You need at least version 20.11.1 of Smart ID Identity Manager. Encoding is supported both through JPKIEncoder and Smart ID Desktop App.

This SITHS card model is supported:

• GEMALTO IDPrime SIS

Version 6.8.2.38 of the Secmaker middleware is supported. Note that the 64 bit DLL supplied in the installer is incompatible and a special build has to be used instead (download link supplied below).

Architecture	DLL	Supported	Notes
32 bit	idp11.dll		included in installer
64 bit	idp11.dll		included in installer, widely incompatible with third-party software due to use of 64 bit U_LONG type - avoid this one!
64 bit	iidxp11_u32.dll		ULONG_32 build, download 6.8.2.38-iidxp11_u32.dll and copy to C:\Program Files\Net iD\iidxp11_u32.dll

We support requesting exactly one additional certificate per SITHS card (in addition to those certificates already present).

This certificate will be written to the identification slot of the card - other slots are not supported. The identification PIN must be used.

It is mandatory that this certificate has unique key usage flags, unlike any other certificate on the same slot, if later deletion via Identity Manager is desired.

1. Define like this in the encoding description:
   

   Code Block

   ... [Description] PKCS11LibraryWindows32=C:/Program Files (x86)/Net iD/iidp11.dll # path to ULONG_32 build of the DLL PKCS11LibraryWindows64=C:/Program Files/Net iD/iidxp11_u32.dll ApplicationList=A # note: replace example PIN definition PIN=#000000 [Application_A] # set your cert template here CertTempl=CERT_TEMPLATE_NAME_GOES_HERE # we do not support writing CA certificates, so always set StoreUserCertOnly to true StoreUserCertOnly=true # we must use an existing key pair UseExistingKeyPair=true # we must read the existing key ID ReadExistingPublicKeyID=true # cert label must be "identification" LabelTemplate=fixtext=identification # we must use the public key with the label "idenfification" ObjectCriteria=CKO_PUBLIC_KEY,CKA_LABEL,string,"identification" # we must return the public key to a field PubKeyReturnField=FIELD_NAME_FOR_PUBLIC_KEY_GOES_HERE

We support deletion of certificate(s) from the identification slot of the card by specifying the unique key usage flags of the certificate(s) to be removed.

Deletion from other slots is not supported. The identification PIN must be used.

1. Define like this in the encoding description:
   

   Code Block

   ... [Description] PKCS11LibraryWindows32=C:/Program Files (x86)/Net iD/iidp11.dll # path to ULONG_32 build of the DLL PKCS11LibraryWindows64=C:/Program Files/Net iD/iidxp11_u32.dll ApplicationList=A # note: replace example PIN definition PIN=#000000 [Application_A] # activate deletion DeleteCertKeyObjects=true # do not delete key, only the cert DeleteCertsOnly=true # the key usages here are just an example! they must UNIQUELY match only those certificates you wish to delete! # the following line would only match those certs that have # both keyEncipherment and dataEncipherment, but no other key usages set: DeleteCertKeyObjectsCriteria=Key_Usage(keyEncipherment,dataEncipherment)