Use Signature slot in Identity Manager

A token that supports the signature slot. For details, see the section referring to the signature slot in the middleware pages linked above.

To explicitly select the signature slot as a target for your application, use the Location keyword in the respective Application_* section. Location supports only one value: Signature. Any other value will point to the default slot, as will omitting the Location keyword altogether. The value can either be hard coded in the encoding description (e.g. Location=#Signature) or it can reference a field (for example, Location=LOCATION_FIELD)

In the following example a certificate is written to the default slot (authenticated by PIN), one to the signature slot (authenticated by SignPIN) and one's location is determined at runtime by the field LOCATION_FIELD.

[Fields]
PIN=
SIGN_PIN=
LOCATION_FIELD=
  
[Description]
PKCS11Library=yourMiddleware.dll
ApplicationList=ABC
# Default slot credentials
PIN=PIN
# Signature slot credentials
SignPIN=SIGN_PIN

[Application_A]
# Write a certificate to the default slot
KeySize=2048
CertTempl=myAuthCertTemplate
 
[Application_B]
# Write a certificate to the signature slot
KeySize=2048
CertTempl=myAuthCertTemplate
Location=#signature
 
[Application_C]
# Determine the slot to Write a certificate using process variables
KeySize=2048
CertTempl=mySigCertTemplate
Location=LOCATION_FIELD

The PINs for the signature slot can be changed similarly to the standard P11 PIN/PUK handling, but with different keywords:

Examples

[Fields]
OLD_SIGN_PUK=
NEW_SIGN_PUK=
NEW_SIGN_PIN=
 
[Description]
PKCS11Library=yourMiddleware.dll
SetPin=true
InitialSignPUK=OLD_SIGN_PUK
SignPUK=NEW_SIGN_PUK
SignPIN=NEW_SIGN_PIN

[Description] PKCS11Library=yourMiddleware.dll
SetPin=true
SignPIN=!FROM_USER_DIALOG_3_FIELD
SignPin_Validation=reg_exp([0-9]{4,})