EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElPDFSignature and PIN

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#32130
Posted: 02/06/2015 10:56:45
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Hello everyone,

I'm able to sign a PDF file using SBB and amd a smart card token with the following code:

Code
Document.Open(unsignedData);

Cert.FromX509Certificate2(X509cert);
Cert.KeyMaterial.SignaturePIN = pin;

CertStorage.Clear();
CertStorage.Add(Cert, true);

PublicKeyHandler.CertStorage = CertStorage;
PublicKeyHandler.SignatureType = SBPDFSecurity.TSBPDFPublicKeySignatureType.pstPKCS7SHA1;
PublicKeyHandler.CustomName = "Adobe.PPKMS";

Document.Close(true);


What I've called "pin" is a string variable containing the smart card signature pin code.

Our application ask the pin to the user using a custom windows form and then call the code above, when the user enters the correct pin everything works just fine.

If the user enters the wrong pin, SBB didn't catch that exception but the Windows CSP (?) windows shows up (please see attached file).

Is it possible to catch the "wrong pin" event?
I'm asking this since we want ask pin to the users everytime and not use CSP cached pin, and we are using this method for batch signing, when batch signing files, if the user enters the wrong pin in our application and then the correct one in the CSP window, the first file will be signed correctly, but then, since application will provide the wrong pin (from code) for the second file, the CSP windows shows up again

Any help is greatly appreciated!
Thanks!
Stefano


#32131
Posted: 02/06/2015 11:17:26
by Eugene Mayevski (EldoS Corp.)

Quote
Stefano Massone wrote:
If the user enters the wrong pin, SBB didn't catch that exception but the Windows CSP (?) windows shows up (please see attached file).


I don't see any *exception* (unfortunately). I think there's no exception and Windows just asks for the PIN without reporting any errors beforehand.

Unfortunately mechanisms to provide the PIN to the CSP are semi-documented and not standardized (i.e. some hardware drivers support this mechanism while others don't) and Windows normally asks for the PIN itself. So there's no way to flexibly control PIN entering.

The reliable alternative is to use PKCS#11 interface.


Sincerely yours
Eugene Mayevski
#32135
Posted: 02/09/2015 03:16:02
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Hello, thank you for the quick reply.

What do you mean by "use PKCS#11" ?

I've tried to use the option in tinysigner app "Use certificate from PKCS11.." but it is asking to select a .dll file, should I select the card middleware dll?

Thank you!
Stefano
#32136
Posted: 02/09/2015 03:18:40
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
should I select the card middleware dll?

Yes exactly.
#32138
Posted: 02/09/2015 05:19:21
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Thanks! I've selected this library:

"C:\WINDOWS\system32\bit4ipki.dll" (I'm using Incard as smart card type)

This actually can detect the token and list the certificates.

Weird thing is that this smart card has 2 certificates, the one i need for this kind of digital signature (Key Usage = Non-Repudiation) does not work when signing with pkcs11 interface, it throws error: Error 8219.

The same certificate works when signing in the other mode, with certificate from system store.

Any ideas?

Sincerely
Stefano
#32139
Posted: 02/09/2015 05:29:03
by Vsevolod Ievgiienko (EldoS Corp.)

Error 8219 stands for SB_MESSAGE_ERROR_KEYOP_FAILED_RSA that is returned in case when certificate can't be used for signing for some reason. Please check if any unhandled exceptions are thrown during signing.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 725 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!