I am using PDF-XChange Editor Plus for signing PDF files digitally.
Despite the application setup is set to "flush PIN store before creating eSig" my signing password is cached (see screenshot below)!
For security reasons this behaveor is not acceptable.
How can I setup PDF-XChange Editor to NOT cache my signing password?
PIN cache is not flushed when signing
Moderators: PDF-XChange Support, Daniel - PDF-XChange, Chris - PDF-XChange, Sean - PDF-XChange, Paul - PDF-XChange, Vasyl - PDF-XChange, Ivan - Tracker Software, Stefan - PDF-XChange
-
- User
- Posts: 4
- Joined: Fri Nov 09, 2007 7:59 am
PIN cache is not flushed when signing
You do not have the required permissions to view the files attached to this post.
-
- Site Admin
- Posts: 2268
- Joined: Mon Jan 15, 2018 9:01 am
Re: PIN cache is not flushed when signing
Hello Trackerswa,
Welcome to our Forum.
May I ask what kind of device you are using to sign the documents?
Also, please tell me which version is your PDF Editor?
You can see the version number under the Help -> About menu.
Regards.
Welcome to our Forum.
May I ask what kind of device you are using to sign the documents?
Also, please tell me which version is your PDF Editor?
You can see the version number under the Help -> About menu.
Regards.
-
- User
- Posts: 4
- Joined: Fri Nov 09, 2007 7:59 am
Re: PIN cache is not flushed when signing
Hi Dimitar,
I am using a digital certificate (pfx file created by IT staff of my company).
PDF-XChange version I am using:
[attachment=0]image.png[/attachment]
I am using a digital certificate (pfx file created by IT staff of my company).
PDF-XChange version I am using:
[attachment=0]image.png[/attachment]
You do not have the required permissions to view the files attached to this post.
-
- User
- Posts: 4
- Joined: Fri Nov 09, 2007 7:59 am
Re: PIN cache is not flushed when signing
In other PDF-Viewern (FoxitReader), the same certificate requires password entering with each signature.
Prerequisite: Signature format is set to CAdES equivalent.
The same setting in PDF-XChange (ie CAdES) does not prohibite PIN caching:
[attachment=0]image.png[/attachment][attachment=0]image.png[/attachment]
Prerequisite: Signature format is set to CAdES equivalent.
The same setting in PDF-XChange (ie CAdES) does not prohibite PIN caching:
[attachment=0]image.png[/attachment][attachment=0]image.png[/attachment]
You do not have the required permissions to view the files attached to this post.
-
- Site Admin
- Posts: 11288
- Joined: Wed Jan 03, 2018 6:52 pm
Re: PIN cache is not flushed when signing
Hello, Trackerswa
I need to clear up a misconception here. The "PIN Cache" being referred to here is not something that we record in any capacity. This is the Windows Pin Cache (through the windows Crypto API) being referred to. We cannot see the contents, nor do we write anything there at all. This option simply ensures that when you begin any placement action in our software, we request windows flush that cache before the placement happens on our end, so that windows cannot provide with with a Cached pin for the certificate use process.
The same is process is very likely true of every application which makes us of certificates in this way. All of us are blind to what exactly windows does in the PIN Cache, and so we can only may open requests like this, to suggest that it handle its data in a specific way.
Kind regards,
I need to clear up a misconception here. The "PIN Cache" being referred to here is not something that we record in any capacity. This is the Windows Pin Cache (through the windows Crypto API) being referred to. We cannot see the contents, nor do we write anything there at all. This option simply ensures that when you begin any placement action in our software, we request windows flush that cache before the placement happens on our end, so that windows cannot provide with with a Cached pin for the certificate use process.
The same is process is very likely true of every application which makes us of certificates in this way. All of us are blind to what exactly windows does in the PIN Cache, and so we can only may open requests like this, to suggest that it handle its data in a specific way.
Kind regards,
Dan McIntyre - Support Technician
PDF-XChange Co. LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
PDF-XChange Co. LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
-
- User
- Posts: 4
- Joined: Fri Nov 09, 2007 7:59 am
Re: PIN cache is not flushed when signing
Hello Daniel,
Thank you for the explanation of the PIN cache!
If I understand your comment right, PDF-XChange
[list]has no access to the content of the PIN cache,
but is able to instruct Windows to flush this cache.
[/list]
If this is true, why is it possible to execute a second electronic signature within one PDF-XChange session without entering the signature password again?
Thank you for the explanation of the PIN cache!
If I understand your comment right, PDF-XChange
[list]has no access to the content of the PIN cache,
but is able to instruct Windows to flush this cache.
[/list]
If this is true, why is it possible to execute a second electronic signature within one PDF-XChange session without entering the signature password again?
-
- Site Admin
- Posts: 11288
- Joined: Wed Jan 03, 2018 6:52 pm
Re: PIN cache is not flushed when signing
Hello, Trackerswa
I had to check in with the Dev team on this question to be sure, here are the words from the Horses mouth:
Kind regards,
I had to check in with the Dev team on this question to be sure, here are the words from the Horses mouth:
In practice, this of course means that windows may decide to ignore those instructions from us, in some contexts. There is no way for us to force it, nor is there a way for us to check what has happened after making such a request.Ivan wrote:it is up to us to instruct Windows to reset the PIN cache, but it is also up to Windows to obey the instruction or not
Kind regards,
Dan McIntyre - Support Technician
PDF-XChange Co. LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
PDF-XChange Co. LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com