EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Enter PIN programmatically

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#23725
Posted: 02/26/2013 03:25:07
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

Is the location here ok? line 7

Code
        // retrieving signing certificate
        CertStorage.Clear;
        PublicKeyHandler.SignatureType := pstPKCS7SHA1;
        if rbPKCS11Cert.Checked and (cmbPKCS11Certificates.ItemIndex > 0) then
        begin
          Cert := PKCS11CertStorage.Certificates[cmbPKCS11Certificates.ItemIndex - 1];
          // here might be written the KEy stuff
          //Cert.KeyMaterial.KeyExchangePIN := 'mypin';
          //Cert.KeyMaterial.SignaturePIN := 'mysignpin';
          CertStorage.Add(Cert);
        end
        else if rbWindowsCert.Checked and (cmbWindowsCertificates.ItemIndex > 0) then
        begin
          Cert := WinCertStorage.Certificates[cmbWindowsCertificates.ItemIndex - 1];
          CertStorage.Add(Cert);
        end
        else
        begin
          MessageDlg('No Certificate selected', mtError, [mbOk], 0);
          Exit;
        end;

        PublicKeyHandler.CertStorage := CertStorage;
        PublicKeyHandler.CustomName := 'Adobe.PPKMS';

        // configuring timestamping properties
        if (cbTimestamp.Checked) then
        begin
          TSPClient.HttpClient := HTTPClient;
          TSPClient.URL := editTimestampServer.Text;
          TSPClient.HashAlgorithm := SB_ALGORITHM_DGST_SHA1;
          PublicKeyHandler.TSPClient := TSPClient;
        end;

        // allowing to save the document
        Success := true;
      finally
        // closing the document
        Document.Close(Success);
      end;
    finally
      // we need to ensure that a certificate(s) cleared before closing PKCS11 storage
      CertStorage.Clear;

      FreeAndNil(F);
    end;
  except
    on E : Exception do
    begin
      MessageDlg('Error: ' + E.Message, mtError, [mbOk], 0);
      Success := false;
    end;
  end;
  // if signing process succeeded, moving the temporary file to the place
  // of destination file
#23726
Posted: 02/26/2013 03:37:02
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

oh ok, I found the login
I will try.
Thanks y lot
#23727
Posted: 02/26/2013 03:37:22
by Ken Ivanov (EldoS Corp.)

Walter,

No, it isn't. Setting KeyExchangePIN and SignaturePIN for certificates originating from a PKCS#11 certificate storage has no sense (see my reply above). You only pass your PIN to the Login() method, this is the only place you need to provide it.
#23728
Posted: 02/26/2013 07:07:53
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

Ken, I tried it to put the pin in the form.
THat works, but in the DLL Library there is once more a Question for the PIN.
Do you agree with me, that this can not be surrounded.

(One thing I have made in the past. TO check for the WIN Event when the Popup windows comes and the poke the PIN in the keyboard buffer. I think that is only the way how I could let the PIN entered automatically. What do you think?)

Walter
#23729
Posted: 02/26/2013 07:15:17
by Ken Ivanov (EldoS Corp.)

Walter,

On what exactly stage is that PIN asked a second time? Is it asked each time you use the key?

Quote
(One thing I have made in the past. TO check for the WIN Event when the Popup windows comes and the poke the PIN in the keyboard buffer. I think that is only the way how I could let the PIN entered automatically. What do you think?)

Although this solution definitely does have a reason to live, it is not perfectly 'legal', and thus is subject to a number of indirect risks (e.g. change in driver behaviour in subsequent firmware update causing your code to stop working). Yet in some cases it is better than nothing.
#23733
Posted: 02/26/2013 08:59:21
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

The first time, that is from your code, it asked when I access the slot and select PC/SC. That is ok, here I can define the form with the key.

Then when I click OK, after a while the A-TRUST (That is the austrian PKCS11 Smartcard key provider) FORM comes and asks for the 4digit PIN again. As my cardreader is not on my Delphi PC yet, I can not single step in the debugger.

ALways when I want to sign, A-Trust PKCS11 Library askes for the 4digit PIN.
Normally when I sign one or two PDFs I can enter the PIN manually, but I have made 1200 Protocols in the past which should be signed also sometime.
#23737
Posted: 02/26/2013 09:16:26
by Ken Ivanov (EldoS Corp.)

I see. Please try to pass your 4-digit PIN in the following way right before adding the signing certificate to the storage that is bound to the PDF security handler:

TElPKCS11CryptoProviderOptions(Cert.KeyMaterial.CryptoProvider.Options).OperationPIN := <your-pin>;

and check if you are still asked for the PIN with an input dialog.
#23738
Posted: 02/26/2013 09:31:24
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

Ken can you give me the code line or the code part in your ThinySingerPKCS11 Demo?
So I could understand it properly.
Thanks
#23741
Posted: 02/26/2013 09:43:13
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

Where I can find the cast

TElPKCS11CryptoProviderOptions

it is not known.

Thanks
#23742
Posted: 02/26/2013 09:50:53
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

I think I have an old SBB, I have to update, sorry for my mistake.
Its jsut done.
Thanks
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 8333 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!