Re: [SignServer-develop] PKCS#11 token / PIN

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 06/08/2017 06:18 PM, Khadija Ferjani wrote:
> Hello all,
> 
> I'm using SignServer 3.7.0 to sign documents.
> I'd like to know if it is possible to activate/use a Signer (a
> XAdESSigner for example) with a PKCS11CryptoToken without the PIN of the
> private key.
> Is it possible that the signer sends the PIN as a signature parameter
> using web services ?
> 
> -- 
> Best regards,
> 
> Khadija FERJANI
> 

Hi Khadija,

Currently it is not possible to send the token password with a sign
request. Instead the token is activated using any of the admin
interfaces or being auto-activated (=password stored in the
configuration) and then the token stays active.

Even if one would add support for getting the token password from the
request, after the first request the token would likely stay open due to
the then open PKCS#11 sessions.

Cheers,
Markus
PrimeKey Solutions

Save time and money with an Enterprise support subscription. Please see
www.primekey.com for more information.
https://www.primekey.com/products/software/