PIN cache is not flushed when signing

Forum for the PDF-XChange Editor - Free and Licensed Versions

Moderators: PDF-XChange Support, Daniel - PDF-XChange, Chris - PDF-XChange, Sean - PDF-XChange, Paul - PDF-XChange, Vasyl - PDF-XChange, Ivan - Tracker Software, Stefan - PDF-XChange

Trackerswa
User
Posts: 4
Joined: Fri Nov 09, 2007 7:59 am

PIN cache is not flushed when signing

Post by Trackerswa »

I am using PDF-XChange Editor Plus for signing PDF files digitally.
Despite the application setup is set to "flush PIN store before creating eSig" my signing password is cached (see screenshot below)!

For security reasons this behaveor is not acceptable.
How can I setup PDF-XChange Editor to NOT cache my signing password?
You do not have the required permissions to view the files attached to this post.
User avatar
Dimitar - PDF-XChange
Site Admin
Posts: 2268
Joined: Mon Jan 15, 2018 9:01 am

Re: PIN cache is not flushed when signing

Post by Dimitar - PDF-XChange »

Hello Trackerswa,

Welcome to our Forum.

May I ask what kind of device you are using to sign the documents?


Also, please tell me which version is your PDF Editor?

You can see the version number under the Help -> About menu.

Regards.
Trackerswa
User
Posts: 4
Joined: Fri Nov 09, 2007 7:59 am

Re: PIN cache is not flushed when signing

Post by Trackerswa »

Hi Dimitar,

I am using a digital certificate (pfx file created by IT staff of my company).

PDF-XChange version I am using:

[attachment=0]image.png[/attachment]
You do not have the required permissions to view the files attached to this post.
Trackerswa
User
Posts: 4
Joined: Fri Nov 09, 2007 7:59 am

Re: PIN cache is not flushed when signing

Post by Trackerswa »

In other PDF-Viewern (FoxitReader), the same certificate requires password entering with each signature.
Prerequisite: Signature format is set to CAdES equivalent.
The same setting in PDF-XChange (ie CAdES) does not prohibite PIN caching:
[attachment=0]image.png[/attachment][attachment=0]image.png[/attachment]
You do not have the required permissions to view the files attached to this post.
User avatar
Daniel - PDF-XChange
Site Admin
Posts: 11288
Joined: Wed Jan 03, 2018 6:52 pm

Re: PIN cache is not flushed when signing

Post by Daniel - PDF-XChange »

Hello, Trackerswa

I need to clear up a misconception here. The "PIN Cache" being referred to here is not something that we record in any capacity. This is the Windows Pin Cache (through the windows Crypto API) being referred to. We cannot see the contents, nor do we write anything there at all. This option simply ensures that when you begin any placement action in our software, we request windows flush that cache before the placement happens on our end, so that windows cannot provide with with a Cached pin for the certificate use process.

The same is process is very likely true of every application which makes us of certificates in this way. All of us are blind to what exactly windows does in the PIN Cache, and so we can only may open requests like this, to suggest that it handle its data in a specific way.

Kind regards,
Dan McIntyre - Support Technician
PDF-XChange Co. LTD

+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Trackerswa
User
Posts: 4
Joined: Fri Nov 09, 2007 7:59 am

Re: PIN cache is not flushed when signing

Post by Trackerswa »

Hello Daniel,
Thank you for the explanation of the PIN cache!
If I understand your comment right, PDF-XChange
[list]has no access to the content of the PIN cache,
but is able to instruct Windows to flush this cache.
[/list]
If this is true, why is it possible to execute a second electronic signature within one PDF-XChange session without entering the signature password again?
User avatar
Daniel - PDF-XChange
Site Admin
Posts: 11288
Joined: Wed Jan 03, 2018 6:52 pm

Re: PIN cache is not flushed when signing

Post by Daniel - PDF-XChange »

Hello, Trackerswa

I had to check in with the Dev team on this question to be sure, here are the words from the Horses mouth:
Ivan wrote:it is up to us to instruct Windows to reset the PIN cache, but it is also up to Windows to obey the instruction or not
In practice, this of course means that windows may decide to ignore those instructions from us, in some contexts. There is no way for us to force it, nor is there a way for us to check what has happened after making such a request.

Kind regards,
Dan McIntyre - Support Technician
PDF-XChange Co. LTD

+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com