<link>http://ncryptoki.com/forum.aspx</link> <description /> <docs>http://www.rssboard.org/rss-specification</docs> <generator>mojoPortal Forum module</generator> <item> <title>Re: eToken 5110 CC and encrypted private key http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=335~-1#post1198 Mira http://ncryptoki.com/Forums/Thread.aspx?pageid= Wed, 18 May 2022 19:00:12 GMT eToken 5110 CC and encrypted private key Hello.

I'm evaluating NCryptoki and I have a "problem" with avoiding the Digital Signature PIN dialog when signing PDF documents using eToken 5110 CC.

There are two modes of this device:

* unlinked mode (uses 4 different passwords - User/Token Password, Digital Signature PIN, Administrator Password, Digital Signature PUK)

* linked mode (uses 2 different passwords - User/Token Password, Administrator Password), in this case Token Password equals to Digital Signing PIN and PUK is derived from Administrator Password

Our token uses unlinked mode so I have one user password (4 digits) to unlock the token and the second user password (6 digits as Digital Signature PIN) to sign the PDF document. That second user password is used when signing the PDF document using the Acrobat Reader for example.

 

It seems to be impossible to avoid the Digital Signature PIN dialog.

The first user password (to unlock the token) is passed here:

    int nRes = session.Login(Cryptware.NCryptoki.Session.CKU_USER, "1234");

That's ok.

 

But where to write the second user password to NCryptoki to be passed to unmanaged library (eToken.dll) upon accessing the private key?

I use custom IExternalSignature object where I search for the proper certificate and use its private key:

    class CryptokiPrivateKeySignature : IExternalSignature
    {

        ... 

        public byte[] Sign(byte[] message)
        {
            session.SignInit(Cryptware.NCryptoki.Mechanism.SHA1_RSA_PKCS, privateKey);
            return session.Sign(message);
        }

    }

 

Each time the Sign(message) is invoked the dialog for entering the second user password appears... :-(

Maybe there is RSA key secondary authentication on my token? What can I do then?

Maybe eToken 5110 CC (Common Criteria) and its library doesn't allow to pass the private key password programmatically?

Thank you very much for your response.

Mirek

 

PS: If you would like I can paste my code used to sign the document.

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=335~-1#post1171 Mira http://ncryptoki.com/Forums/Thread.aspx?pageid= Fri, 07 Sep 2018 12:14:55 GMT