EldoS | Feel safer!

Software components for data protection, secure storage and transfer

signing multiple docs with enter the PIN-code only once

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#30049
Posted: 07/16/2014 07:12:11
by Marcel Talamini (Standard support level)
Joined: 01/30/2010
Posts: 15

Our clients use different middleware, SafeSign, SafeNet.
The SafeSign users can sign multiple documents with entering the pin once.
Now there is a customer that use SafeNet and for each document, he must enter the PIN again.
Is there a solution?

parts of my code:

Code
private TElMemoryCertStorage CertStore;
private TElPKCS11CertStorage Storage;
private TElPKCS11SessionInfo Session;

private bool SessionLogin(string emailadres, string pin){
    int slotindex=-1;
    if (!m_semailslot.TryGetValue(emailadres.ToLower(),out slotindex)){
        return false;
    }

    if ((!m_bSessionOpen) || (m_slotindex != slotindex)){
        CloseSession();
        bool RO = Storage.Module.get_Slot(slotindex).ReadOnly;
        try{                    
            Session = Storage.OpenSession(slotindex, RO);
            m_slotindex = slotindex;
            m_bSessionOpen=true;
        }
        catch(Exception ex) {
            if (!RO){
                try{
                    Session = Storage.OpenSession(slotindex, true);
                    m_slotindex = slotindex;
                    m_bSessionOpen=true;
                }catch(Exception ex2){
                    //error handler
                }
            } else {
                // error handler
            }
        }
        if (!m_bSessionOpen) return false;
    }

    if (Session != null){
        try{
            Session.Login((int)SBPKCS11Base.Unit.utUser, pin);
            return true;
        }
        catch(Exception ex) {
            //error handler
            CloseSession();
            return false;
        }
    }
    return false;
}

private bool SetSignerCertStore(string pin){
    if (CertStore != null){
        CertStore.Dispose();
        CertStore = null;
    }
    CertStore = new TElMemoryCertStorage();

    for (int i = 0; i < Storage.Count; i++){
        TElX509Certificate Cert = Storage.get_Certificates(i);
          
        if (Cert.PrivateKeyExists && Cert.Extensions.KeyUsage.NonRepudiation==true){

            //#NEW
           ((SBCryptoProvPKCS11.TElPKCS11CryptoProviderOptions)Cert.KeyMaterial.Key.CryptoProvider.Options).OperationPIN = pin;

            CertStore.Add(Cert,true);

            TElX509Certificate issuercert = GetIssuerCert(Cert, false);
            while (issuercert!=null){
                CertStore.Add(issuercert,false);
                issuercert = GetIssuerCert(issuercert,false);
            }

            TElX509CertificateChain chain2 = CertStore.BuildChain(0);
            if (!chain2.Complete){
                CertStore.Clear();
                CertStore.Add(Cert,true);
                issuercert = GetIssuerCert(Cert,true);
                while (issuercert!=null){
                    CertStore.Add(issuercert,false);
                    issuercert = GetIssuerCert(issuercert,true);
                }
            }
            chain2.Dispose();

            break;
        }
    }

    if (CertStore.Count == 0) {
        //error handler
    }
    return CertStore.Count != 0;
}



Code
public bool signPDF(TElPDFDocument Document, bool signHidden){
    try{
        TElPDFPublicKeySecurityHandler PublicKeyHandler = new TElPDFPublicKeySecurityHandler();
        // adding the signature and setting up property values
        int index = Document.AddSignature();
        TElPDFSignature Sig = Document.get_Signatures(index);
        Sig.Handler = PublicKeyHandler;
        Sig.AuthorName = QuCDR.helpers.Config.Instance.EmailadresCertificaat;
        Sig.SigningTime = DateTime.Now.ToUniversalTime();
        Sig.Reason = "";
        Sig.Invisible = signHidden;

        if (!Sig.Invisible){
            // Adding Type 1 font
            TElPDFSimpleFont SimpleFont = new TElPDFSimpleFont();
            SimpleFont.BaseFont = "Helvetica";
            Sig.WidgetProps.AddFont(SimpleFont);
            SimpleFont.EncodingObject = new TElPDFEncoding();
            Sig.WidgetProps.AddFontObject(SimpleFont.EncodingObject);
            SimpleFont.EncodingObject.BaseEncoding = "WinAnsiEncoding";
            Sig.WidgetProps.OnConvertStringToAnsi += new TSBPDFConvertStringToAnsiEvent(UTF16ToWin1252);
        }
        // adding certificate to certificate storage
        PublicKeyHandler.SignatureType = SBPDFSecurity.TSBPDFPublicKeySignatureType.pstPKCS7SHA1;
        PublicKeyHandler.CertStorage = security.PKCS11Handler.Instance.getSignerCertStore();
        PublicKeyHandler.CustomName = "Adobe.PPKMS";
                
        return true;    
    }
    catch(Exception ex){
        //error handler
        return false;
    }
}
#30052
Posted: 07/16/2014 08:27:59
by Ken Ivanov (EldoS Corp.)

Hi Marcel,

As you are providing the PIN in code when logging into the session, it's the token driver who is actually requesting the PIN each time the signing is done. This behaviour of the driver is typically tunable and can be adjusted via the driver's control panel. Please check if there is a corresponding option and adjust it accordingly.

If there's no options, please also try to

1) Create a dedicated PKCS#11 cryptoprovider object for each TElPKCS11CertStorage object you create:

Code
TElPKCS11CertStorage storage = new TElPKCS11CertStorage();
storage.CryptoProvider = new SBCryptoProvPKCS11.TElPKCS11CryptoProvider();
...


2) Set the Options.OperationPIN property for this dedicated cryptoprovider object and not for the Cert.KeyMaterial.Key.CryptoProvider object.

Ken
#30059
Posted: 07/17/2014 07:37:08
by Marcel Talamini (Standard support level)
Joined: 01/30/2010
Posts: 15

Thanks a lot!

It seems to be a driver issue/option

Marcel


#30060
Posted: 07/17/2014 07:46:17
by Ken Ivanov (EldoS Corp.)

Hi Marcel,

Great, thank you for letting us know.

Ken

Reply

Statistics

Topic viewed 658 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!