How to sign with a token without entering a password
A common problem for our users is having to enter the token password every time they sign. This not only bothers, but also prevents automation. In this article, we finally bring a solution.
The first option - Single logon
A trivial and quick option is to enable the Enable single logon option in Clients settings and the Advanced tab. This means that after you enter your password, Safenet will not ask you for it again until you log out.
The second option - pushing the password in the signing command
During the signing itself, there is an option to push the token password when signing the file - then Safenet does not ask for the password with a prompt. To do this, use the /f, /csp and /k parameters; in the second one, you need to put the password together with the name of the container
Here is an example where you can find the necessary values:
- /f CERTIFICATE.cer - certificate export location from token to file (Of course, the private key cannot be exported).
- /csp - name of Cryptographic provider - you can find it in Safenet in Private key section, for example "eToken Base Cryptographic Provider"
- /k - password for token you are using for signing. Combine it with the container name; the passwrod must be enclosed in brackets as in the example below.
"[{{TokenPasswordHere}}]=KeyContainerNameHere"
Combine it together and sign
All of the above information is used in the signature command with following parameters. The signing command as a whole looks like this:
signtool sign /f "C:\Users\User\CERTIFICATE.cer" /csp "eToken Base Cryptographic Provider" /k "[{{tokenpassword}}]=Containername" /fd SHA256 /t http://timestamp.digicert.com "C:\Users\UserAPP.exe"
Signtool signs the file without asking for the password; the Safenet does not even prompt for the password.
