Versions Compared

Old Version 1

changes.mady.by.user Josefin Klang

Saved on

compared with

New Version Current

changes.mady.by.user Josefin Klang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This article includes updates for Smart ID 23.04.4. 


Separate signature slots containing a signature certificate, protected by an additional PIN, is an additional security measure, typically used for Qualified Electronic Signatures(QES). Currently, Identity Manager supports the signature slot for the following middleware:

...

  • Idopte  (since Identity Manager 23.04.4)

In this article you can find general information regarding signature slot. For use cases for a specific middleware, follow the links above.

Prerequisites

Expand
titlePrerequisites

A token that supports the signature slot. For details, see the section referring to the signature slot in the middleware pages linked above.

Use cases

Expand
titleWrite to the signature slot

To explicitly select the signature slot as a target for your application, use the Location keyword in the respective Application_* section. Location supports only one value: Signature. Any other value will point to the default slot, as will omitting the Location keyword altogether. The value can either be hard coded in the encoding description (e.g. Location=#Signature) or it can reference a field (for example, Location=LOCATION_FIELD)

In the following example a certificate is written to the default slot (authenticated by PIN), one to the signature slot (authenticated by SignPIN) and one's location is determined at runtime by the field LOCATION_FIELD.

Code Block
title Explicitly selecting slots
[Fields]
PIN=
SIGN_PIN=
LOCATION_FIELD=
  
[Description]
PKCS11Library=yourMiddleware.dll
ApplicationList=ABC
# Default slot credentials
PIN=PIN
# Signature slot credentials
SignPIN=SIGN_PIN

[Application_A]
# Write a certificate to the default slot
KeySize=2048
CertTempl=myAuthCertTemplate
 
[Application_B]
# Write a certificate to the signature slot
KeySize=2048
CertTempl=myAuthCertTemplate
Location=#signature
 
[Application_C]
# Determine the slot to Write a certificate using process variables
KeySize=2048
CertTempl=mySigCertTemplate
Location=LOCATION_FIELD



Expand
titleChange signature slot credentials

The PINs for the signature slot can be changed similarly to the standard P11 PIN/PUK handling, but with different keywords:

Standard P11 PIN/PUK keywordsSignature PIN/PUK keywords

PIN

SignPIN
PUK SignPUK
InitialPUKInitialSignPUK
Pin_ValidationSignPin_Validation

Examples

Code Block
titleExample: Change signature PUK and signature PIN using field values
[Fields]
OLD_SIGN_PUK=
NEW_SIGN_PUK=
NEW_SIGN_PIN=
 
[Description]
PKCS11Library=yourMiddleware.dll
SetPin=true
InitialSignPUK=OLD_SIGN_PUK
SignPUK=NEW_SIGN_PUK
SignPIN=NEW_SIGN_PIN


Code Block
titleExample: Change signature PIN by entering old and new values. PIN must be at least 4 digits long
[Description] PKCS11Library=yourMiddleware.dll
SetPin=true
SignPIN=!FROM_USER_DIALOG_3_FIELD
SignPin_Validation=reg_exp([0-9]{4,})

...


Related information