EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElX509Certificate and CryptoProvider.SetProviderProp

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#16136
Posted: 03/28/2011 11:06:20
by Grazyna Polomska (Basic support level)
Joined: 02/07/2011
Posts: 9

Dear Sirs,


I've got this:

var
Cert: TElX509Certificate;
PINtoSet: AnsiString;

const
PP_KEYEXCHANGE_PIN = '32';
PP_SIGNATURE_PIN = '33';


and I've tried to set PIN using
Cert.CryptoProvider.SetProviderProp(RawByteString(PP_SIGNATURE_PIN), RawByteString(PINtoSet));

But I'm not successfull.



I can do that using "pure" CryptoAPI in this way:

const
PP_KEYEXCHANGE_PIN = 32;
PP_SIGNATURE_PIN = 33;
var
PIN: AnsiString;
hCryptProv: HCRYPTPROV;
pCertContext: PCCERT_CONTEXT;
hKey: HCRYPTKEY;

[...]
if (CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_CACHE_FLAG, nil, hCryptProv, @dwKeySpec, nil) = True) then
begin
CryptGetUserKey(hCryptProv, AT_SIGNATURE, @hKey);
// set PIN
if Length(PIN) > 1 then
begin
CryptSetProvParam(hCryptProv, PP_KEYEXCHANGE_PIN, PByte(PAnsiChar(PIN)), 0);
CryptSetProvParam(hCryptProv, PP_SIGNATURE_PIN, PByte(PAnsiChar(PIN)), 0);
end;
[...]



How to do that using SBB? Is it possible or I have to use CryptoAPI directly?
#16137
Posted: 03/28/2011 11:23:40
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Unfortunately, there is no way to pass a PIN to the underlying CryptoAPI cryptographic provider at the moment. Actually, this hasn't been implemented due to total absence of cryptographic providers supporting PIN setup in that way. I have added the corresponding task to the to do list.
#16138
Posted: 03/28/2011 11:32:09
by Grazyna Polomska (Basic support level)
Joined: 02/07/2011
Posts: 9

I've asked because e.g. UNIZETO (the most of company in Poland uses their solution) allow to set PIN this way - it is really comfortable when you try to sing e.g. 100 or 200 documents in one session (in tax offices a.s.o.).

So I understand that nowadays I have to use direct CryptoAPI even if I buy SBB Professional. Thank you for adding that to "to do list". When we can expect SBB version which will support this?
#16139
Posted: 03/28/2011 12:52:46
by Ken Ivanov (EldoS Corp.)

I think we will be able to add this feature either to the following or to the subsequent build (i.e. to SBB 9 first of second beta build).
#16140
Posted: 03/28/2011 13:31:39
by Grazyna Polomska (Basic support level)
Joined: 02/07/2011
Posts: 9

And when we can buy that version including PIN support - next month or later? How much later?
#16141
Posted: 03/28/2011 13:42:41
by Ken Ivanov (EldoS Corp.)

Well, you can purchase the product right once the feature is available. You might actually consider evaluating the feature before purchasing to ensure that it does the job for you.

An estimated time frame for the feature to be implemented is up to month.
#16143
Posted: 03/28/2011 14:10:53
by Eugene Mayevski (EldoS Corp.)

I'd say the feature will go into SecureBlackbox 9.0, which is planned for may. The first beta of version 9 is expected somewhere next week (one new module is holding us from making it available now), but the requested feature itself will appear in one of the next betas.


Sincerely yours
Eugene Mayevski
#17719
Posted: 10/04/2011 07:34:25
by Robert Gruba (Standard support level)
Joined: 10/04/2011
Posts: 1

Is this feature in current SecureBlackbox ?
If so, how can we use it?
#17720
Posted: 10/04/2011 07:40:16
by Ken Ivanov (EldoS Corp.)

What exactly feature are you asking about (setting the values of PP_KEYEXCHANGE_PIN and PP_SIGNATURE_PIN properties, or general access to CryptSetProvParam)?
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 2562 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!