Signing PDF and pincode for smartcard

[rlagrange]

Hi,

We successfully sign document using a smartcard and gdpicture.
However, it look like the pincode is only asked once for the process lifetime, and not at each document signing, or gdpicturepdf instance, even when using a blank pincode : "oGdPicturePdf.SigSetCertFromSmartCardBySerialNumber(cert.CertificateSerialNumber, string.Empty);"

It's a usefull feature, but legal wise problematic : you have to prove the intent of the user to sign the document.
Not requiring the pincode could break this aspect, and be legally attacked.

Is it possible to have an option to overwrite this behavior ?
Thanks

[delbeke]

Hi
I'll have a look for that. But I am in vacancies in August.

Best regards
Jean-Luc

[delbeke]

Hi rlagrange
I have made some tests and the pin code is asked every time a signature is created if a blank picode is provided.
Perhaps it's a hardware problem.
Can you provide a small snipet reproducing the problem
Best regards.
Jean-Luc

[rlagrange]

Hi

I reproduce the issue with this code :

Code: Select all

class Program
    {
        private const string GDPICTURE_LICENCE_KEY = "TTTT"; // CLEF V14

        const string inPath = @"C:\Users\rlagr\OneDrive\Documents\Analyse VTC.pdf";
        const string outPath = @"C:\Users\rlagr\OneDrive\Documents\Analyse VTC_SIGNED.pdf";

        const string certSerialNumber = "0099d4464f4865dff92e860dd7";

        static void Main(string[] args)
        {
            GdPicture14.LicenseManager lm = new GdPicture14.LicenseManager();
            lm.RegisterKEY(GDPICTURE_LICENCE_KEY);

            using (var pdf = new GdPicturePDF())
                OpenAndSign(pdf);

            using (var pdf = new GdPicturePDF())
                OpenAndSign(pdf);
        }

        private static void OpenAndSign(GdPicturePDF pdf)
        {
            pdf.LoadFromFile(inPath, true);
            pdf.SigSetCertFromSmartCardBySerialNumber(certSerialNumber, string.Empty);
            pdf.SigSetCertificationLevel(PdfSignatureCertificationLevel.NoChanges);
            pdf.SigSetSignatureInfos("Test", "test", "test", "test");

            if (File.Exists(outPath)) File.Delete(outPath);
            pdf.SigSign(outPath, PdfSignatureMode.PdfSignatureModeAdobeCADES, false);

            pdf.CloseDocument();
        }
    }

The pincode is asked only once with my hardware. Same behavior if I choose two differents input file.

[delbeke]

Hi rlagrange.
Your code is good.
I do not understand why the pin code is buffered. This do not happens on my side.
Not sure about that but perhaps you can try this (on mys side it change nothing).
pdf.SigSetCertFromSmartCardBySerialNumber(certSerialNumber, "");
After that , you can test a removal of the smat card between signing the pdfs to ensure the pin code is resetted in this case.

Best regards.
Jean-Luc

[rlagrange]

Ok, it should be something in the Oberthur middleware, who don't close the smartcard login token while the process has not ended (or maybe after a timeout period)
I though it was something in GdPicture, so nevermind.

Thank you for taking the time to test this case.
Regards,
Romain Lagrange

[delbeke]

Hi rlagrange

Thanks for the return. For our personal information, can you send us informations about solving your problem ?
Thanks you very much.
Best regards.

Jean-Luc