search

Fedict / eid-mw

eID Middleware (main repository)
GNU Lesser General Public License v3.0
202 stars 78 forks source link

Signature dialog - Consume PIN collected through external prompt #189

Closed saxomoose closed 1 year ago

saxomoose commented 1 year ago

Thank you for this open source project.

OS: Microsoft Windows 11 Education - 10.0.22621 Build 22621 eid-mw version: Belgium e-ID middleware 5.1.8 (build 6030)

For my project, I use a native component (web-eid-app) to prompt the user for his PIN when applying his signing certificate. That component relies on eid-mw when interacting with Belgian eids. At present, 2 prompts are triggered during signature. To have a consistent user experience, I would like to rely only on the Qt prompt of web-eid-app.

From the README , I understand that it is possible to disable dialogs if you build the middleware manually. I installed the middleware via winget. I assume that most (Windows) users install eid-mw via the installer available online. Is there any way to configure the middleware after installation to disable the prompt?

saxomoose commented 1 year ago

I understand that it is not possible to disable the PIN prompt after install.

Assuming that I would build a custom version of the middleware using ./configure --enable-dialogs=no, would eid-mw be able to consume a PIN collected by a previous prompt (in this case by the Qt prompt of web-eid-app)?

If so, could you point me in the right direction to implement this?

Posted also on the google group

yoe commented 1 year ago

Hi!

I understand that it is not possible to disable the PIN prompt after install.

That's correct. Dialogs are either enabled or not; you can't disable dialogs once they were compiled in, as that would defeat the purpose of them being there.

Assuming that I would build a custom version of the middleware using ./configure --enable-dialogs=no, would eid-mw be able to consume a PIN collected by a previous prompt (in this case by the Qt prompt of web-eid-app)?

That's not how you build the dialogs on Windows (you build them using the "build_all.bat" script under scripts\windows).

That said, if the dialogs are disabled, then you need to specify the PIN code at C_Login time, with the pPin parameter (see doc\sdk\documentation\pkcs11-base-v2.40.pdf, page 86).

Since this isn't an actual bug, closing now.

Kind regards,