EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Enter PIN programmatically

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#23725
Posted: 02/26/2013 03:25:07
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

Is the location here ok? line 7

Code
        // retrieving signing certificate
        CertStorage.Clear;
        PublicKeyHandler.SignatureType := pstPKCS7SHA1;
        if rbPKCS11Cert.Checked and (cmbPKCS11Certificates.ItemIndex > 0) then
        begin
          Cert := PKCS11CertStorage.Certificates[cmbPKCS11Certificates.ItemIndex - 1];
          // here might be written the KEy stuff
          //Cert.KeyMaterial.KeyExchangePIN := 'mypin';
          //Cert.KeyMaterial.SignaturePIN := 'mysignpin';
          CertStorage.Add(Cert);
        end
        else if rbWindowsCert.Checked and (cmbWindowsCertificates.ItemIndex > 0) then
        begin
          Cert := WinCertStorage.Certificates[cmbWindowsCertificates.ItemIndex - 1];
          CertStorage.Add(Cert);
        end
        else
        begin
          MessageDlg('No Certificate selected', mtError, [mbOk], 0);
          Exit;
        end;

        PublicKeyHandler.CertStorage := CertStorage;
        PublicKeyHandler.CustomName := 'Adobe.PPKMS';

        // configuring timestamping properties
        if (cbTimestamp.Checked) then
        begin
          TSPClient.HttpClient := HTTPClient;
          TSPClient.URL := editTimestampServer.Text;
          TSPClient.HashAlgorithm := SB_ALGORITHM_DGST_SHA1;
          PublicKeyHandler.TSPClient := TSPClient;
        end;

        // allowing to save the document
        Success := true;
      finally
        // closing the document
        Document.Close(Success);
      end;
    finally
      // we need to ensure that a certificate(s) cleared before closing PKCS11 storage
      CertStorage.Clear;

      FreeAndNil(F);
    end;
  except
    on E : Exception do
    begin
      MessageDlg('Error: ' + E.Message, mtError, [mbOk], 0);
      Success := false;
    end;
  end;
  // if signing process succeeded, moving the temporary file to the place
  // of destination file
#23726
Posted: 02/26/2013 03:37:02
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

oh ok, I found the login
I will try.
Thanks y lot
#23727
Posted: 02/26/2013 03:37:22
by Ken Ivanov (EldoS Corp.)

Walter,

No, it isn't. Setting KeyExchangePIN and SignaturePIN for certificates originating from a PKCS#11 certificate storage has no sense (see my reply above). You only pass your PIN to the Login() method, this is the only place you need to provide it.
#23728
Posted: 02/26/2013 07:07:53
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

Ken, I tried it to put the pin in the form.
THat works, but in the DLL Library there is once more a Question for the PIN.
Do you agree with me, that this can not be surrounded.

(One thing I have made in the past. TO check for the WIN Event when the Popup windows comes and the poke the PIN in the keyboard buffer. I think that is only the way how I could let the PIN entered automatically. What do you think?)

Walter
#23729
Posted: 02/26/2013 07:15:17
by Ken Ivanov (EldoS Corp.)

Walter,

On what exactly stage is that PIN asked a second time? Is it asked each time you use the key?

Quote
(One thing I have made in the past. TO check for the WIN Event when the Popup windows comes and the poke the PIN in the keyboard buffer. I think that is only the way how I could let the PIN entered automatically. What do you think?)

Although this solution definitely does have a reason to live, it is not perfectly 'legal', and thus is subject to a number of indirect risks (e.g. change in driver behaviour in subsequent firmware update causing your code to stop working). Yet in some cases it is better than nothing.
#23733
Posted: 02/26/2013 08:59:21
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

The first time, that is from your code, it asked when I access the slot and select PC/SC. That is ok, here I can define the form with the key.

Then when I click OK, after a while the A-TRUST (That is the austrian PKCS11 Smartcard key provider) FORM comes and asks for the 4digit PIN again. As my cardreader is not on my Delphi PC yet, I can not single step in the debugger.

ALways when I want to sign, A-Trust PKCS11 Library askes for the 4digit PIN.
Normally when I sign one or two PDFs I can enter the PIN manually, but I have made 1200 Protocols in the past which should be signed also sometime.
#23737
Posted: 02/26/2013 09:16:26
by Ken Ivanov (EldoS Corp.)

I see. Please try to pass your 4-digit PIN in the following way right before adding the signing certificate to the storage that is bound to the PDF security handler:

TElPKCS11CryptoProviderOptions(Cert.KeyMaterial.CryptoProvider.Options).OperationPIN := <your-pin>;

and check if you are still asked for the PIN with an input dialog.
#23738
Posted: 02/26/2013 09:31:24
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

Ken can you give me the code line or the code part in your ThinySingerPKCS11 Demo?
So I could understand it properly.
Thanks
#23741
Posted: 02/26/2013 09:43:13
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

Where I can find the cast

TElPKCS11CryptoProviderOptions

it is not known.

Thanks
#23742
Posted: 02/26/2013 09:50:53
by walter Schrabmair (Basic support level)
Joined: 12/15/2012
Posts: 43

I think I have an old SBB, I have to update, sorry for my mistake.
Its jsut done.
Thanks
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 8470 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!