Archived Forum Post

Index of archived forum posts

Question:

Certificate A3 / PKCS7

Oct 07 '16 at 19:32

I would like to see an example of Delphi code accessing the store windows and selecting the A3 certificate that is in the smartcard / token and entering the pin A3 certificate to later sign a file in any format pkcs7. I have seen examples of delphi code but none gives the opportunity to select the A3 certificate.


Answer

These problems are difficult because I can say what SHOULD be the case, but given the complexity of the subject matter, it's always possible what I say is not true. That being said...

If the A3 certificate is installed on the Windows system properly, where the private key resides on the smartcard, then from the application's point of view, it should work exactly the same (with certain caveats) as for certificates w/ private keys stored in the Windows Protected Store.

Many years ago, Chilkat originated on Windows, and the PKCS7 (signing/encrypting) functionality was handled by the Microsoft Crypto API. Eventually, Chilkat implemented all of this directly to be free to move to other operating systems. However, the Crypto API internals still exist because if the private key is not "exportable", meaning accessible to a program, and instead a CSP must be used, then Chilkat (internally) falls back to use the Crypto API. When it falls back to the Crypto API, it should automatically use the designated CSP for the private key (assuming it was installed properly),and thus the smartcard provider's CSP will automatically get used.

The caveats are these: since Chilkat is using the Crypto API in these cases, the functionality is limited to what is supported by the Crypto API. If some sort of feature is required that Crypto API does not support, then Chilkat cannot resolve the problem.