Signtool usage with Nitrokey HSM

Hi,

now I managed it to do the signing without extracting the certificate:

signtool.exe sign /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 /n "CodeSignTest" test.exe

Now I only have to solve how to automate the pin request. Other tokens have the option “single sign on”, so you only have to enter the pin one time, until it is unplugged.

Is there something like that available here too?

Hi,
Did you find a way to implement a “single sign on”?

Hi @zohars,

I automated the pin request with an AutoIt script. It is searching every 10 seconds for a dialog “Windows-Sicherheit” and then entering the Pin “123456”.

But problem currently: The windows session must be active and may not be locked. The signing cannot run as a “service”, it must be in the same session.

#Include <WinAPI.au3>


Local $hWnd, $iCmp, $sClassName = ""

While(True)
	If WinExists("Windows-Sicherheit") Then
		EnterPin("Windows-Sicherheit")
	EndIf
	Sleep(10000)
WEnd


Func EnterPin($promptTitle)
	$hWnd = WinGetHandle($promptTitle)
		$sClassName = _WinAPI_GetClassName(WinGetHandle($hWnd))
		$iCmp = StringCompare($sClassName, "Credential Dialog Xaml Host")
		if ($iCmp = 0) Then
			WinActivate($hWnd)

			Send("123456{ENTER}")
		EndIf
EndFunc

Thank you for the quick response.
I hope that in the future there will be a better mechanism then having a script which insert the pin to the UI window.
I’ve found a similar post - Nitrokey HSM n-of-m Authentication so I guess that I’ll check for updates