Aloaha Signature Service

The Aloaha Multisignator contains a dedicated Windows service to sign PDF files and to create PKCS#7 signatures. Access to the Aloaha Signature Service is given via command line interface (CLI).

The Aloaha Signature Service has been optimized for multisigning signature cards. For the PIN entry a card reader with display (Class III) should be used. It is also possible to use other card readers with PIN Pad if they have a way of signaling (for example with a beep) the start of the PIN Entry Process.

The use of the Aloaha Signature Service is quite easy. You need to use ACS.exe which can be found in the Aloaha installation folder (<program files>\wrocklage)

The command line syntax of ACS is very powerful. In case you do not find a required command, please do not hesitate to contact our support at: info@aloaha.com

More details of the Aloaha Command line Signer (ACS) can be found here.

Info

With the command "info" you can display connected card readers, inserted cards and certificates on those cards. It is suggested to activate the command "info" every time you insert a card which is not known to the system. 

Below you see a sample output of the info command:

C:\program files\wrocklage>acs -info
ReaderCount:4
0:OMNIKEY CardMan 3821 0
1:OMNIKEY CardMan 5x21 0
2:OMNIKEY CardMan 5x21-CL 0
3:SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0

Reader:0,0,-1,0,-1,-1
Reader:1,0,-1,0,-1,-1
1,0)aloaha_b564d11f02d43f43daf5ecc2a882d65d73276b25
1,1)aloaha_dac91f79cb9d3642e6b1b0a5c5f5f565ac9e7a4e

Reader:2,0,-1,0,-1,-1
Reader:3,0,-1,0,-1,-1
3,0)aloaha_19bc2dd8432df733ff381722bcd183da2e1fff2c
3,1)aloaha_6e02cc5647e15114c3f03093d04ef4626dfd7199

The above sample output lists 4 connected card readers. Reader 1 and 3 contain a smartcard with two certificates each. 

Open

The Aloaha Signature Service is specialized for multisigning signature cards. Such cards do not require a PIN for every crypto operation. For example it is possible to "open" a card for a number of signatures or for a specific time.

C:\program files\wrocklage>acs -open:3,0 -maxtime:10 -maxsignatures:10 

0:3,0,1,9,10|SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0,7148

The numbers in the answer have the following meaning:

0: return value OK
3,0: reader 3, certificate 0
1,9: 1 file signed, 9 signatures left
(1 signature of 00 bytes is required to open the card)
10: 10 minutes left
7148: process ID of signature service

Sign PDF

With the command -oop -x:p ACS submits a signature job to the Aloaha Service Signer. The option -o instructs ACS to wait until the signature has been applied and to save the signed file into the file defined by -o.

C:\program files\wrocklage>acs -oop -x:p -u:3,0 -sha2 -i:c:\test.pdf -o:c:\signedpdf.pdf
Signed file: c:\signedpdf.pdf

-oop -x:p instructs the service to apply a PDF signature
-sha2 forces are SHA256 Signature
-u:3,0 defines to use reader 3, certificate 0
-i define input file
-o wait and save to output file

Create PKCS#7

C:\program files\wrocklage>acs -oop -x:a -u:3,0 -i:c:\test.pdf -o:c:\signedpdf.p7m
Signed file: c:\signedpdf.p7m

C:\program files\wrocklage>acs -oop -x:d -u:3,0 -i:c:\test.pdf -o:c:\signedpdf.p7s
Signed file: c:\signedpdf.p7s

-oop -x:a: create attached PKCS#7 signature
-oop -x:d: create detached PKCS#7 signature

-u:3,0: use card reader 3, certificate 0
-i: inputfile
-o:outputfile

Reader status

The command reader status can be used to check how many signatures or time is left.

C:\program files\wrocklage>acs -readerstatus:3
0:3,0,2,8,9|SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0,7148

0: OK
3,0: Reader 3, Certificate 0 open
2: two signatures applied
8: 8 signatures left
9: 9 minutes left
7148: process ID of signature service

Close

The close command is being used to close an open reader/card

C:\program files\wrocklage>acs -close:3,0
0:OK