad. On one of my Laptops there is a build-in smart card reader and with that it works fine. But I also want a device with USB connection enable me to connect the cardreader to any Laptop/PC.
#23721
Posted: 02/26/2013 02:57:42
by Ken Ivanov (EldoS Corp.)

Walter,

In general case it depends on the card and card reader's hardware and firmware. From time to time we come across devices with specific capabilities / requirements (like the one mentioned above) that do not support provision of PIN from code and require the user to type it on a dedicated keypad. However, the presence of the keypad itself doesn't always imply the impossibility to provide PIN from code.

If your device supports PKCS#11, you are likely to be able to provide PIN from code. I suggest that you take a sample (e.g. CryptoTokenDemo from the PKIBlackbox subdirectory) and check it directly with your device.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 2632 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!