EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Enter PIN programmatically

Posted: 02/12/2013 02:18:22
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I use smart card to sign PDF files and Windows asks me to enter PIN. Is it possible to enter PIN number programmatically? I want to generate & sign PDF files at web server for online users.
Posted: 02/12/2013 04:13:50
by Ken Ivanov (Team)


Thank you for getting in touch with us.

Generally, it depends - first, on who exactly is asking for a PIN (Windows or smart card's CSP), and, second, on whether the CSP accepts PINs passed from code. Are you using TElWinCertStorage or TElPKCS11CertStorage to access the certificate?
Posted: 02/12/2013 05:16:25
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Windows dialog box asks for the PIN and I use TElWinCertStorage (CertStorage = SBWinCertStorage.TElWinCertStorage).
Posted: 02/12/2013 05:26:37
by Ken Ivanov (Team)

OK, please try to assign the PIN in the following way and check if it is accepted by the CSP. Note that the workability of this approach is subject to specifics of implementation of a particular CSP:

Cert.KeyMaterial.KeyExchangePIN = "your-pin-here";
Cert.KeyMaterial.SignaturePIN = "your-pin-here";

The Cert object above should be the one you are providing with the TElPDFPublicKeySecurityHandler.CertStorage storage object.
Posted: 02/12/2013 06:59:03
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Thanks, it works! I've looking for this solution for a month. Is SecureBlackbox enough for me to sign PDF files on IIS/Windows Server 2008?
Posted: 02/12/2013 07:06:06
by Ken Ivanov (Team)

Great, we are glad that it worked for you.

Yes, SecureBlackbox can be used in Windows Server 2008 and IIS environments.
Posted: 02/13/2013 07:17:50
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Last question: Can I export private key from the smartcard? I need to work on Hyper-V Guest OS environment and it's hard to install USB device. IMHO it's protected by chip.
Posted: 02/13/2013 08:58:57
by Ken Ivanov (Team)

In general case, no. There IS a possibility to create exportable keys though, but the exportability flag must be explicitly set on key generation or import phase.
Posted: 02/26/2013 03:15:26
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

Ken, can you tell me where in TinySignerPKCS11 example I have to add these to lines?


Cert.KeyMaterial.KeyExchangePIN = "your-pin-here";
Cert.KeyMaterial.SignaturePIN = "your-pin-here";
Posted: 02/26/2013 03:25:06
by Ken Ivanov (Team)


These lines are only applicable to certificates accessed via a TElWinCertStorage object (i.e. those residing in or mapped to CryptoAPI certificate stores). You normally pass your PIN to the Login() method of a TElPKCS11CertStorage object if you choose to access your device via the PKCS#11 interface.



Topic viewed 14636 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!